Methods for assessing the level of security of software of automated systems of internal affairs bodies and directions for their improvement

Abstract

Objective. The purpose of the article is to analyze existing methods and procedures used to assess the level of software security of automated systems, based on a study of scientific literature, international and industry standards of the Russian Federation on information security of automated systems, guidelines and methodological documents of the Federal Service for Technical and Export Control Russia, as well as departmental orders on the protection of information from unauthorized access at informatization facilities of internal affairs bodies. Method. To achieve this goal, the method of system analysis of approaches used in assessing the level of software security in automated systems was used. Result. The results of an analysis of the main approaches to assessing the level of software security in automated systems are presented. The expediency of combining the considered approaches to carry out a quantitative assessment of the level of software security at informatization facilities of internal affairs bodies in real time, taking into account vulnerabilities in the software used, is substantiated. Conclusion. The results obtained can be used to generate indicators of the level of software security in automated systems of internal affairs bodies and to develop methods for their calculation taking into account the time factor.