Protection of the information resources of a library based on analysis of business processes

Abstract

This paper justifies the relevance of the reliable protection of information and the development of measures to reduce information risks in libraries with comprehensive information resources. A brief description of the objects of protection and the main threats, including those that are related to the processing of personal data, is provided. It is alleged that analysis of models of the business processes of a library makes it possible to track the impacts of changes on many aspects of information security. The position of the information system for security analysis of the business process in the overall system of information security is determined. Steps for the formalization and updating of the rights of access to information resources of a library are illustrated. It is emphasized that the basic document for information-security risk management is a threat model that reflects the data on sources of threats and vulnerabilities of the system, impacted objects, and a number of other parameters. A block diagram that illustrates the process of analyzing the threats and vulnerabilities and a knowledge meta-model for the management of information-security risks are provided. It is concluded that based on the relationship of business processes that are reflected in a formal notation it is possible to automatically obtain the data on the degree of influence of security aspects of information objects of a particular sub-process on the results of business processes of a higher level, and as a result, on the achievability of the purposes of an organization.