Information security management system of a corporate network

.Be approved by management;security policy or policies specifies particular information security control objectives or requirements in one or more documents.

Information security management system of a corporate network

Дипломная работа

Компьютеры, программирование

Другие дипломы по предмету

Компьютеры, программирование

Сдать работу со 100% гаранией
to information security. System analysis of the information security state from multiple perspectives became possible. Production of personalised post instructions directly from initial normative documents became available.are provided for the implementation of the developed system at the enterprises. The practical value of the product is supported by approbation.SECURITY MANAGEMENT SYSTEM, ISMS, MATRIX, SYSTEM APPROACH TO INFORMATION SECURITY, ISO27K, ГСТУ СУІБ

Аннотация

 

Домарев Д.В. Система управления информационной безопасностью корпоративной сети: магистерская работа / Домарев Дмитрий Валериевич, Национальный авиационный университет, факультет Компьютерных систем, кафедра Компьютерных систем и сетей. - Киев 2011. - 114 с., 23 рис., 1 табл., 6 прил., 16 библ.

В работе применен системный подход к информационной безопасности в качестве универсальной модели процессов информационной безопасности. Представлена математическая модель полумарковского процесса для использования в моделировании систем защиты информации. Проведен аналитический обзор нормативных документов и решений с целью определения требований к эффективной системе управления информационной безопасностью. Выполнено экспериментальное внедрение системы в процессе разработки для испытания предлагаемых функций. Сделаны количественные оценки улучшений при применении разработанной системы. Приведен перечень проблем, решаемых применением разработанной системы.

В результате проведенных исследования и разработки, в предлагаемой системе управления информационной безопасностью системный подход к информационной безопасности впервые применен в управлении. Информация в базе данных системы структурирована согласно системному подходу к информационной безопасности. Сделано возможным проведение системного анализа состояния информационной безопасности с различных точек зрения. Обеспеченно создание личных должностных инструкций напрямую из первичных нормативных документов.

Приведены рекомендации относительно внедрения и использования разработки на предприятиях. Практическая ценность подтверждена апробацией.

СИСТЕМА УПРАВЛЕНИЯ ИНФОРМАЦИОННОЙ БЕЗОПАСНОСТЬЮ, СУИБ, МАТРИЦА, СИСТЕМНЫЙ ПОДХОД К ИНФОРМАЦИОННОЙ БЕЗОПАСНОСТИ, ISO27K, ОСТУ СУИБ

 

Contents

 

LIST OF TERMS AND ABBREVIATIONS1. INFORMATION SECURITY MANAGEMENT IN CORPORATE NETWORKS

.1 IS management standards development

.1.1 The ISO/IEC 27000-series

.1.2 The ISO/IEC 27001

.1.3 The ISO/IEC 27002

.1.4 The national peculiarities of the IS management standards

.2 IS management standards according to the system approach to IS

.2.1 General position of legal documents in the system approach

.2.2 The scope of ГСТУ СУІБ 1.0/ISO/IEC 27001:2010

.2.3 The scope of ГСТУ СУІБ 2.0/ISO/IEC 27002:2010

.3 IS management solutions overview

.4 Modern IS management solutions

.4.1 Analytical overview of the existent solutions

.4.2 The most integrated existent IS management solution

.4.3 Common problems of the existent solutions

.5 Mathematical model of IS

.5.1 General description of the ISS model

.5.2 Semi-Markov process definition

.5.3 ISS state as a semi-Markov process

.5.4 Application of semi-Markov processes in ISS development

.5.5 Application of semi-Markov processes in ISS state descriptionto section2. DEFINITION OF THE EFFECTIVE ISMS FEATURES

.1 The mandatory ISMS documents

.2 Content management system for an isms

.3 The information security metrics

.4 Internal audit capabilitiesto section3. INFORMATION SECURITY MANAGEMENT SYSTEM MATRIX

.1 Purpose of the ISMS

.2 General description of the ISMS

.3 Improvements provided by the ISMS

.4 Structure of the ISMS

.4.1 Structure overview

.4.2 Classifying elements

.4.3 Main data storages

.4.4 Program modules

.5 Interfaces of the ISMS

.6 Operation of the ISMS

.6.1 Filling recommendations

.6.2 Reporting

.6.3 Risk assessment

.6.4 Information security policy formationto sectionA. Deduction hierarchy of ISS security level estimationB. The solutions of the problems in analogous products by ISMS MatrixC. Database schemeD. Excerpt of the IS policy formed by the productE. Program module of the shared ISMS functions (listing)F. Program module of the ISMS report (listing)

LIST OF TERMS AND ABBREVIATIONS

 

EGRCEnterprise governance, risk and compliance.Governance, risk and compliance (GRC)An integrated approach adopted by organisations including multiple overlapping and related activities within these three areas, e.g. internal audit, compliance programs, enterprise risk management, operational risk and incident management, etc.GRCMGovernance, risk and compliance management.Information security (IS)Preservation of confidentiality, integrity and availability of information. In addition, other properties, such as authenticity, accountability, non-repudiation, and reliability can also be involved [1].Information security controlMeans of managing risk, including policies, procedures, guidelines, practices or organisational structures, which can be administrative, technical, management, or legal in nature.Information security system (ISS)Aggregate of security mechanisms that implement the defined rules and satisfy the defined requirements [2].Information security management system (ISMS)Part of the overall management system, based on a business risk approach, to establish, implement, operate, monitor, review, maintain and improve information security [3].INTRODUCTION

 

On October 28th 2010, the National bank of Ukraine introduced the two branch standards in information security management [5]. The documents [3, 4] are in fact replications of the ISO/IEC 27001 and ISO/IEC 27002 international information security management standards that define the requirements and rules of development of information security management systems.regulation 474 of the National bank of Ukraine was passed according to the article 7 of Law of Ukraine About the National bank of Ukraine, article 10 of Law of Ukraine, About information security in the information telecommunication systems and article 10 of Law of Ukraine About standardisation, with the purpose to strengthen the information security in the Ukrainian banking system [5].addition to mentioned above, the trend of attraction of foreign investments forces commercial organisations to introduce international management standards, and information security management standards in particular.facts explain the rise in demand for the introduction of international information security management standards in Ukrainian banks and commercial organisations.methodical instrument described in this work facilitates the introduction of international standards by providing a methodical apparatus of optimization of network parameters and structure.

Purpose and objectives of the investigation

The aim of the presented work is to define and develop the effective information security management system (ISMS) for a corporate network.

Investigation object of the presented work is the information security management in a corporate network.

Investigation subject of the presented work is the ISMS.

Investigation methods used in the research are the following:

1.System approach to IS by V.V. Domarev [2] for quantitative and qualitative estimation of the IS management efficiency;

2.Semi-Markov processes as the mathematical model of IS processes;

.Analytical overview of the legal documents to form the general demands to corporate IS management;

.Analytical overview of the existent IS management solutions to define the effective functions of an ISMS;

.Experimental implementation of the product during the development process.

Scientific novelty of the results

The ISMS Matrix has the following elements of scientific novelty.

1.The system approach to IS is applied in management for the first time.

Before the creation of the product, the system approach to IS was applied only in theoretical spheres. The examples of such applications are ISS high-level structure planning and ISS efficiency estimation. These applications are very important, but most businesses consider them too expensive in terms of money return. The ISMS Matrix applies the system approach to IS in practical operational management, which is more attractive for business applications, thus providing higher rates of investments return in case of deployment at enterprises.

2.The data elements are classified according to the system approach to IS, which allows uniting knowledge and current tasks in a single systematised framework.

The sets of values in each of the classifying elements are formed by the end users for the target organisation or the considered document, so the obtained system complies both with the system approach to IS and the business processes of the target organisation, having the structure matching the system approach and the filling matching the target organisation and considered documents.

3.System analysis of the IS state can be performed from multiple perspectives.

The proposed product is intended to facilitate the introduction of international standards. The final stage of any standard implementation is certification process, involving wide audit of compliance. It is known that different inspections analyse the enterprise IS sate from different perspectives, so theoretically, to pass the audit for several standards simultaneously, the organisation has to perform several analyses. The ISMS Matrix provides the systematisation of knowledg

Похожие работы

< 1 2 3 4 5 6 > >>