DEVELOPMENT OF AN INFORMATION MANAGEMENT PROGRAM SECURITY IN THE 1C: ENTERPRISE 8.3 CONFIGURATION

E. Golovkova
{"title":"DEVELOPMENT OF AN INFORMATION MANAGEMENT PROGRAM SECURITY IN THE 1C: ENTERPRISE 8.3 CONFIGURATION","authors":"E. Golovkova","doi":"10.36629/2686-7788-2023-1-16-2","DOIUrl":null,"url":null,"abstract":"An integrated approach to information security management is presented in the form of processes on the decomposition diagram of the IDEF0 model. The analysis of possible damage to information assets is recommended to be carried out according to two groups of criteria with the involvement of experts, based on qualitative scales. Expert analysis of information security threats and vulnerabilities through which they can be implemented is proposed to be carried out in conjunction with the use of qualitative scales, taking into account the presence of implemented control mechanisms in the organization. The results of the analysis are expressed in the form of the total level of the vulnerability group. A matrix for determining the magnitude of information security risk is constructed. The obtained qualitative estimates are compared with the quantitative indicator of the average annual damage and calibrated. As a marker of the effectiveness of protective mechanisms, it is proposed to choose the return on investment ratio. In order to increase the efficiency and convenience of conduct-ing an expert assessment of information security risks, automating the processing of the results ob-tained during the examination, as well as calculations on which the decision-maker can rely, a program was created in the configuration 1C: Enterprise 8.3","PeriodicalId":361424,"journal":{"name":"Scientific Papers Collection of the Angarsk State Technical University","volume":"79 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-07-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Scientific Papers Collection of the Angarsk State Technical University","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.36629/2686-7788-2023-1-16-2","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0

Abstract

An integrated approach to information security management is presented in the form of processes on the decomposition diagram of the IDEF0 model. The analysis of possible damage to information assets is recommended to be carried out according to two groups of criteria with the involvement of experts, based on qualitative scales. Expert analysis of information security threats and vulnerabilities through which they can be implemented is proposed to be carried out in conjunction with the use of qualitative scales, taking into account the presence of implemented control mechanisms in the organization. The results of the analysis are expressed in the form of the total level of the vulnerability group. A matrix for determining the magnitude of information security risk is constructed. The obtained qualitative estimates are compared with the quantitative indicator of the average annual damage and calibrated. As a marker of the effectiveness of protective mechanisms, it is proposed to choose the return on investment ratio. In order to increase the efficiency and convenience of conduct-ing an expert assessment of information security risks, automating the processing of the results ob-tained during the examination, as well as calculations on which the decision-maker can rely, a program was created in the configuration 1C: Enterprise 8.3
在1c:企业8.3配置下的信息管理程序安全开发
在IDEF0模型的分解图上,以过程的形式提出了一种集成的信息安全管理方法。建议根据两组标准,在专家的参与下,根据质量尺度,对信息资产可能受到的损害进行分析。专家分析的信息安全威胁和漏洞,通过它们可以实现,建议结合使用定性尺度,考虑到在组织中实施的控制机制的存在。分析结果以漏洞组总级别的形式表示。构造了确定信息安全风险大小的矩阵。将所得的定性估计值与年平均损失量的定量指标进行了比较,并进行了校正。建议选择投资收益率作为保护机制有效性的标志。为了提高对信息安全风险进行专家评估的效率和便利性,自动化处理审查过程中获得的结果,以及决策者可以依赖的计算,在配置1C: Enterprise 8.3中创建了一个程序
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信