METHOD OF INFORMATION SECURITY MANAGEMENT SYSTEMS FUNCTIONAL ANALYSIS

Abstract

The process of functional analysis of information security management systems was considered. The relevance of their presentation with many interrelated functions with internal and external interfaces is shown. Taking this into account, the methods of functional analysis of information security management systems are analyzed. Among them, graphic notation IDEF0 is highlighted. This choice is based on the ability to display both interfaces of functions and the conditions and resources of their execution. The orientation of the graphic notation IDEF0 use is established mainly for the presentation of the international standards ISO/IEC 27k series, the display of the main stages of the information security management systems life cycle, the development of individual elements of information security management systems, in particular, risk management. These limitations have been overcome by the method of information security management systems in functional analysis. This was preceded by the definition of the theoretical foundations of this method. Its use allows to allocate their functions at both levels of the system, and levels of its structural elements (subsystems, complexes, components). To do this, define the purpose, viewpoint and establishes information security management as the main activity. It is represented by a set of hierarchically related functions that are represented by a family tree. Each function of this tree defines incoming, outgoing data, management, and mechanisms. This makes it possible to establish their consistency with the organizational structure at the “activity-system”, “process-subsystem”, “operation-module (complex)” and “action-block (component)” levels. In future studies, it is planned to define a hierarchy of functions and develop a logical structure of information security management systems based on the proposed method of functional analysis.