{"title":"关键信息基础设施信息安全水平监测方法研究","authors":"I. Livshitz, Andrew Baksheev","doi":"10.21681/2311-3456-2022-6-40-52","DOIUrl":null,"url":null,"abstract":"Purpose of work is to analyze the existing practices of performing security analysis and IT-security audit (NIST, OWASP, Cobit, OSSTMM, PTES and GOST R ISO/IEC), used to obtain objective and reliable data for operational security assessments of the CII objects and development of an IT-security audit model for CII objects. Research method: methods of analysis and structural decomposition from the theory of system analysis, identifying signs essential for optimizing the process of IT-security audit for CII objects. Research result: include the detailed analysis and comparison of the existing best practices for performing security analysis and IT-security audit (NIST, OWASP, Cobit, OSSTMM, PTES and GOST R ISO/IEC) for CII objects. A model of IT-security audit for CII objects has been developed. Scientific novelty: an IT-security audit model for CII facilities, characterized by the possibility of a “dual” mode for a full cycle of ensuring the safety of CII facilities – a full national conditional mode and a combined conditional mode, which allows, if necessary, to include additional functional blocks","PeriodicalId":422818,"journal":{"name":"Voprosy kiberbezopasnosti","volume":"16 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"RESEARCH OF METHODS FOR MONITORING THE LEVEL OF INFORMATION SECURITY AT CRITICAL INFORMATION INFRASTRUCTURE FACILITIES\",\"authors\":\"I. Livshitz, Andrew Baksheev\",\"doi\":\"10.21681/2311-3456-2022-6-40-52\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Purpose of work is to analyze the existing practices of performing security analysis and IT-security audit (NIST, OWASP, Cobit, OSSTMM, PTES and GOST R ISO/IEC), used to obtain objective and reliable data for operational security assessments of the CII objects and development of an IT-security audit model for CII objects. Research method: methods of analysis and structural decomposition from the theory of system analysis, identifying signs essential for optimizing the process of IT-security audit for CII objects. Research result: include the detailed analysis and comparison of the existing best practices for performing security analysis and IT-security audit (NIST, OWASP, Cobit, OSSTMM, PTES and GOST R ISO/IEC) for CII objects. A model of IT-security audit for CII objects has been developed. Scientific novelty: an IT-security audit model for CII facilities, characterized by the possibility of a “dual” mode for a full cycle of ensuring the safety of CII facilities – a full national conditional mode and a combined conditional mode, which allows, if necessary, to include additional functional blocks\",\"PeriodicalId\":422818,\"journal\":{\"name\":\"Voprosy kiberbezopasnosti\",\"volume\":\"16 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"1900-01-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Voprosy kiberbezopasnosti\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.21681/2311-3456-2022-6-40-52\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Voprosy kiberbezopasnosti","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.21681/2311-3456-2022-6-40-52","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
摘要
工作目的是分析执行安全分析和it -安全审计的现有实践(NIST, OWASP, Cobit, OSSTMM, PTES和GOST R ISO/IEC),用于获取客观可靠的数据,用于CII对象的操作安全评估和CII对象的it -安全审计模型的开发。研究方法:从系统分析理论出发,采用分析和结构分解的方法,找出CII对象it安全审计流程优化所必需的标志。研究结果:包括对CII对象执行安全分析和it安全审计的现有最佳实践(NIST、OWASP、Cobit、OSSTMM、PTES和GOST R ISO/IEC)的详细分析和比较。已经开发了用于CII对象的it安全审计模型。科学新颖性:一种CII设施的it安全审计模式,其特点是在确保CII设施安全的整个周期中可能采用“双重”模式——一种完整的国家条件模式和一种组合条件模式,必要时允许包括额外的功能块
RESEARCH OF METHODS FOR MONITORING THE LEVEL OF INFORMATION SECURITY AT CRITICAL INFORMATION INFRASTRUCTURE FACILITIES
Purpose of work is to analyze the existing practices of performing security analysis and IT-security audit (NIST, OWASP, Cobit, OSSTMM, PTES and GOST R ISO/IEC), used to obtain objective and reliable data for operational security assessments of the CII objects and development of an IT-security audit model for CII objects. Research method: methods of analysis and structural decomposition from the theory of system analysis, identifying signs essential for optimizing the process of IT-security audit for CII objects. Research result: include the detailed analysis and comparison of the existing best practices for performing security analysis and IT-security audit (NIST, OWASP, Cobit, OSSTMM, PTES and GOST R ISO/IEC) for CII objects. A model of IT-security audit for CII objects has been developed. Scientific novelty: an IT-security audit model for CII facilities, characterized by the possibility of a “dual” mode for a full cycle of ensuring the safety of CII facilities – a full national conditional mode and a combined conditional mode, which allows, if necessary, to include additional functional blocks
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
