Принципи вибору формальних параметрів при побудові профілей захисту інфоресурсів

Abstract

Визначені основні параметри загроз інформаційним об’єктам систем передачі та обробки інформації, а також приведений загальний підхід до побудови формальної моделі загроз, що дозволяє здійснювати вибір функціональних послуг захисту

The article outlines the key parameters of hazards to information objects of information transmission and processing systems. The general approach to the construction of a formal model of hazards is given. This approach allows the selection of functional protection services. It was indicated that the formal hazard model could be defined as a list of required parameters. The attention is focused on the fact that the parameters are determined at the stage of risk analysis. It should be noted that parameters are usually sufficient to select appropriate functional protection services. It was concluded that the total risk, concerning the information security, is an overall index. Mentioned index characterizes the possible losses in case of violation of security in the accepted system. It was determined that the means of protection should be chosen according to the “efficiency-cost” criterion, taking into consideration the opinion of information safety system customer. It was shown that it is necessary to determine the total residual of risk, and then, if necessary, to enhance the protective devices