Open AccessASSESSMENT OF COMPLIANCE OF INFORMATION SECURITY MEANS ON SIGNIFICANT OBJECTS OF CRITICAL INFORMATION INFRASTRUCTURES OF THE RUSSIAN FEDERATION
Author(s) -
Julia A. Isaeva,
Anastasiya S. Goldobina,
Dmitry M. Nikulin
Publication year - 2020
Publication title -
interèkspo geo-sibirʹ
Language(s) - English
Resource type - Journals
ISSN - 2618-981X
DOI - 10.33764/2618-981x-2020-6-1-155-160
Subject(s) - compliance (psychology) , legislation , computer security , confidentiality , information security , information security management , information systems security , function (biology) , process (computing) , risk analysis (engineering) , computer science , business , gost (hash function) , russian federation , information system , security information and event management , cloud computing security , political science , management information systems , law , psychology , cloud computing , social psychology , evolutionary biology , biology , economic policy , operating system
The need to assess the compliance of information security means depends on the importance of the information, processed at the enterprise. The lack of specific requirements and criteria for conducting an assessment will cause the protection tools to function incorrectly this, in turn, will lead to unpredictable consequences, as well as to the disruption of the functioning of significant objects. Even with the changes made to the legislation of the Russian Federation, there is no specific algorithm for assessment the compliance of certain classes of security tools, such as DLP systems. This article describes the changes made to the legislation and how they will affect the compliance assessment process. The selected security profile, along with GOST 15408-2012, reveals such concepts as functional requirements of trust and security functions. Taking these regulations into account, it is possible to develop a method for conducting compliance assessment for DLP systems, which are an extremely important means of protecting against leaks of confidential information on significant objects of critical information infrastructures.