Comparative analysis of the us ISO and NIST standards on assessing the risk of information leakage in communication systems
Abstract
The reliability of any system was always defined by its level of stability and by availability to have in responsible security persons or specialists’ disposal necessary preventive measures, which are adequate to the threats risks and which are not yielded to easy elimination or demolishing. There was always in the world competition for the information ownership and according to it there was always the rivalry for ability to preserve effectively this ownership from the “outsiders” and much more from competitors.
The protective systems are as effective as they include completely all the possible and theoretically probable processes, which are going on within the information system (IS) or can be caused by outside influence, or when they appeared accidentally. Therefore, risk controlling management model for the IS must reflects all the variety of events and also the processes of resources distribution and using. Making the analyses of available for today published works on this occasion it’s possible to come to a conclusion that all of them (standards) contain in themselves a great deal of engaging of methods and tools, which are sufficient for to discharge the setting tasks. But in the information field the life is also going on and appearing of the new risks is inevitable as the necessity to search for the new standard means of counteraction to them. The theme of this article is the comparing analyses of two main standards, which are appealed to create secure conditions in information space for the owners of information and for their working without hindrances within their network, and for their outside partners and consumers.
Downloads
References
Andon, F.I., Koval, G.I., Korotoun, T.M., Lavrisheva, E.M., Souslov V.Y. (2007). “Osnovy injeneriy kachestva programnykx sistem”, [Basises for the quality engineering of programming systems], Kyiv: Akademperiodika, 672 p.
Andrew Prozorov, independent expert and bloger “A new point of view FSTEK VS NYST 800-53. It’s shame to my state”, 2013
Bobov P.K. From the materials of the Consulting-expert action report of Bobov P.K., JSC “High-Quality Programmed Decisions” for theme: “Ensuring the informational systems security management”
Cabinet of Ministry of Ukraine order from 11.26.2014 № 1163-p.
Dorofeev D.I. From the materials of the Consulting-expert action report of Dorofeev D.I., JSC “High-Quality Programmed Decisions” for theme: “Ensuring the data technical defence in informational systems
Dustin, D., Reshka, D., Paul G. (2003), “Avtomatizovane testuvannya programnogo zabezpechennya. Vprovadjennya, upravlinnya ta ecspluatatciya”, [Program maintenance auto testing. Establishing, controlling and using], translated from eng., Moscow: publishing house “Lory” – 567 p.
From the materials of the Consulting-expert action report of T.R. Yusoubaliev, JSC “High-Quality Programmed Decisions” for theme: “Establishing standard documents and requirements concerned to information defence”
Gulyakin V.V. (2009), “Rozrobka metodykiv ryzikiv informatciynoy bezpeki”, [Informational systems risks methods work out], Moscow: RDSU
IEEE/EIA Std. 12207.1:1997. Software life cycle processes – Life cycle data
ISO/IEC 15288:2002. Systems engineering – System life cycle processes.
Law of Ukraine “About standardization” from 06.05.2014 # 1315-VII
Raichev, I. E., Charchenko O.G. (2006), “Contceptciya pobudovi sertefikatciynoy modeli yakosti programnikh system. Problemi programuvannya”, [Concept of constructing the program systems certification quality model. Programming problems] №2-3, 275 – 281 p.
Reports thesis’ collection from the Consulting-expert action “Arising of informational security in the scientific and innovation activities” Moscow: “Vector-K”, 2016. 7 p.
State enterprise “Ukrainian scientific-researching and educational centre of the standardization, certification and quality problems” order from 08.04.2017 № 207 “Concerning the national standard documents accepting harmonized with European standard documents, amendments in national standard documents, national standard documents cancellation”
Tkach I.M. Conceptual principles of military and economic security of the state: monograph. Kyiv, 2018. 312 p.
Tkachenko V. director company “Active audit agency”: “Modern approaches to the IT risks estimate (on support the branch informational security standards establishing GSTU SUIB 1.0/ISO/IEC 27001:2010 and GSTU SUIB 2.0/ISO/IEC 27002:2010”, Kyiv, 2010.
Abstract views: 420 PDF Downloads: 370
Copyright (c) 2020 Sergey Salnyk, Pavlo Sydorkin, Sergey Nesterenko , Alexander Zaytcev , Mykola Konotopetc
This work is licensed under a Creative Commons Attribution 4.0 International License.
The authors agree with the following conditions:
1. Authors retain copyright and grant the journal right of first publication (Download agreement) with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.
2. Authors have the right to complete individual additional agreements for the non-exclusive spreading of the journal’s published version of the work (for example, to post work in the electronic repository of the institution or to publish it as part of a monograph), with the reference to the first publication of the work in this journal.
3. Journal’s politics allows and encourages the placement on the Internet (for example, in the repositories of institutions, personal websites, SSRN, ResearchGate, MPRA, SSOAR, etc.) manuscript of the work by the authors, before and during the process of viewing it by this journal, because it can lead to a productive research discussion and positively affect the efficiency and dynamics of citing the published work (see The Effect of Open Access).