Comparative analysis of the us ISO and NIST standards on assessing the risk of information leakage in communication systems

  • Sergey Salnyk Institute of Special Communications and Information Protection National Technical University of Ukraine “Igor Sikorsky Kyiv Polytechnic Institute” https://orcid.org/0000-0003-4463-5705
  • Pavlo Sydorkin Institute of Special Communications and Information Protection National Technical University of Ukraine “Igor Sikorsky Kyiv Polytechnic Institute” https://orcid.org/0000-0003-2374-1402
  • Sergey Nesterenko Institute of Special Communications and Information Protection National Technical University of Ukraine “Igor Sikorsky Kyiv Polytechnic Institute” https://orcid.org/0000-0003-2097-1122
  • Alexander Zaytcev Institute of Special Communications and Information Protection National Technical University of Ukraine “Igor Sikorsky Kyiv Polytechnic Institute” https://orcid.org/0000-0001-6239-6782
  • Mykola Konotopetc
Keywords: information security management, threats for the information security, risk control system, identification of the threats, risks appraisals, information system susceptibility

Abstract

The reliability of any system was always defined by its level of stability and by availability to have in responsible security persons or specialists’ disposal necessary preventive measures, which are adequate to the threats risks and which are not yielded to easy elimination or demolishing. There was always in the world competition for the information ownership and according to it there was always the rivalry for ability to preserve effectively this ownership from the “outsiders” and much more from competitors.

The protective systems are as effective as they include completely all the possible and theoretically probable processes, which are going on within the information system (IS) or can be caused by outside influence, or when they appeared accidentally. Therefore, risk controlling management model for the IS must reflects all the variety of events and also the processes of resources distribution and using. Making the analyses of available for today published works on this occasion it’s possible to come to a conclusion that all of them (standards) contain in themselves a great deal of engaging of methods and tools, which are sufficient for to discharge the setting tasks. But in the information field the life is also going on and appearing of the new risks is inevitable as the necessity to search for the new standard means of counteraction to them. The theme of this article is the comparing analyses of two main standards, which are appealed to create secure conditions in information space for the owners of information and for their working without hindrances within their network, and for their outside partners and consumers.

Downloads

Download data is not yet available.

Author Biographies

Sergey Salnyk, Institute of Special Communications and Information Protection National Technical University of Ukraine “Igor Sikorsky Kyiv Polytechnic Institute”

Candidate of Technical Sciences, Deputy head of the special department

Pavlo Sydorkin, Institute of Special Communications and Information Protection National Technical University of Ukraine “Igor Sikorsky Kyiv Polytechnic Institute”

Senior Instructor

Sergey Nesterenko, Institute of Special Communications and Information Protection National Technical University of Ukraine “Igor Sikorsky Kyiv Polytechnic Institute”

Senior Instructor

Alexander Zaytcev , Institute of Special Communications and Information Protection National Technical University of Ukraine “Igor Sikorsky Kyiv Polytechnic Institute”

Senior Instructor

References

Andon, F.I., Koval, G.I., Korotoun, T.M., Lavrisheva, E.M., Souslov V.Y. (2007). “Osnovy injeneriy kachestva programnykx sistem”, [Basises for the quality engineering of programming systems], Kyiv: Akademperiodika, 672 p.

Andrew Prozorov, independent expert and bloger “A new point of view FSTEK VS NYST 800-53. It’s shame to my state”, 2013

Bobov P.K. From the materials of the Consulting-expert action report of Bobov P.K., JSC “High-Quality Programmed Decisions” for theme: “Ensuring the informational systems security management”

Cabinet of Ministry of Ukraine order from 11.26.2014 № 1163-p.

Dorofeev D.I. From the materials of the Consulting-expert action report of Dorofeev D.I., JSC “High-Quality Programmed Decisions” for theme: “Ensuring the data technical defence in informational systems

Dustin, D., Reshka, D., Paul G. (2003), “Avtomatizovane testuvannya programnogo zabezpechennya. Vprovadjennya, upravlinnya ta ecspluatatciya”, [Program maintenance auto testing. Establishing, controlling and using], translated from eng., Moscow: publishing house “Lory” – 567 p.

From the materials of the Consulting-expert action report of T.R. Yusoubaliev, JSC “High-Quality Programmed Decisions” for theme: “Establishing standard documents and requirements concerned to information defence”

Gulyakin V.V. (2009), “Rozrobka metodykiv ryzikiv informatciynoy bezpeki”, [Informational systems risks methods work out], Moscow: RDSU

IEEE/EIA Std. 12207.1:1997. Software life cycle processes – Life cycle data

ISO/IEC 15288:2002. Systems engineering – System life cycle processes.

Law of Ukraine “About standardization” from 06.05.2014 # 1315-VII

Raichev, I. E., Charchenko O.G. (2006), “Contceptciya pobudovi sertefikatciynoy modeli yakosti programnikh system. Problemi programuvannya”, [Concept of constructing the program systems certification quality model. Programming problems] №2-3, 275 – 281 p.

Reports thesis’ collection from the Consulting-expert action “Arising of informational security in the scientific and innovation activities” Moscow: “Vector-K”, 2016. 7 p.

State enterprise “Ukrainian scientific-researching and educational centre of the standardization, certification and quality problems” order from 08.04.2017 № 207 “Concerning the national standard documents accepting harmonized with European standard documents, amendments in national standard documents, national standard documents cancellation”

Tkach I.M. Conceptual principles of military and economic security of the state: monograph. Kyiv, 2018. 312 p.

Tkachenko V. director company “Active audit agency”: “Modern approaches to the IT risks estimate (on support the branch informational security standards establishing GSTU SUIB 1.0/ISO/IEC 27001:2010 and GSTU SUIB 2.0/ISO/IEC 27002:2010”, Kyiv, 2010.


Abstract views: 420
PDF Downloads: 370
Published
2020-12-31
How to Cite
Salnyk, S., Sydorkin, P., Nesterenko, S., Zaytcev , A., & Konotopetc, M. (2020). Comparative analysis of the us ISO and NIST standards on assessing the risk of information leakage in communication systems. Social Development and Security, 10(6), 29-39. https://doi.org/10.33445/sds.2020.10.6.4
Section
Articles