Saturday, 19 May 2012
Home arrow Security information arrow Management on designing and operation of the automated systems
Security software
Anti spam tools
Anti spyware tools
Antivirus
Backup
Encryption
Firewall
Free software
Passwords managers
Popup ad blockers
Other
Other
Submit software
Security news
Security information
Contact us


RSS
Security software
Security software


Sell software online
Affiliate Programs
Hand guns


Management on designing and operation of the automated systems
Thursday, 13 October 2005
Page 1 of 7
Management on designing and operation of the automated systems, which are meeting the requirements of information security

1. General provisions and definitions

The present supervising document establishes the order of development, introduction and operation of the automated systems (AS) that is meeting the requirements of information security ( IS) .

In the appendix the methodical recommendations concerning realization of stated positions are resulted.

In the document the following basic questions are considered:

* A predesign stage of works on creation the AS (development) of Information Security policy , the analysis of risks, a choice of the basic decisions on maintenance of IS mode);

* A stage of development of the project the AS on which planning Internet security maintenance is made;

* Maintenance IS during introduction and operation.

The following definitions are used:

Information security the AS - security of the information and the equipment the AS from the factors representing threat for:

* Confidentiality (maintenance of the authorized access);

* Integrity;

* Availability.

Management of information security - a way of maintenance of information security by use of mechanisms of maintenance IS .

The analysis of risks - process of definition of threats of security of system and to its separate components, definitions of their characteristics and potential damage, and as counter-measures.

Policy of information security - set of the documents determining administrative and design decisions in IS area.

Functional requirements (specification of functions of security) - a subset of functions the AS concerning to maintenance IS .

Secure mechanisms of IS maintenance - an estimation of adequacy of used mechanisms of maintenance IS to the chosen functional requirements. Secure it is defined by efficiency and a correctness of mechanisms of maintenance IS .

Structure of protection - the document describing tasks of maintenance IS in terms of functional requirements and requirements secure .

2. The account of requirements IS at predesign stages of works on creation the AS

At predesign stages of works on creation the AS should be:

* Requirements to maintenance of IS mode are formulated at realization of functions and tasks projected the AS;

* The concept of Information Security policy developed.

At a stage " Formation of requirements to the AS ", after drawing up of the list of functions and tasks the AS, requirements to maintenance of IS mode should be formulated at their realization. Requirements are formulated in terms:

* Availability,

* Integrity,

* Confidentiality.

In the report developed at this stage, in section, " Functions and task created the AS " should be present subitem " Requirements to maintenance of IS mode ". In it requirements to maintenance of IS mode on each function and a task the AS should be described.

Development of IS concept is made at a stage " Development of the concept the AS ". Development of the concept of Information Security policy begins after a choice of a variant of the concept created the AS and is made on the basis of the analysis of the following groups of factors:

* Legal and contractual requirements;

* Requirements to maintenance of IS mode on functions and task the AS;

* Threats (classes of risks) to which information resources are exposed.

As a result of the analysis general provisions IS touching the organization as a whole are formulated:

* The purposes and priorities, which are pursued with the organization in area, IS ;

* The general directions in achievement of these purposes;

* Aspects of IS program which should be solved at a level of the organization as a whole;

* Officials, and their duties on realization of IS program.

The concept of Information Security policy should be made out as the report.

3. Development of Information Security policy

Development of Information Security policy is made at a stage "Technical project" and assumes the following stages:

* The analysis of risks;

* Definition of requirements to means of protection;

* A choice of the basic decisions on maintenance of IS mode;

* Development of plans of maintenance of trouble-free work of the organization;

* Documentary registration of Information Security policy.

The analysis of risks

The analysis of risks assumes studying and ordering of threats IS , definition of requirements to means of maintenance IS .

Studying and ordering of threats IS assumes the following stages:

* The choice of elements the AS for which will be is made the analysis;

* Development of methodology of an estimation of risk;

* The analysis of threats, definition of weak places in protection;

* An estimation of risks.

By results of the lead work the document containing is made:

* Lists of IS threats, estimations of risks and recommendations on decrease in probability of their occurrence;

* The protective measures necessary for neutralization of threats;

* The analysis cost / efficiency on the basis of which drew conclusions on allowable levels of residual risk and expediency of application of concrete variants of protection.

Definition of requirements to means of protection and a choice of the basic decisions on maintenance of IS mode

Definition of requirements to means of protection assumes the following stages:

* The formulations of requirements to IS, functions following from the analysis and task the AS in view of the lead analysis of risks. Requirements to IS are formulated in terms of functions and mechanisms of security;

* A choice of a structure of protection (a class of security the AS).

Choice of the basic decisions on maintenance of IS mode. Structurization of a complex of measures on levels is made:

* Administrative (maintenance of development and performance of program IS );

* Organizational (the organization of work of the personnel and a regulation of its actions);

* programming-technical ( technical-technical realization of mechanisms of security).

Maintenance of trouble-free work of the organization

By way of maintenance of trouble-free work procedures of reaction to extreme situations should be described, transition to emergency operation of work and conditions of the introduction of the plan in action are set. Posts of the employees responsible for realization of each item(point) of the plan should be specified.

Documenting of Information Security policy

Information Security policy contains in the following documents:

* The concept of Information Security policy;

* The analysis of risks;

* Requirements to means of protection and a choice of the basic decisions on maintenance of IS mode;

* Duty regulations of the personnel and users the AS (" the Working documentation concerning to maintenance of IS mode " is developed at a stage);

* The plan of maintenance of trouble-free work of the organization.



<< Start < Prev 1 2 3 4 5 6 7 Next > End >>
 
< Prev   Next >
[ Back ]
© 2004-2007 Daita.org