REQUIREMENTS ANALYSIS METHOD OF INFORMATION SECURITY MANAGEMENT SYSTEMS-Reference-Cited by-同舟云学术

REQUIREMENTS ANALYSIS METHOD OF INFORMATION SECURITY MANAGEMENT SYSTEMS

Published:2020 Issue:9 Volume:1 Page:149-158
ISSN:2663-4023
Container-title:Cybersecurity: Education, Science, Technique
language:
Short-container-title:Cybersecurity

Author:

Tsurkan Vasyl¹^ORCID

Affiliation:

1. Pukhov Institute for Modelling in Energy Engineering of National Academy of Sciences of Ukraine

Abstract

The process of analyzing the requirements for information security management systems is considered. The obligation to comply with the requirements of the international standard ISO/IEC 27001 is shown. This provides confidence to stakeholders in the proper management of information security risks with an acceptable level. This is due to the internal and external circumstances of influencing the goal and achieving the expected results of organizations. In addition, the identification of stakeholders, their needs and expectations from the development of information security management systems are also considered. It is established that now the main focus is on taking into account the requirements for the process of developing these systems or to ensure information security in organizations. The transformation of the needs, expectations and related constraints of stakeholders into an appropriate systemic solution has been overlooked. These limitations have been overcome through the method of analyzing the requirements for information security management systems. Its use allows, based on the needs, expectations and related constraints of stakeholders, to identify relevant statements in established syntactic forms. There is need to check each of them for correctness of formulation and compliance with the characteristics of both the individual requirement and the set of requirements. For their systematization, establishment of relations the graphic notation SysML is applied. In view of this, the requirement is considered as a stereotype of a class with properties and constraints. Relationships are used to establish relationships between requirements. Their combination is represented by a diagram in the graphical notation SysML and, as a result, allows you to specify the requirements for information security management systems. In the prospects of further research, it is planned to develop its logical structure on the basis of the proposed method.

Publisher

Borys Grinchenko Kyiv University

Subject

General Medicine

Reference25 articles.

1. International Organization for Standardization. (2013, Sept. 25). ISO/IEC 27001:2013, Information technology. Security techniques. Information security management systems. Requirements. [Online]. Available: https://www.iso.org/ standard/54534.html. Accessed on: May 14, 2020.

2. DP "UkrNDNTs". (2015, Dec. 18). DSTU ISO/IEC 27001:2015, Information technology. Security techniques. Information security management systems. Requirements. Kyiv, 2016, 22 p.

3. International Organization for Standardization. (2013, Sept. 25). ISO/IEC 27002:2013, Information technology. Security techniques. Code of practice for information security controls. [Online]. Available: https://www.iso.org/standard/54534.html. Accessed on: May 14, 2020.

4. International Organization for Standardization. (2019, Mar. 08). ISO/IEC/IEEE 15026-1:2019, Systems and software engineering. Systems and software assurance. Part1: Concepts and vocabulary. [Online]. Available: https://www.iso.org/standard/73567.html. Accessed on: May 14, 2020.

5. International Organization for Standardization. (2017, Apr. 12). ISO/IEC 27003:2017, Information technology. Security techniques. Information security management systems. Guidance. [Online]. Available: https://www.iso.org/ru/standard/63417.html. Accessed on: May 14, 2020.