Affiliation:
1. Saint Petersburg University of State Fire Service of Emercom of Russia
2. Russian State University of Justice
3. The Bonch-Bruevich Saint Petersburg State University of Telecommunications
Abstract
Relevance. Information systems are integrated with each other, which leads to the need to ensure the protection of the integrated system. The level of trust requires formalizing the concept of trust and studying its nature and structure.The purpose of the article is to remove the contradiction between the needs to provide access to the resources of the resulting integrated system and ensure compliance with the information security requirements of each of the integrated systems by formulating the concept of trust from the information security perspective. Methods used: systems analysis, risk management theory, resolutions, iSoft operator equation synthesis method.Results. Main shortcomings of existing approaches to the formalization of the concept of “trust” are identified. Based on the FIST information system model, a functional trust structure has been developed and formalized in IDEF0 notation for all levels of integrated information systems: supporting level, personnel level, hardware and software levels. Examples of violation of trust and examples of tools for creating trust for each level of the information system are given. The adequacy of the model is illustrated by the example of real integration of information systems. Application of the proposed trust model made it possible to identify features that increase information security risks for the integrated information system from the example. Novelty. An interpretation of trust as a measure of information security is proposed, in contrast to “risk” as a measure of danger. A tool for quantitative assessment of trust is proposed. A necessary and sufficient condition for creating maximum trust in an information system is formulated and proven by the resolution method Practical significance. The proposed trust model can be used in the development of guidance documents regulating the process of integration of information systems, in setting requirements for service personnel and creating training programs for them, for developing information security tools and methods for their application.
Publisher
Bonch-Bruevich State University of Telecommunications
Reference33 articles.
1. Chernykh A. The main directions of federal state information systems and classified data. Legal Informatics. 2018;2:47‒56. (in Russ.) EDN:XRPRMT
2. Yan Z., Holtmanns S. Trust Modeling and Management: From Social Trust to Digital Trust. Computer Security, Privacy and Politics: current Issues, Challenges and Solutions. 2008:290‒323. DOI:10.4018/978-1-59904-804-8.ch013
3. Chahal R.K., Kumar N., Batra S. Trust management in social Internet of Things: A taxonomy, open issues, and challenges. Computer Communications. 2020;150:13‒46. DOI:10.1016/j.comcom.2019.10.034
4. Burlov V.G., Gryzunov V.V. Evaluation of the effectiveness of geographic information systems adaptation to destabilizing factors. Journal of Physics: Conference Series. 2020;1703:012016. DOI:10.1088/1742-6596/1703/1/012016
5. Selifanov V.V., Gordeev A.S., Karmanov I.N. Requirements for information sequrity in cross-network interaction of the state information systems with other information systems. Interexpo GEO-Sibiria. 2018;7:277‒282. (in Russ.) EDN:YORFLV