Information Technology Reference
In-Depth Information
information and telecommunication systems can be realized exactly in the creation of a
complex system of protection of information.
According to the legislation of Ukraine, the complex system of protection of
information is understood as a set of organizational, engineering and technical actions,
including means and methods, technical and cryptographic protection of information,
which has as an objective the maintenance of a necessary level of integrity, accessibility
and confidentiality of information resources.
The creation of complex systems of protection is carried out in four stages:
x At the initial stage, classification and description of resources of information and
a telecommunication system, the development of an information model for it, the
determination of the list of threats including information leakage, the expert
estimation of expected losses in case of realization of threats, the analysis of risks,
a search for weak points, the testing for penetration and estimation of threats, are
all carried out
x At the second stage, the policy of security is worked out and the principles of
estimation of efficiency of the means and actions of protection suggested in it are
determined. At the same time the data collected at the initial stage, which
concerns the users, the available network devices and the arrangement of critical
information resources, etc., are taken into account
x At the third stage, the functional structure of security and the requirements for
parameters of security of information are perfected; work concerning installation,
integration and testing of protection means, the fulfilment of technologies of
processing of information, users' training for the requirements of policy of
security and exploitation regulations of the established protective means, are
carried out
x At the fourth stage, the efficiency of performed actions and their conformity to
the regulations of the developed policy of security is estimated. In the case of
occurrence of any incidents connected to its violation, the plan of reaction to them
and, as consequence, a certain change of some regulations of policy of security, is
realized
Then State expert appraisal of the created complex system of protection of information
in conformity with the requirements of national standards in the field of protection of
information can be carried out. In case of the experts' positive conclusion, a certificate of
conformity is granted.
I hope that all the above allows us to gain an idea about the rather large volume and
complexity of work which needs to be fulfilled for the realization of the uniform
methodology of protection of State information resources in all information and
telecommunication systems of the country.
With the purpose of maintaining the realization of a uniform State policy in the field of
cryptographic and technical protection of information, the protection of State information
resources in information and telecommunication systems, and a high degree of quality of
work in the creation of these complex systems of protection of information, the
Department for special telecommunication systems and information security of the
security service of Ukraine has been created and determined as a State body in the given
sphere, according to the corresponding Decrees of the President of Ukraine.
It means that all the decisions of the Department in the given sphere are obligatory for
the performance by all bodies of the government and subjects of enterprise activities.
Search WWH ::
Custom Search