Ensuring Information Security of Information Systems to be Integrated Based on Trust

Cover Page

Cite item

Full Text

Abstract

Relevance. Information systems are integrated with each other, which leads to the need to ensure the protection of the integrated system. The level of trust requires formalizing the concept of trust and studying its nature and structure.The purpose of the article is to remove the contradiction between the needs to provide access to the resources of the resulting integrated system and ensure compliance with the information security requirements of each of the integrated systems by formulating the concept of trust from the information security perspective. Methods used: systems analysis, risk management theory, resolutions, iSoft operator equation synthesis method.Results. Main shortcomings of existing approaches to the formalization of the concept of “trust” are identified. Based on the FIST information system model, a functional trust structure has been developed and formalized in IDEF0 notation for all levels of integrated information systems: supporting level, personnel level, hardware and software levels. Examples of violation of trust and examples of tools for creating trust for each level of the information system are given. The adequacy of the model is illustrated by the example of real integration of information systems. Application of the proposed trust model made it possible to identify features that increase information security risks for the integrated information system from the example. Novelty. An interpretation of trust as a measure of information security is proposed, in contrast to “risk” as a measure of danger. A tool for quantitative assessment of trust is proposed. A necessary and sufficient condition for creating maximum trust in an information system is formulated and proven by the resolution method Practical significance. The proposed trust model can be used in the development of guidance documents regulating the process of integration of information systems, in setting requirements for service personnel and creating training programs for them, for developing information security tools and methods for their application.

About the authors

V. V. Gryzunov

Saint Petersburg University of State Fire Service of Emercom of Russia

Email: viv1313r@mail.ru
ORCID iD: 0000-0003-4866-217X
SPIN-code: 9750-4417

A. S. Krjukov

Russian State University of Justice

Email: steelrat76@mail.ru
ORCID iD: 0000-0002-4633-8635

A. V. Shestakov

Saint Petersburg University of State Fire Service of Emercom of Russia

Email: alexander.shestakov@yandex.ru
ORCID iD: 0000-0002-8462-6515
SPIN-code: 5831-5451

I. A. Zikratov

The Bonch-Bruevich Saint Petersburg State University of Telecommunications

Email: zikratov.ia@sut.ru
ORCID iD: 0000-0001-9054-800X
SPIN-code: 8991-5212

References

  1. Черных А.М. Основные направления интеграции федеральных государственных информационных систем и пространственных данных // Правовая информатика. 2018. № 2. С. 47‒56. EDN: XRPRMT
  2. Yan Z., Holtmanns S. Trust Modeling and Management: From Social Trust to Digital Trust // Computer Security, Privacy and Politics: current Issues, Challenges and Solutions. 2008. PP. 290‒323. doi: 10.4018/978-1-59904-804-8.ch013
  3. Chahal R.K., Kumar N., Batra S. Trust management in social Internet of Things: A taxonomy, open issues, and challenges // Computer Communications. 2020. Vol. 150. PP. 13‒46. doi: 10.1016/j.comcom.2019.10.034
  4. Burlov V.G., Gryzunov V.V. Evaluation of the effectiveness of geographic information systems adaptation to destabilizing factors // Journal of Physics: Conference Series. 2020. Vol. 1703. P. 012016. doi: 10.1088/1742-6596/1703/1/012016
  5. Селифанов В.В., Гордеев А.С., Карманов И.Н. Требования по защите информации при межсетевом взаимодействии государственных информационных систем с иными информационными системами // Интерэкспо Гео-Сибирь. 2018. № 7. С. 277‒282. EDN:YORFLV
  6. Прокушев Я.Е., Пономаренко С.В., Пономаренко С.А. Моделирование процессов проектирования систем защиты информации в государственных информационных системах // Computational nanotechnology. 2021. Т. 8. № 1. С. 26‒37. doi: 10.33693/2313-223X-2021-8-1-26-37. EDN:XJMNND
  7. Грызунов В.В., Корниенко А.А., Глухарев М.Л., Крюков А.С. Выбор моделей доверия при интеграции распределенных информационных систем критического применения // Проблемы информационной безопасности. Компьютерные системы. 2021. № 4. С. 79‒90. doi: 10.48612/jisp/ev3e-fmtu-x25h. EDN:VMALWC
  8. Кругликов С.В., Дмитриев В.А., Степанян А.Б., Максимович Е.П. Информационная безопасность информационных систем с элементами централизации и децентрализации // Вопросы кибербезопасности. 2020. № 1(35). С. 2‒7. doi: 10.21681/2311-3456-2020-01-02-07. EDN:HVFMFK
  9. Шиверов П.К., Бондаренко В.В. Понятие доверия в контексте информационной безопасности // Международная конференция и молодёжной школы «Информационные технологии и нанотехнологии» (ИТНТ-2016, Самара, Российская Федерация, 17–19 мая 2016). Самара: Самарский государственный аэрокосмический университет, 2016. С. 414‒418. EDN:WMPXCP
  10. Meeßen S.M., Thielsch M.T., Hertel G. Trust in Management Information Systems (MIS) // Zeitschrift für Arbeits-und Organisationspsychologie A&O. 2019. № 64. Iss. 1. PP. 6‒16. doi: 10.1026/0932-4089/a000306
  11. Maqableh M., Hmoud H.Y., Jaradat M., Masadeh R. Integrating an information systems success model with perceived privacy, perceived security, and trust: the moderating role of Facebook addiction // Heliyon. 2021. Vol. 7. Iss. 9. PP. 1‒15. doi: 10.1016/j.heliyon.2021.e07899
  12. Ettlie J.E., Tucci C., Gianiodis P.T. Trust, integrated information technology and new product success // European Journal of Innovation Management. 2017. Vol. 20. Iss. 3. PP. 406‒427. doi: 10.1108/EJIM-12-2015-0128
  13. McKnight H., Carter M., Clay P. Trust in technology: Development of a set of constructs and measures // DIGIT 2009 Proceedings. 2009. URL: https://aisel.aisnet.org/digit2009/10 (Accessed 10.06.2024)
  14. Ngo-Ye T.L., Nazareth D.L., Choi J.J. Trust in security as a service: a theoretical model // Issues in Information Systems. 2020. Vol. 21. Iss. 2. PP 64‒74.
  15. Park S. Multifaceted trust in tourism service robots // Annals of Tourism Research. 2020. Vol. 81. P. 102888. doi: 10.1016/j.annals.2020.102888
  16. Ramos F.L., Ferreira J.B., Freitas A.S., Rodrigues J.W. The Effect of Trust in the Intention to Use m-banking // BBR. Brazilian Business Review. 2018. Vol. 15. Iss. 2. PP. 175‒191. doi: 10.15728/bbr.2018.15.2.5
  17. Putra G.C., Astiti N.P.Y., Gunadi G.N.B. The Exploring of Trust that Influences Customer's Intention to Use FinnTech M-Banking Application on Regional Banks // International Journal of Economics and Business Administration. 2020. Vol. 8. Iss. 4. PP. 407‒421.
  18. Иткес А.А. Объединение моделей логического разграничения доступа для сложноорганизованных распределенных информационных систем // Проблемы информатики. 2010. № 1(5). С. 85‒94. EDN:NBRZPN
  19. Глухова Л.В., Губанова С.Е. Некоторые аспекты менеджмента информационной безопасности промышленных комплексов // Вестник Волжского университета им. В.Н. Татищева. 2015. №3(34). С. 135‒144. EDN:VBWJDX
  20. Gryzunov V.V. Conceptual Model for Adaptive Control of a Geographic Information System under Conditions of Destabilization // Automatic Control and Computer Sciences. 2021. Vol. 55. Iss. 8. PP. 1222–1227. doi: 10.3103/S0146411621080381
  21. Покровский И.А. Разобраться в понятиях // Безопасность информационных технологий. 2023. Т. 30. №. 2. С. 21‒22.
  22. Калашников А.О., Бугайский К.А., Бирин Д.С., Дерябин Б.О., Цепенда С.О., Табаков К.В. Применение логико-вероятностного метода в информационной безопасности (часть 1) // Вопросы кибербезопасности. 2023. №. 4(56). С. 23‒32. doi: 10.21681/2311-3456-2023-4-23-32. EDN:GIHSBN
  23. Zefferer T., Prunster B., Kollmann C., Corici A.A. A Security-Evaluation Framework for Mobile Cross-Border e-Government Solutions // Proceedings of the 24th Annual International Conference on Digital Government Research (Gdansk, Poland, 11‒14 July 2023). New York: Association for Computing Machinery, 2023. PP. 536‒543. doi: 10.1145/3598469.359852
  24. Phiayura P., Teerakanok S. A Comprehensive Framework for Migrating to Zero Trust Architecture // IEEE Access. 2023. Vol. 11. PP. 19487‒19511. doi: 10.1109/ACCESS.2023.3248622
  25. Ahmadi S. Zero Trust Architecture in Cloud Networks: Application, Challenges and Future Opportunities // Journal of Engineering Research and Reports. 2024. Vol. 26. Iss. 2. PP. 215‒228. doi: 10.9734/jerr/2024/v26i21083
  26. Khan M.J. Zero trust architecture: Redefining network security paradigms in the digital age // World Journal of Ad-vanced Research and Reviews. 2023. Vol. 19. Iss. 3. PP. 105‒116. doi: 10.30574/wjarr.2023.19.3.1785
  27. Грызунов В.В. Модель геоинформационной системы FIST, использующей туманные вычисления в условиях дестабилизации // Вестник Дагестанского государственного технического университета. Технические науки. 2021. Т. 48. № 1. С. 76‒89. doi: 10.21822/2073-6185-2021-48-1-76-89. EDN:IDEYPX
  28. Gryzunov V.V. Model of Purpose Aggressive Actions on the Information-Computing System // Proceedings of the 3rd International Conference on Human Factors in Complex Technical Systems and Environments (ERGO, St. Petersburg, Russia, 04‒07 July 2018). IEEE, 2018. PP. 119–121. doi: 10.1109/ERGO.2018.8443814
  29. Gryzunov V.V., Bondarenko I.Yu. A Social Engineer in Terms of Control Theory // Proceedings of the 3rd International Conference on Human Factors in Complex Technical Systems and Environments (ERGO, St. Petersburg, Russia, 04‒07 July 2018). IEEE, 2018. PP. 202–204. doi: 10.1109/ERGO.2018.8443835
  30. Gryzunov V., Gryzunova D. Problems of Providing Access to a Geographic Information System Processing Data of Different Degrees of Secrecy // Khanna K., Estrela V.V., Rodrigues J.J.P.C. (eds.) Cyber Security and Digital Forensics. Lecture Notes on Data Engineering and Communications Technologies. Singapore: Springer, 2022. Vol. 73. PP. 191–198. doi: 10.1007/978-981-16-3961-6_17
  31. Ананьев И.В., Серова Е.Г. Области эффективного применения нотации IDEF0 для задач описания бизнес-процессов // Вестник Санкт-Петербургского университета. Менеджмент. 2008. № 2. С. 161‒172. EDN:JUBTXH
  32. Канев С.А. Акцент на эффект. Определение характеристик эффективности использования информационных активов компаний // Креативная экономика. 2010. № 8(44). С. 42‒47. EDN:MSVWFV
  33. Манжосов А.В., Болодурина И.П., Сабуров В.С., Долгушев Н.А. Разработка специальной классификации информационных активов в сфере информационной безопасности // Вестник Пермского университета. Математика. Механика. Информатика. 2022. № 4(59). С. 54‒60. doi: 10.17072/1993-0550-2022-4-54-60. EDN:ZHZWNB


Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.

This website uses cookies

You consent to our cookies if you continue to use our website.

About Cookies