The Modeling of Processes of Design of Information Protection Systems in Financial Information Systems

Cover Page

Cite item

Full Text

Open Access Open Access
Restricted Access Access granted
Restricted Access Subscription Access

Abstract

The relevance and necessity of implementing measures to protect information in banks, as well as in other organizations of the financial and credit sphere of activity is due to a number of reasons. Firstly, these are the requirements of regulators in the field of information security. For systems of this type, there are also requirements for information security measures, which are set out in GOST R 57580.1–2017. Secondly, it is the objective presence of threats of various nature that require mandatory neutralization and exist in many modern information systems. In order to ensure information security, the security mechanisms used in the banking sector should take into account such factors as a significant amount of processed information, the need to ensure correct, stable and trouble-free operation, the multi-user nature of access to information resources, and ensuring the security of managed equipment. It is particularly worth highlighting the fact that failures and errors in the operation of banking information systems can entail not only economic damage or negative social consequences. In general, ensuring the information security of banking facilities is one of the most important tasks currently being solved at the state level, since they directly affect the stability of its economy. These circumstances determine the relevance of writing the article. The purpose of writing this paper is to develop a set of models describing the features of organizational, legal and technical processes that must be performed in banking information systems. As a methodological basis for writing the work, GOST R 57580.1–2017, as well as regulatory legal acts of the FSTEC of Russia, which are in the public domain, were used. To describe the ongoing work that must be performed to ensure the protection of information in banking information systems, the methodology of functional graphical modeling IDEF0 was used. The result of the research presented in this paper is a set of graphical and symbolic models describing the processes performed at the stages of designing and functioning of the information security system in critical information infrastructures.

About the authors

Yaroslav E. Prokushev

Plekhanov Russian University of Economics

Author for correspondence.
Email: prokye@list.ru
ORCID iD: 0000-0002-7219-7581

Cand. Sci. (Econ.), Associate Professor; associate professor at the Department of Applied Informatics and Information Security

Russian Federation, Moscow

Sergei V. Ponomarenko

Belgorod University of Cooperation, Economics and Law

Email: kaf-otzi-spec@bukep.ru

Cand. Sci. (Econ.), Associate Professor; Professor at the Department of Information Security Organization and Technology

Russian Federation, Belgorod

Riyan R. Maksimov

Belgorod University of Cooperation, Economics and Law

Email: maksimov.riyan@mail.ru

postgraduate student at the Department of Information Security

Russian Federation, Belgorod

References

  1. Ponomarenko S.V., Prokushev Ya.Е., Ponomarenko S.A. Information security of critical information infrastructure systems. Monography. Belgorod: BUKEP, 2021. 133 p.
  2. Prokushev Ya.Е., Ponomarenko S.V., Ponomarenko S.A. The modeling of information security system design processes in state information systems. Computational Nanotechnology. 2021. Vol. 8. No. 1. Pp. 26–37. (In Rus.)
  3. Prokushev Ya.E., Ponomarenko S.V. Comparative analysis of software and hardware protection of information used in information systems of personal data. Information and Security. 2012. Vol. 15. No. 1. Pp. 31–36. (In Rus.)
  4. Prokushev Ya.Е., Ponomarenko S.V., Shishov N.V. The modeling of processes of design of information protection systems in critical information infrastructures. Computational Nanotechnology. 2022. Vol. 9. No. 2. Pp. 45–55. (In Rus.)
  5. Prokusheva A.P., Prokushev Ya.E. Modeling and optimization of the choice of software and hardware protection of information from the point of view of economic and technical expediency. Information and Security. 2012. Vol. 15. No. 1. Pp. 55–60. (In Rus.)
  6. Mattord H., Whitman M. Management of information security. 6th ed. Cengage Learning, 2019. 752 p.
  7. Rohit Tanwar. Information security and optimization. CRC Press, 2021. 224 p.
  8. Whitman M.E. et al. PRSCIiples of information security. 6th ed. Cengage Learning, 2017. 656 p.

Supplementary files

Supplementary Files
Action
1. JATS XML
Download
2. Fig-1. The choice of information protection measures in financial organizations

Download (354KB)
Indexing metadata
3. Fig. 2. Detailing the process of applying the information security system

Download (296KB)
Indexing metadata
4. Fig. 3. The Ensuring of the protection of information during access control

Download (333KB)
Indexing metadata
5. Fig. 4. Ensuring the protection of the computer network

Download (319KB)
Indexing metadata
6. Fig. 5. То ensure the control of the integrity of the information infrastructure

Download (290KB)
Indexing metadata
7. Fig. 6. То provide the layered protection against the viruses and malware

Download (307KB)
Indexing metadata
8. Fig. 7. Modeling the process of preventing information leakage

Download (277KB)
Indexing metadata
9. Fig. 8. The model of control of permitted information exchange channels

Download (362KB)
Indexing metadata
10. Fig. 9. The simulation of the process of ensuring the protection of virtualization systems

Download (287KB)
Indexing metadata
11. Fig. 10. Providing protection when using mobile devices

Download (206KB)
Indexing metadata
12. Fig. 11. Detailed process of ensuring accounting and secure storage of events

Download (236KB)
Indexing metadata


This website uses cookies

You consent to our cookies if you continue to use our website.

About Cookies