The paper describes the procedure for determining information security measures in accordance with GOST R 57580.1 and subsequent compliance assessment in accordance with GOST R 57580.2 within the framework of fulfilling the requirements of the Bank of Russia. The paper presents the main problems of compliance systems in terms of determining security contours, determining unambiguous compliance with the requirements for basic measures and their applicability in the infrastructure, as well as in terms of the audit being conducted. The paper considers the tasks that arise at the stage of forming an approach to meeting the requirements and that make the assessment procedure more streamlined and understandable for specialists. It briefly considers a tool that allows automating certain stages of the process of selecting measures and calculating the compliance assessment. The task to form optimization criteria for selecting security measures while increasing the compliance assessment has been set. The paper provides detailed descriptions of the selected optimization criteria, such as: speed of achieving the result, cost of changes, selection of planned changes, human resources assessment and the possibility of making changes to the infrastructure. The applicability of the criteria is analyzed in terms of the restrictions imposed or additional requirements when using them, as well as the possibility of an objective assessment of the criteria and their further selection.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

On the General Approach and Criteria for Optimizing the Selection of Protective Measures in Preparation for the Procedure for Assessing Compliance with Information Security Requirements for Financial Organizations

  • Anastasia Iakovleva,
  • Marina Zhukova

摘要

The paper describes the procedure for determining information security measures in accordance with GOST R 57580.1 and subsequent compliance assessment in accordance with GOST R 57580.2 within the framework of fulfilling the requirements of the Bank of Russia. The paper presents the main problems of compliance systems in terms of determining security contours, determining unambiguous compliance with the requirements for basic measures and their applicability in the infrastructure, as well as in terms of the audit being conducted. The paper considers the tasks that arise at the stage of forming an approach to meeting the requirements and that make the assessment procedure more streamlined and understandable for specialists. It briefly considers a tool that allows automating certain stages of the process of selecting measures and calculating the compliance assessment. The task to form optimization criteria for selecting security measures while increasing the compliance assessment has been set. The paper provides detailed descriptions of the selected optimization criteria, such as: speed of achieving the result, cost of changes, selection of planned changes, human resources assessment and the possibility of making changes to the infrastructure. The applicability of the criteria is analyzed in terms of the restrictions imposed or additional requirements when using them, as well as the possibility of an objective assessment of the criteria and their further selection.