On the issue of analysis of legal documents on information security of automated systems of internal affairs bodies of the Russian Federation to assess the level of their security

Objective.  When solving a scientific problem related to assessing the security of automated systems of internal affairs bodies, in particular, when developing a methodology for quantifying protected automated systems of internal affairs bodies, the first stage of the solution is the analysis of international, Russian, as well as departmental legal documents on information security ( IS) of automated systems of internal affairs bodies of the Russian Federation (AS ATS of the Russian Federation), based on the results of the analysis of which it is necessary to develop a methodology for quantifying the level of security of the ATS of the Russian Federation.

Method. In the course of the work, an analysis was made of international, Russian, as well as departmental legal documents on information security of the ATS of the Russian Federation.

Result. An exhaustive list of literature has been obtained, including international, Russian, as well as departmental legal documents on information security of the RF ATS AS.

Conclusion. An analysis of international, Russian, as well as departmental legal documents on information security of the ATS of the Russian Federation showed that the documents on the protection of information of the ATS of the Russian Federation, as well as the methodology for quantifying the level of security of these systems, have been developed insufficiently, in particular, they are absent a system of indicators, as well as mathematical models and algorithms for assessing the level of security of the ATS of the Russian Federation, which requires significant improvement of these documents. 

1. GOST R 54581-2011 / ISO/IEC TR 15443-1:2005. Information technology. Methods and means of ensuring security. Fundamentals of trust in IT security. Part 1. Overview and basics. 2012; 27.

2. GOST R 54582-2011 / ISO/IEC TR 15443-2:2005. Information technology. Methods and means of ensuring security. Fundamentals of trust in information technology security. Part 2. Methods of trust. 2019; 52 .

3. GOST R 54583-2011 / ISO/IEC TR 15443-3:2007. Information technology. Methods and means of ensuring security. Fundamentals of trust in information technology security. Part 3. Analysis of trust methods. 2011; 54.

4. GOST R 56045-2014 / ISO/IEC TR 27008:2011. Information technology. Methods and means of ensuring security. Recommendations for auditors regarding measures and means of control and management of information security. 2014; 44 .

5. GOST R ISO/IEC 13335-1-2006. Information technology. Methods and means of ensuring security. Part 1. The concept and models of information and telecommunication technology security management. 2006; 23.

6. GOST R ISO 7498-1-99. Information technology. The relationship of open systems. The basic reference model. Part 1. Basic model. 2006; 62.

7. GOST R ISO 7498-2-99. Information technology. The relationship of open systems. The basic reference model. Part 2. Information security architecture. 1999. 39 p .

8. GOST R ISO/IEC TO 13335-5-2006. Information technology. Methods and means of ensuring security. Part 5. Network Security Management Guide. 2006. 33 with

9. GOST R ISO/IEC 15408-1-2012. Information technology. Methods and means of ensuring security. Criteria for assessing the security of information technologies. Part 1. Introduction and general model. 2012. 56 p.

10. GOST R 50739-95. Computer equipment. Protection against unauthorized access to information. General technical requirements. 2006. 10 p.

11. GOST R 50922-2006. Information protection. Basic terms and definitions // Moscow: Federal Agency for Technical Regulation and Metrology. 2006. 12 c.

12. GOST R 51188-98. Information protection. Testing of software for the presence of computer viruses. Model manual. 1998. 8 p.

13. GOST R 51275-2006. Information protection. The object of informatization. Factors affecting information. General provisions. 2006. 11 p.

14. GOST R 51583-2014. Information protection. The procedure for creating automated systems in a protected version. General provisions. 2014. 18 p.

15. GOST R 52069.0-2013. Information protection. The system of standards. The main provisions. 2013. 15 p.

16. GOST R 52447-2005. Information protection. Information security techniques. The nomenclature of quality indicators. 2005. 27 p.

17. GOST R 52448-2005. Information protection. Ensuring the security of telecommunication networks. General provisions. 2005. 19 p.

18. GOST R 52633.0-2006. Information protection. Information security techniques. Requirements for highly reliable biometric authentication tools. 2006. 24 p.

19. The Law of the Russian Federation of July 21, 1993 N 5485-1 "On state secrets".

20. Federal Law No. 184-FZ of December 27, 2002 "On Technical Regulation".

21. Federal Law No. 126-FZ of July 07, 2003 "On Communications".

22. Federal Law No. 98-FZ of July 29, 2004 "On Trade Secrets".

23. Federal Law No. 160-FZ of December 19, 2005 "On Ratification of the Council of Europe Convention on the Protection of Individuals with Automated Processing of Personal Data".

24. Federal Law No. 149-FZ of July 27, 2006 "On Information, Information Technologies and Information Protection".

25. Federal Law No. 152-FZ of July 27, 2006 "On Personal Data".

26. Federal Law No. 390-FZ of December 28, 2010 "On Security".

27. Federal Law No. 63-FZ of April 06, 2011 "On Electronic Signature".

28. Application of the method of topological transformation of stochastic networks for evaluating the effectiveness of protective equipment / V. V. Baranov, A.M. Kribel, O. S. Lauta, A. P. Nechepurenko. Actual problems of information security : Proceedings of the Interuniversity Scientific and Practical Conference, Samara, May 20-24, 2017; Samara: Insoma-Press, 2017; 47-52. – EDN ZAMPAR.

29. Rogozin, E. A. A method for determining a complex indicator of the security of automated systems / E. A. Rogozin, O. V. Lankin, D. A. Bagaev . Questions of information protection. 2009; 2(85): 8-10.

30. Nedopeka, A. S. Analysis of the security of automated systems for the organization of cargo transportation / A. S. Neopeka, K. I. Bushmeleva. National Association of Scientists. 2015; 10-1(16): 32-35.

31. Avramenko, V. S. A model for quantifying the security of information from unauthorized access in automated systems by a complex indicator / V. S. Avramenko, A.V. Kozlenko. Proceedings of SPIIRAN. 2010; 2(13): 172-181.

32. Yazov, Yu. K. Information risks in the conditions of application of virtualization technology in information and telecommunication systems / Yu. K. Yazov, V. N. Sigitov // Information and security. 2013; 16 (3): 403-406.

33. Methods of assessing the security of information in automated systems from unauthorized access / A.V. Nepomnyashchikh, G. V. Kulikov, Yu. V. Sosnin, P. A. Nashchekin. Questions of information protection. 2014;1(104):3-12.

34. Nikitin, A. A. Methodological approach to assessing the security of automated systems of internal affairs bodies based on the requirements of regulatory documentation / A. A. Nikitin, I. G. Drovnikova. Public safety, legality and law and order in the III millennium. 2015;1-3: 131-133. EDN VRBQLD.

35. Soloviev, S. V. Information support of activities on technical protection of information / S. V. Soloviev, Yu. K. Yazov Issues of cybersecurity. 2021;1(41): 69-79. DOI 10.21681/2311-3456-2021-1-69-79. – EDN AOEUFT.

36. Avsentiev, O. S. Ensuring information protection in the process of creating an information system of an informatization object / O. S. Avsentiev, A. G. Valde, Yu. V. Konkin. Bulletin of the Voronezh Institute of the Ministry of Internal Affairs of Russia. 2021; 3:36-48. EDN FJUSGI.