Algorithmization for calculating the security assessment of AIS operating systems of internal affairs bodies, developed on the basis of an analysis of security requirements GOST R ISO/IEC 15408 and possible threats

Objective. The article provides a generalized algorithmization of the processes necessary for developing software for assessing the security of operating systems of automated information systems of internal affairs bodies of the Russian Federation.

Method. The research was carried out based on the method of analyzing possible threats to the security of operating systems, as well as the requirements of the GOST R ISO/IEC 15408 standard.

Result. The result of the automated system for calculating the security indicator of the analyzed OS is one of the specified criteria for indicators of the degree of security of the OS. By comparing the obtained indicator, the corresponding result is output.

Conclusion. The authors provide a generalized algorithmization of the processes necessary for developing software for assessing the security of the AIS OS of the Russian Federation ATS.

1. Bank dannykh ugroz bezopasnosti informatsii – [Elektronnyi resurs] – Rezhim dostupa. – URL: https://bdu. fstec.ru/ (Data obrashcheniya: 27.07.2022).

2. Методы и средства анализа и оценки защищенности автоматизированных систем специального назначения на основе требований к безопасности по ГОСТ Р ИСО/МЭК 15408-2-2013: монография / И.Г. Дровникова, Е.А. Рогозин [и др.]. – Воронеж: ВУНЦ ВВС «ВВА», 2020. – 96 с.

3. GOST R ISO/MEK 15408-3-2002. Informatsionnaya tekhnologiya. Metody i sredstva obespecheniya bezopasnosti. Kriterii otsenki bezopasnosti informatsionnykh tekhnologii. Chast’ 3. Trebovaniya doveriya k bezopasnosti [Elektronnyi resurs] – Rezhim dostupa. – URL: https://docs.cntd.ru/document/1200101777 (Data obrashcheniya: 27.07.2022).

4. A.I. Miftakhova, E.I. Yangirov, E.I. Karaseva, A.I. Yangirov, E.Yu. Nikulinа, I.G. Drovnikova. Development of a software and hardware solution to identify trends in demand for goods. Herald of the Daghestan State Technical University. Technical Science. 2023; 50(1):114-122.

5. Methodology for assessing threats to information security: Methodological document of the FSTEC of Russia dated 02/05/2021 // Information and legal portal of the ConsultantPlus system. – Access mode: http://base. consultant.ru (date of access: 10/27/2022).FSTEC of the Russian Federation. Guidance document. Protection against unauthorized access to information. Terms and definitions. (In Russ)

6. Data bank of information security threats: [Electronic resource]. FSTEC of Russia. URL: https://bdu.fstec.ru/. (Date of access: 27.10.2022). (In Russ)

7. FSTEC RF. Management document. Protection against unauthorized access to information. Terms and Definitions.