Architecture of the Information Security Incident Management System at Oil and Gas Enterprises

Objective. Currently, enterprises are widely implementing information security incident management systems, which are designed to solve such problems as timely identification of the fact of an incident, analysis and research of cause-and-effect relationships that lead to an increase in the likelihood of violations, modification or creation of new regulatory documents describing organizational activities, implementation of technical and software tools that provide preventive protection measures. An enterprise in the oil and gas sector that has been attacked by attackers may face various problems, among which the complete or partial shutdown of production and the failure of expensive equipment are especially significant for the production process. In addition, the relevance of information security incident management processes for enterprises in the oil and gas sector is due to the fact that the implementation of threats can lead not only to financial losses, but also to serious environmental damage.
Method. The developed architecture of the information security incident management system is based on the use of the Shewhart-Deming cycle.
Result. A model of the architecture of an information security incident management system has been obtained, which can be used at enterprises in the oil and gas sector for effective and timely tracking and analysis of emerging incidents, planning measures to eliminate the consequences of incidents, and preventing their reoccurrence.
Conclusion. The proposed architecture of the information security incident management system allows us to take into account the characteristics of oil and gas sector enterprises associated with the impact of information security on the production process due to the high automation of the production process and high man-made risks.

1. GOST R ISO/IEC 27001-2006. Information technology. Methods and means of ensuring security. Information security management systems. Requirements. Enter. 02/01/2008. M.: Standartinform, 2008; 31(In Russ)..

2. GOST R ISO/IEC TO 18044-2007. Information technology. Methods and means of ensuring security. Information security incident management. Enter. 02/01/2008. M.: Standartinform, 2009;50. (In Russ).

3. GOST R 53114-2008. Data protection. Ensuring information security in the organization. Basic terms and definitions. – Enter. 12/18/2008. – M.: Standartinform, 2018;20. (In Russ).

4. GOST R 59709-2022. Data protection. Computer incident management. Terms and Definitions. – Enter. 11/29/2022. – M.: Russian Institute of Standardization, 2022; 20. (In Russ).

5. Garbuzov G. Conducting investigations of information security incidents: organizational and legal aspects Information security: [site]. URL: https://lib.itsec.ru/articles2/control/provedenie-rassledovaniy-incidentovib (access date: 09/02/2023). (In Russ).

6. Pisarenko I. Identification of information security incidents // Information security: [site]. URL: http://lib.itsec.ru/articles2/control/vyyavlenie-incidentov-informacionnoy-bezopasnosti (access date: 09/02/2023). (In Russ).

7. Semishkur, A.R. Formation of a system of requirements for ensuring information security at critical information infrastructure facilities in cooperation between the Russian Federation and the People’s Republic of China using the example of the “Power of Siberia” gas pipeline / A.R. Semishkur, I.I. Livshits. Herald Daghestan State Technical University. Technical Sciences. 2023;50(2):142-152. –DOI 10.21822/2073-6185-2023-50-2-142-152. – EDN TUUTVD. (In Russ).

8. Artamonov, G.M. Problems of risk management in the field of information security / G.M. Artamonov, V.V. Maslov, S.A. Reznichenko. Herald of the Dagestan State Technical University. Technical Sciences. 2023; 50(2): 25-34. – DOI 10.21822/2073-6185-2023-50-2-25-34. – EDN WFXCEJ. (In Russ).

9. Repin V.V., Eliferov V.G. Process approach to management. Business process modeling. - M.: RIA "Standards and Quality", 2008; 408 — ISBN 978-5-94938-063-5(In Russ).