Categorization of objects of critical information infrastructure of higher education institutions

Objective. Currently, the task of ensuring the security of Russia's national information resources is being updated as an important area of state policy in the information sphere. The purpose of the article is to describe a methodology for determining the criticality of processes in the research activities of a higher educational institution in order to solve the issue of assigning it the category of critical information infrastructure and, in accordance with this category, ensuring the requirements for the information security system. Method. The method of expert assessments and BPMN business process modeling are used. Result. An overview of approaches to categorizing objects of critical information infrastructure of scientific activity of higher education institutions is presented. The analysis and comparison of regulatory documents of regulators, their adaptation for the field of science, the main stages of categorization, local regulatory documents allowing categorization in accordance with the requirements of the regulatory framework are determined. To carry out the categorization process of the university, a scheme of categorization stages has been developed, the rules of analysis of the organization's objects for the purpose of identifying criticality with subsequent assignment of a category of significance or rejection of a category have been considered. Conclusion. The scientific activity of a higher education institution is subject to analysis to identify critical processes, inventory of objects with identification of possible consequences as a result of the implementation of security threats, identification of subjects and objects of critical information infrastructure, assessment of the category of significance. To increase the reliability of the results obtained, the rules of procedure of the special commission on categorization, drafts of local documents on the inventory of objects and the formalization of processes have been developed.

1. DDoS protection in 2023: problems, experience, best practices URL: https://blog.cortel.cloud/category/Informaczionnaya-bezopasnost (accessed 02/10/2024) (In Russ)

2. Kozyreva A.A., Tarasov D.A. The current state of state policy in the field of information security. Herfld of the Voronezh Institute of the Ministry of Internal Affairs of Russia. 2018; 4: 243-247. (In Russ)

3. Burkova E.V., Rychkova A.A. Some aspects of categorizing a higher educational institution as a subject of critical information infrastructure. Scientific and Technical Bulletin of the Volga region. 2022; 4:207-209. (In Russ)

4. Golubev D.A., Prokhorova D.I. Categorization of objects of critical information infrastructure in the healthcare sector. In the collection: Topical issues of modern science and education. collection of articles of the VIII International Scientific and Practical Conference. Penza, 2021;129-136. (In Russ)

5. Salkutsan A.A., Gavdan G.P., Poluyanov A.A. Methodology for determining critical processes at information infrastructure facilities. Information technology security. 2020; 27(2):18-34. (In Russ)

6. Voevodin V.A., Chernyaev V.S., Burenok D.S., Vinogradov I.V. Methodology for assessing the security of an automated control system of critical information infrastructure from DDoS attacks based on Monte Carlo simulation. Herfld of the Daghestan State Technical University. Technical Sciences. 2023; 50(1):62-74. (In Russ)

7. Vavichkin A.N., Gorbatov V.S., Durakovsky A.P., Zheng D.A. On the issue of categorization of objects of critical information infrastructure of higher educational institutions. Information technology security. 2019; 26(2): 44-57. (In Russ)

8. Fisun V.V. Methodology for assessing security in an intelligent information security management system for critical information infrastructure facilities/ Information security is an urgent problem of our time. Improvement of educational technologies for training specialists in the field of information security. 2019;2 (11):43-50. (In Russ)

9. Krasnov A.E., Mosolov A.S., Feoktistova N.A. Assessment of the stability of critical information infrastructures to threats to information security. Information technology security. 2021; 28(1):106-120. (In Russ)

10. Smirnov E.V. Methodology for assessing the political significance of threats to the object of critical information infrastructure on the example of an infocommunication object. Economics and quality of communication systems. 2020;2 (16):49-56 (In Russ)

11. Skryl S.V., Itskova A.A., Khasin E.V. On the possibility of improving procedures for quantifying threats of unauthorized access to information of critical information infrastructure facilities. Information Technology Security. 2023;30(4):61-73 (In Russ)

12. Gavdan G.P., Ivanenko V.G., Salkutsan A.A. Ensuring the security of significant objects of critical information infrastructure. Information technology security. 2019; 26(4):69-82. (In Russ)

13. Abramenko G.T., Lancere N.N., Fadeev I.I. Analysis of the features of the subjects of the critical information infrastructure of the Russian Federation operating in the field of science. In the collection: Current problems of infotelecommunications in science and education (APINO 2022). XI International Scientifictechnical and scientific-methodical Conference. St. Petersburg, 2022; 49-54 (In Russ)

14. Methodological recommendations Categorization of objects of critical information infrastructure. STEP LOGIC LLC. URL: https://step.ru/news/?code=2046 (accessed 02/15/2024). (In Russ)

15. Website of Orenburg State University. [electronic resource]. URL: http://www.osu.ru/doc/5419 - 02/15/2024 (accessed 02/02/2024). (In Russ)

16. Kharlanov R.L. The legal foundations of ensuring the security of critical information infrastructure in Russia. Modern science: Actual problems of theory and practice. Series: Economics and Law, 2022; 3-2:98-103 (In Russ)

17. Kotov A.A., Kurinnaya V.S., Shlykov M.S. Algorithm for categorizing objects of critical information infrastructure. REDS: Telecommunication devices and systems. 2018; 8(4):34-37 (In Russ)

18. Sidak A.A., Kornienko A.A., Glukhova V.A. Categorization and assessment of the importance of objects of critical information infrastructure of railway transport. Dual technologies. 2019; 1 (86):88-93. (In Russ)

19. Soldatov A.Yu., Soldatov E.Yu., Skorikov V.S. University as an object of critical information infrastructure. INTER EXPO GEO SIBERIA, 2022; 7( 2): 93-96 (In Russ)

20. Mazepin P.S., Grishin N.A., Bocharov M.V. Approach to categorization of higher educational institutions within the framework of categorization of objects of critical information infrastructure. Innovations. Science. Education. 2021;34:879-883 (In Russ)

21. Zakoldaev D.A., Shved V.G., Kopyrulina O.A. Automation of categorization processes of objects of critical information infrastructure. Information protection. Inside, 2021; 3 (99):37-43 (In Russ)