COMPUTER SCIENCE, COMPUTER ENGINEERING AND MANAGEMENT METHODICAL APPROACH TO EVALUATING THE PROBABILISTIC TIME PERFORMANCE INDICATOR OF AUTOMATED ADMINISTRATOR OPERATIONS IN INFORMATION PROTECTION SYSTEMS

Objectives At present, in accordance with the requirements of the guiding documents of the Federal Service for Technical and Export Control (FSTEC) of Russia, as well as international standards in the development and operation of protected automated systems, it is necessary to evaluate the effectiveness (general utility) of information protection systems. The article is devoted to the development of a method for assessing the ergotechnical characteristics of software information security systems for use the assessment of the general utility of such systems. The aim of the work is to develop a methodology for assessing the probabilistic indicator of the timeliness of typical operations for the administration of information security systems.

Method To achieve this goal, user groups were created in order to perform typical administrative operations within the information protection system. The operation time for each group, recorded using the IOGraphV1.0.1 tool, was utilised to calculate the probabilities of timely execution of typical operations by the administrator according to a truncated normal distribution formula.

Results An assessment of a probabilistic indicator was carried out in order to evaluate the timeliness of operations performed by the administrator of the information protection system.

Conclusion The results can be used in a comprehensive assessment of the effectiveness (reliability) of the automated functioning of information security software systems when modelling and analysing the security of special-purpose informatisation facilities.

1. Ob informatsii, informatsionnykh tekhnologiyakh i o zashchite informatsii: federal'nyy zakon ot 27.07.2006 № 149-FZ (v red. ot 19.12.2016) // SPS «Konsul'tant Plyus». [On information, information technology and information protection: Federal Law of July 27, 2006 No. 149-FZ (as amended on December 19, 2016) // ATP “Consultant Plus”. (In Russ)]

2. Ob utverzhdenii Kontseptsii obespecheniya informatsionnoy bezopasnosti organov vnutrennikh del Rossiyskoy Federatsii do 2020 goda : prikaz MVD Rossii ot 14.03.2012 №169 [Elektronnyy resurs]. – URL: http://policemagazine.ru/forum/showthread.php?t=3663. [On approval of the Concept of ensuring information security of the internal affairs bodies of the Russian Federation until 2020: Order of the Ministry of Internal Affairs of Russia dated 14.03.2012 No. 169 [Electronic resource]. - URL: http://policemagazine.ru/forum/showthread.php?t=3663. (In Russ)]

3. [FSTEC of the Russian Federation. Guidance document. Computer facilities. Protection against unauthorized access to information. Indicators of security against unauthorized access to information [Electronic resource]. - URL: http://fstec.ru/tekhnicheskaya-zashchita-informatsii/dokumenty/114-spetsialnye-normativnyedokumenty/383-rukovodyashchij-dokument-reshenie-predsedatelya-gostekhkomissii-rossii-ot-25-iyuly . (In Russ)]

4. FSTEK RF. Rukovodyashchiy dokument. Sredstva vychislitel'noy tekhniki. Zashchita ot nesanktsionirovannogo dostupa k informatsii. Pokazateli zashchishchennosti ot nesanktsionirovannogo dostupa k informatsii [Elektronnyy resurs]. – URL: http://fstec.ru/tekhnicheskaya-zashchita-informatsii/dokumenty/114-spetsialnye-normativnyedokumenty/383-rukovodyashchij-dokument-reshenie-predsedatelya-gostekhkomissii-rossii-ot-25-iyulya-1997-g. [FSTEC of the Russian Federation. Guidance document. Automated systems. Protection against unauthorized access to information. Classification of automated systems and information protection requirements. - Moscow: Military Publishing House, 1992. (In Russ)]

5. Ob utverzhdenii trebovaniy k zashchite personal'nykh dannykh pri ikh obrabotke v informatsionnykh sistemakh personal'nykh dannykh : postanovleniye Pravitel'stva RF ot 01.11.2012 N 1119 // SPS «Konsul'tantPlyus». [On approval of requirements for the protection of personal data during their processing in personal data information systems: Decree of the Government of the Russian Federation of 01.11.2012 N 1119 // ATP “Consultant Plus”. (In Russ)]

6. Ob utverzhdenii sostava i soderzhaniya organizatsionnykh i tekhnicheskikh mer po obespecheniyu bezopasnosti personal'nykh dannykh pri ikh obrabotke v informatsionnykh sistemakh personal'nykh dannykh : prikaz FSTEK Rossii ot 18.02.2013 № 21 // SPS «Konsul'tantPlyus». [On approval of the composition and content of organizational and technical measures to ensure the security of personal data when they are processed in personal data information systems: Order of the FSTEC of Russia dated February 18, 2013 No. 21 // ATP “Consultant Plus”.(In Russ)]

7. GOST R ISO/MEK 15408-2-2013. Informatsionnaya tekhnologiya. Metody i sredstva obespecheniya bezopasnosti. Kriterii otsenki bezopasnosti informatsionnykh tekhnologiy. CH. 2 : Funktsional'nyye komponenty bezopasnosti. – Vved. 2013-11-08. – [Elektronnyy resurs]. – URL: https://files.stroyinf.ru/Data2/1/4293774/4293774728.pdf. [GOST R ISO / IEC 15408-2-2013. Information technology. Security methods and tools. Criteria for assessing the security of information technology. Part 2: Functional safety components. - Enter. 2013-11-08. - [Electronic resource]. - URL: https://files.stroyinf.ru/Data2/1/4293774/4293774728.pdf. (In Russ)]

8. ISO/IEC 17000:2004. Otsenka sootvetstviya. Slovar' i obshchiye printsipy. – Vved. 2001-11-01. – [Elektronnyy resurs]. – URL: https://pqm-online.com/assets/files/lib/std/iso_17000-2004.pdf. [ISO / IEC 17000: 2004. Conformity assessment. Vocabulary and general principles. - Enter. 2001-11-01. - [Electronic resource]. - URL: https://pqm-online.com/assets/files/lib/std/iso_17000-2004.pdf. (In Russ)]

9. GOST 28806-89. Kachestvo programmnykh sredstv. Terminy i opredeleniya. – Vved. 1990-12-25. – [Elektronnyy resurs]. – URL: http://www.kimmeria.nw.ru/standart/glosys/gost_28806_90.pdf. [GOST 28806-89. The quality of software. Terms and Definitions. - Enter. 1990-12-25. - [Electronic resource]. - URL: http://www.kimmeria.nw.ru/standart/glosys/gost_28806_90.pdf. (In Russ)]

10. GOST 28195-89. Otsenka kachestva programmnykh sredstv. Obshchiye polozheniya. – Vved. 1989-07-28. – Moskva : Gosstandart SSSR. 1990 g. – 15 s. [GOST 28195-89. Software quality assessment. General Provisions - Enter. 1989-07-28. - Moscow: Gosstandart of the USSR. 1990. 15 p. (In Russ)]

11. GOST R ISO/MEK 9126-93. Informatsionnaya tekhnologiya. Otsenka programmnoy produktsii. Kharakteristiki kachestva i rukovodstva po ikh primeneniyu. – Vved. 1993-12-28. – [Elektronnyy resurs]. – URL: http:// http://docs.cntd.ru/document/gost-r-iso-mek-9126-93. [GOST R ISO / IEC 9126-93. Information technology. Evaluation of software products. Quality characteristics and guidelines for their use. - Enter. 1993-12-28. [Electronic resource]. URL: http: // http://docs.cntd.ru/document/gost-r-iso-mek-9126-93. (In Russ)]

12. Kadnova A.M. Sistema pokazateley kachestva funktsionirovaniya pri sozdanii sistemy informatsionnoy bezopasnosti na ob"yekte informatizatsii OVD / A.M. Kadnova, O.I. Bokova, Ye.A. Rogozin, A.S. Serpilin // Pribory i sistemy. Upravleniye, kontrol', diagnostika. – 2019. – №1. – S. 32–39. [Кadnova A.M. The system of indicators of the quality of functioning when creating an information security system at the ATS informatization facility / A. Kadnova, O.I. Bokova, E.A. Rogozin, A.S. Serpilin // Devices and Systems. Management, control, diagnostics. 2019. No. 1. рр. 32–39. (In Russ)]

13. Druzhinin G.V. Nadezhnost' avtomatizirovannykh sistem // G.V. Druzhinin. – Moskva : Energiya, 1977. – 536 s. [Druzhinin G.V. Reliability of automated systems // G.V. Druzhinin. Moscow: Energy, 1977. 536 p.

14. Sistema zashchity informatsii «Strazh NT 3.0». Rukovodstvo administratora [Elektronnyy resurs]. – URL: https://www.guardnt.ru/doc/gnt_30_admin_guide.pdf [The information security system "Guard NT 3.0". Administrator Guide [Electronic resource]. URL: https://www.guardnt.ru/doc/gnt_30_admin_guide.pdf(In Russ)]

15. Kadnova A.M. Imitatsionnaya model' funktsionirovaniya sistemy zashchity informatsii ot nesanktsionirovannogo dostupa «Strazh NT» v programmnoy srede «CPN Tools» s tsel'yu issledovaniya yeye vremennykh kharakteristik / A.M. Kadnova, Ye.A. Rogozin, YU.S. Lunov, A.D. Popov // Okhrana, bezopasnost', svyaz' – 2018 : materialy mezhdunarodnoy nauchno-prakticheskoy konferentsii. T 3. № 4(4). Voronezh : VI MVD Rossii, 2019. S. 78–81. [Kadnova A.M. A simulation model of the operation of the information protection system against unauthorized access "Guard NT" in the Software environment "CPN Tools" in order to study its temporal characteristics / A.M. Kadnova, E.A. Rogozin, Yu.S. Lunev, A.D. Popov // Protection, Security, Communication. 2018: materials of the international scientific and practical conference. Vol 3. No. 4 (4). Voronezh: VI Ministry of Internal Affairs of Russia, 2019. рр. 78–81 (In Russ)]