Questions for improving normative legal regulation for the establishment of complex systems for protection of information in information systems and application of the NATO country experience
DOI: 10.31673/2409-7292.2018.030610
DOI:
https://doi.org/10.31673/2409-7292.2018.030610Abstract
The article considers the necessity of improving regulatory and legal regulation in the creation and implementation of integrated information security systems in information systems using the provisions of NATO standards. The emphasis is on the processes of creating, implementing and further supporting information security systems, searching for standardized requirements in accordance with the needs of each individual situation. It is proposed to develop and adopt new or to amend normative legal acts in the field of technical protection of information, in particular - the implementation of certain provisions of NATO standards relating to the connection of operational networks with different variants of their combination. The necessity of establishing a system of interaction between different communication networks, which could be used by all state structures that protect the national interests and use information systems, is considered. The emphasis is placed on the necessity of creating a central industry standard document, previously agreed with certain existing regulatory documents in the field of technical protection of information, which would include the reference to other documents during the construction of the information security system. It is also proposed to use additional definitions of functional security profiles when developing sectoral regulations. This approach will unify the processes of creation, implementation and further support of security systems, quickly find standardized requirements in accordance with the needs of each individual situation.
Keywords: NATO Standards, Integrated Information Security Systems, Information Security, Information Systems, Central Industry Standard.
References
1. STANAG 5067 C3B (Standard For Interconnection Of Іpv4 Networks At Mission Secret And Unclassified Security Levels).
2. Стандарт для оцінки відповідності даної системи вимогам безпеки, за основу для якого взяти AC/322D(2014)0008-FINAL Consultation, Command And Control (C3) Board.
3. ISO/IEC 27000 Information technology. Security techniques. Information security management systems. Overview and vocabulary та Dictionary of Military and Associated Terms. US Department of Defense 2005.
4. SP 800-53 “Рекомендовані контролі безпеки для федеральних інформаційних систем”;
5. The Information Technology Security Evaluation Criteria (ITSEC).
6. ISO 15408: Common Criteria for Information Technology Security Evaluation.
7. AC/322-D(2014)0008-FINAL Consultation, Command And Control (C3) Board.
8. AC/35-D/1021-REV3 SECURITY COMMITTEE
