METHODOLOGY FOR DEVELOPMENT INFORMATION SECURITY MANAGEMENT SYSTEMS

Authors

DOI:

https://doi.org/10.18372/2410-7840.23.16766

Keywords:

information security management system, development methodology, information security management system quality, architecture functional suitability, system approach, model-based systems engineering, systems modeling language

Abstract

The construction of information security management systems as a proactive measure of preserving confidentiality, integrity, and availability of information is investigated. It is shown that a precondition for its implementation in organizations is the definition of external and internal conditions. Primarily, this concerns the establishment of boundaries for the construction of information security management systems, interactions with other systems and/or organizations. In addition, external and internal stakeholders, their needs, expectations, and constraints are identified. This confirms the relevance and necessity of developing a methodology for development information security management systems. According to the analysis of recent studies and publications, characteristic limitations for them have been established. They have been overcome by considering the technical processes of the information security management systems lifecycle. Therefore, the development of information security management systems is reduced to requirements analysis, function analysis, architecture synthesis. It is proposed to establish its compliance with the needs, expectations, and constraints of stakeholders by synthesizing behavior. Given this, it is proposed to evaluate the quality of the synthesized architecture by functional suitability. This choice is primarily due to its compliance with the ISO/IEC 27k series of international standards and, as a result, the ability to assess the degree of needs satisfaction, expectations, stakeholder’s restrictions by implementing information security management systems functions on a synthesized version of the architecture in organizations. The formulated tasks are performed based on the use of a developed model-oriented system approach. Therefore, the developed methodology for development information security management systems is implemented in five stages: requirements analysis, function analysis, architecture synthesis, behavior synthesis, and evaluation of the synthesized architecture functional suitability. This will ensure that stakeholders fulfill their needs, expectations, restrictions on maintaining the confidentiality, integrity, and accessibility of information in organizations. In addition, it will be possible to synthesize alternative architecture options and choose among them the best in the design of information security management systems.

Downloads

Published

2022-08-01

How to Cite

Mokhor, V., & Tsurkan, V. (2022). METHODOLOGY FOR DEVELOPMENT INFORMATION SECURITY MANAGEMENT SYSTEMS. Ukrainian Information Security Research Journal, 23(4), 200–211. https://doi.org/10.18372/2410-7840.23.16766

Issue

Vol. 23 No. 4 (2021): Information security

Section

Articles

License

The scientific journal adheres to the principles of Open Access and provides free, immediate, and permanent access to all published materials without financial, technical, or legal barriers for readers.

All articles are published in Open Access under the Creative Commons Attribution 4.0 International (CC BY 4.0) license.

Copyright

Authors who publish their works in the journal:

  • retain the copyright to their publications;

  • grant the journal the right of first publication of the article;

  • agree to the distribution of their materials under the CC BY 4.0 license;

  • have the right to reuse, archive, and distribute their works (including in institutional and subject repositories), provided that proper reference is made to the original publication in the journal.