CASPIAN JOURNAL
MANAGEMENT AND HIGH TECHNOLOGIES
“1С” Firm partner's information system upgrade to increase organization's information security level
 |
Read | Romanova Oksana M., Chestnov Aleksey A. “1С” Firm partner's information system upgrade to increase organization's information security level // Caspian journal : management and high technologies. — 2018. — №1. — pp. 173-184. |
/173-184.jpg)
Romanova Oksana M. - Post-graduate student, Assistant, Astrakhan State University, 20a Tatishchev St., Astrakhan, 414056, Russian Federation, chobitoksana@mail.ru
Chestnov Aleksey A. - Student, Astrakhan State University, 20a Tatishchev St., Astrakhan, 414056, Russian Federation, hydroman7eve@mail.ru
The article shows the relevance of the solving the task of “1C” firm partner's information system upgrade to increase organization's information security level. The authors substantiated the necessity to choose the method, which allows evaluating the compliance of “1C” firm partner's information system composition and structure with information security requirements. The paper outlines existing approaches for solving the task of evaluating “1C” firm partner's information security composition and structure. They include CRAMM, FRAP, OCTAVE methods etc. The authors point out their main advantages and disadvantages. The paper makes a presentation of a method of evaluation of the information security of an information system that is free of the disadvantages. This method is part of general IS quality assessment methodology called “Revizor”. The authors describe main strategies of this method. It is reasonable that this method requires adaptation to specific characteristics of organization IS, so the authors dwell on the characteristics of the organization under consideration. To adapt the method the authors analyze the IS data flow diagram titled “Handling of the customers’ orders”, exemplifying organization’s activity on implementation of a new project and showing interrelations of information flows. They organized an expert commission to make adjustments of the method for the implementation for the considered organization to make it compatible with the recommendations cited in FSTEK draft method on defining security threats to information system. This commission solves the following tasks: defining the object composition of fuzzy cognitive models, building a knowledge base that describes the influence of damaged elements of information system on the performance of information security services by employing fuzzy production rules and forming input data for “Revizor” method. In particular, expert commission have defined information security facilities variety, information system’s threats variety, information system’s vulnerabilities variety, attacks and damage variety. Then experts have evaluated information system composition, structure and level of its information security. They assessed current information security level as “High”, event-forecasting level as “Middle”, level of confidentiality service provision as “Middle” (commonality index for fuzzy numbers is 1.0), level of integrity service provision as “Middle” (commonality index is 0.9), level of fidelity service provision as “Middle” (commonality index is 0.8). The assessment serves as a basis for developing and implementing recommendations on information system composition and structure modernization. These recommendations have resulted in the following decisions: software for protected inside local chat, SFTP server with secured connection and dedicated mailbox server.
Key words: информационная система, information system, information security, evaluation methods, 1C, partner firm, risk structure, risk assessments, concept variety, linguistic variable, fuzzy cognitive modeling, “Revizor” method, information system upgrade, информа