3 research outputs found
ΠΠ΅ΡΠΎΠ΄ ΠΎΡΠ΅Π½ΠΈΠ²Π°Π½ΠΈΡ Π±Π΅Π·ΠΎΠΏΠ°ΡΠ½ΠΎΡΡΠΈ ΠΎΠ±Π»Π°ΡΠ½ΡΡ ΠΠ’-ΠΊΠΎΠΌΠΏΠΎΠ½Π΅Π½Ρ ΠΏΠΎ ΠΊΡΠΈΡΠ΅ΡΠΈΡΠΌ ΡΡΡΠ΅ΡΡΠ²ΡΡΡΠΈΡ ΡΡΠ°Π½Π΄Π°ΡΡΠΎΠ²
ΠΡΠΈΠ²ΠΎΠ΄ΠΈΡΡΡ Π°Π½Π°Π»ΠΈΠ· ΠΈΠ·Π²Π΅ΡΡΠ½ΡΡ
ΠΌΠ΅ΡΠΎΠ΄ΠΎΠ² ΠΎΠ±Π΅ΡΠΏΠ΅ΡΠ΅Π½ΠΈΡ ΠΈΠ½ΡΠΎΡΠΌΠ°ΡΠΈΠΎΠ½Π½ΠΎΠΉ Π±Π΅Π·ΠΎΠΏΠ°ΡΠ½ΠΎΡΡΠΈ, ΡΠ°ΡΡΠΌΠ°ΡΡΠΈΠ²Π°ΡΡΡΡ ΠΌΠ΅ΡΠΎΠ΄Ρ ΠΎΡΠ΅Π½ΠΈΠ²Π°Π½ΠΈΡ Π±Π΅Π·ΠΎΠΏΠ°ΡΠ½ΠΎΡΡΠΈ ΠΊΠ°ΠΊ ΠΎΡΠ΄Π΅Π»ΡΠ½ΡΡ
ΠΠ’-ΠΊΠΎΠΌΠΏΠΎΠ½Π΅Π½Ρ, ΡΠ°ΠΊ ΠΈ ΠΎΠ±Π»Π°ΡΠ½ΡΡ
ΡΠ΅ΡΠ²ΠΈΡΠΎΠ² Π² ΡΠ΅Π»ΠΎΠΌ.
ΠΡΠ΅Π΄ΠΏΡΠΈΠ½ΡΡΠ° ΠΏΠΎΠΏΡΡΠΊΠ° ΠΏΡΠΎΠ°Π½Π°Π»ΠΈΠ·ΠΈΡΠΎΠ²Π°ΡΡ ΠΎΠ±Π»Π°ΡΠ½ΡΠ΅ ΡΠ΅ΡΠ²ΠΈΡΡ Π½Π΅ Ρ ΠΏΠΎΠ·ΠΈΡΠΈΠΈ ΠΊΠΎΠΌΠΌΠ΅ΡΡΠ΅ΡΠΊΠΈ ΡΡΠΏΠ΅ΡΠ½ΠΎΠ³ΠΎ ΠΈ ΠΏΠΎΠΏΡΠ»ΡΡΠ½ΠΎΠ³ΠΎ ΠΌΠ°ΡΠΊΠ΅ΡΠΈΠ½Π³ΠΎΠ²ΠΎΠ³ΠΎ ΠΏΡΠΎΠ΄ΡΠΊΡΠ°, Π° Ρ ΠΏΠΎΠ·ΠΈΡΠΈΠΈ ΡΠΈΡΡΠ΅ΠΌΠ½ΠΎΠ³ΠΎ Π°Π½Π°Π»ΠΈΠ·Π°. ΠΠ²Π΅Π΄Π΅Π½Π½ΡΠΉ ΡΠ°Π½Π΅Π΅ ΠΏΠΎΡΡΠ΄ΠΎΠΊ ΠΎΡΠ΅Π½ΠΈΠ²Π°Π½ΠΈΡ ΠΠ’-ΠΊΠΎΠΌΠΏΠΎΠ½Π΅Π½Ρ Π½Π΅ΡΡΠ°Π±ΠΈΠ»Π΅Π½, ΠΏΠΎΡΠΊΠΎΠ»ΡΠΊΡ Ρ ΠΊΠΎΠ½Π΅ΡΠ½ΠΎΠ³ΠΎ ΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΠ΅Π»Ρ Π½Π΅Ρ 100% Π³Π°ΡΠ°Π½ΡΠΈΠΈ Π΄ΠΎΡΡΡΠΏΠ° ΠΊΠΎ Π²ΡΠ΅ΠΌ ΠΠ’-ΠΊΠΎΠΌΠΏΠΎΠ½Π΅Π½ΡΠ°ΠΌ, Π° ΡΠ΅ΠΌ Π±ΠΎΠ»Π΅Π΅ ΠΊ ΠΊΠΎΠΌΠΏΠΎΠ½Π΅Π½ΡΠ°ΠΌ ΡΠ΄Π°Π»Π΅Π½Π½ΠΎΠ³ΠΎ ΠΈ Π½Π΅ΠΏΠΎΠ΄ΠΊΠΎΠ½ΡΡΠΎΠ»ΡΠ½ΠΎΠ³ΠΎ ΠΎΠ±Π»Π°ΡΠ½ΠΎΠ³ΠΎ ΡΠ΅ΡΠ²ΠΈΡΠ°. Π ΡΡΠ΄Π΅ ΠΎΠ±Π·ΠΎΡΠΎΠ² ΠΎΡΠΌΠ΅ΡΠ°Π΅ΡΡΡ ΡΠΎΡΡ ΡΡΠΈΠ»ΠΈΠΉ ΠΏΠΎ ΡΠΎΠ·Π΄Π°Π½ΠΈΡ ΡΠ΅ΡΠ΅Π²ΠΎΠΉ Π±Π΅Π·ΠΎΠΏΠ°ΡΠ½ΠΎΠΉ Π°ΡΡ
ΠΈΡΠ΅ΠΊΡΡΡΡ ΠΈ ΠΏΠΎ ΠΎΠ±Π΅ΡΠΏΠ΅ΡΠ΅Π½ΠΈΡ Π½Π΅ΠΏΡΠ΅ΡΡΠ²Π½ΠΎΠ³ΠΎ ΠΊΠΎΠ½ΡΡΠΎΠ»Ρ ΠΎΡΠΊΠ»ΠΎΠ½Π΅Π½ΠΈΠΉ ΠΎΡ ΡΡΡΠ°Π½ΠΎΠ²Π»Π΅Π½Π½ΡΡ
Π±ΠΈΠ·Π½Π΅Ρ-ΡΠ΅Π»Π΅ΠΉ. Π ΠΎΡΠ»ΠΈΡΠΈΠ΅ ΠΎΡ ΠΌΠΎΠ΄Π΅Π»Π΅ΠΉ Zero Trust ΠΈ Zero Trust eXtended, ΡΠΎΠ³Π»Π°ΡΠ½ΠΎ ΠΊΠΎΡΠΎΡΡΠΌ Π½Π° ΡΡΡΠ΅ΡΡΠ²ΡΡΡΠΈΠ΅ ΠΠ’-ΠΊΠΎΠΌΠΏΠΎΠ½Π΅Π½ΡΡ Π½Π°ΠΊΠ»Π°Π΄ΡΠ²Π°ΡΡΡΡ Π΄ΠΎΠΏΠΎΠ»Π½ΠΈΡΠ΅Π»ΡΠ½ΡΠ΅ ΡΡΠ½ΠΊΡΠΈΠΈ Π±Π΅Π·ΠΎΠΏΠ°ΡΠ½ΠΎΡΡΠΈ, ΠΏΡΠ΅Π΄Π»Π°Π³Π°Π΅ΡΡΡ ΡΠ°ΡΡΠΌΠ°ΡΡΠΈΠ²Π°ΡΡ ΡΠΎΠ²ΠΎΠΊΡΠΏΠ½ΠΎΡΡΡ ΠΠ’-ΠΊΠΎΠΌΠΏΠΎΠ½Π΅Π½Ρ ΠΊΠ°ΠΊ Π½ΠΎΠ²ΡΡ ΡΡΡΠ½ΠΎΡΡΡ β ΡΠΈΡΡΠ΅ΠΌΡ ΠΎΠ±ΡΠ°Π±ΠΎΡΠΊΠΈ ΠΈΠ½ΡΠΎΡΠΌΠ°ΡΠΈΠΈ. ΠΡΠΎ ΠΏΠΎΠ·Π²ΠΎΠ»ΠΈΡ ΠΏΠ΅ΡΠ΅ΠΉΡΠΈ ΠΊ ΡΠΎΡΠΌΠ°Π»ΡΠ½ΡΠΌ ΠΏΡΠΎΡΠ΅ΡΡΠ°ΠΌ ΠΎΡΠ΅Π½ΠΈΠ²Π°Π½ΠΈΡ ΡΡΠ΅ΠΏΠ΅Π½ΠΈ ΡΠΎΠΎΡΠ²Π΅ΡΡΡΠ²ΠΈΡ ΠΏΠΎ ΠΊΡΠΈΡΠ΅ΡΠΈΡΠΌ ΡΡΠ°Π½Π΄Π°ΡΡΠΎΠ² ΠΊΠ°ΠΊ Π΄Π»Ρ ΡΡΡΠ΅ΡΡΠ²ΡΡΡΠΈΡ
, ΡΠ°ΠΊ ΠΈ Π΄Π»Ρ ΠΏΠ΅ΡΡΠΏΠ΅ΠΊΡΠΈΠ²Π½ΡΡ
ΠΠ’-ΠΊΠΎΠΌΠΏΠΎΠ½Π΅Π½Ρ ΠΏΡΠΈ ΠΎΠ±Π΅ΡΠΏΠ΅ΡΠ΅Π½ΠΈΠΈ Π±Π΅Π·ΠΎΠΏΠ°ΡΠ½ΠΎΡΡΠΈ ΠΎΠ±Π»Π°ΡΠ½ΡΡ
ΡΠ΅ΡΠ²ΠΈΡΠΎΠ².
ΠΡΠ΅Π΄Π»ΠΎΠΆΠ΅Π½ Π½ΠΎΠ²ΡΠΉ ΠΌΠ΅ΡΠΎΠ΄ ΠΎΡΠ΅Π½ΠΈΠ²Π°Π½ΠΈΡ Π½Π° Π±Π°Π·Π΅ ΡΠ°Π½Π΅Π΅ ΡΠ°Π·ΡΠ°Π±ΠΎΡΠ°Π½Π½ΠΎΠΉ Π³ΠΈΠ±ΡΠΈΠ΄Π½ΠΎΠΉ ΠΌΠ΅ΡΠΎΠ΄ΠΈΠΊΠΈ Ρ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°Π½ΠΈΠ΅ΠΌ ΡΠΎΡΠΌΠ°Π»ΡΠ½ΡΡ
ΠΏΡΠΎΡΠ΅Π΄ΡΡ, ΠΎΡΠ½ΠΎΠ²Π°Π½Π½ΡΡ
Π½Π° Π΄Π²ΡΡ
ΡΠΈΡΡΠ΅ΠΌΠ°Ρ
ΠΊΡΠΈΡΠ΅ΡΠΈΠ΅Π² β ΠΎΡΠ΅Π½ΠΈΠ²Π°Π½ΠΈΠΈ ΡΡΠ΅ΠΏΠ΅Π½ΠΈ ΡΠΎΠΎΡΠ²Π΅ΡΡΡΠ²ΠΈΡ ΡΠΈΡΡΠ΅ΠΌ ΠΌΠ΅Π½Π΅Π΄ΠΆΠΌΠ΅Π½ΡΠ° (Π½Π° Π±Π°Π·Π΅ ΠΠ‘Π/ΠΠΠ ΡΠ΅ΡΠΈΠΈ 27001) ΠΈ ΠΎΡΠ΅Π½ΠΈΠ²Π°Π½ΠΈΠΈ ΡΡΠ΅Π±ΠΎΠ²Π°Π½ΠΈΠΉ ΡΡΠ½ΠΊΡΠΈΠΎΠ½Π°Π»ΡΠ½ΠΎΠΉ Π±Π΅Π·ΠΎΠΏΠ°ΡΠ½ΠΎΡΡΠΈ (Π½Π° Π±Π°Π·Π΅ ΠΠΠ ΡΠ΅ΡΠΈΠΈ 61508 ΠΈ ΠΠ‘Π/ΠΠΠ ΡΠ΅ΡΠΈΠΈ 15408). ΠΡΠΎΡ ΠΌΠ΅ΡΠΎΠ΄ Π΄Π°Π΅Ρ Π²ΠΎΡΠΏΡΠΎΠΈΠ·Π²ΠΎΠ΄ΠΈΠΌΡΠ΅ ΠΈ ΠΎΠ±ΡΠ΅ΠΊΡΠΈΠ²Π½ΡΠ΅ ΠΎΡΠ΅Π½ΠΊΠΈ ΡΠΈΡΠΊΠΎΠ² Π±Π΅Π·ΠΎΠΏΠ°ΡΠ½ΠΎΡΡΠΈ ΠΎΠ±Π»Π°ΡΠ½ΡΡ
ΠΠ’-ΠΊΠΎΠΌΠΏΠΎΠ½Π΅Π½Ρ, ΠΊΠΎΡΠΎΡΡΠ΅ ΠΌΠΎΠ³ΡΡ Π±ΡΡΡ ΠΏΡΠ΅Π΄ΡΡΠ²Π»Π΅Π½Ρ Π΄Π»Ρ ΠΏΡΠΎΠ²Π΅ΡΠΊΠΈ Π½Π΅Π·Π°Π²ΠΈΡΠΈΠΌΠΎΠΉ Π³ΡΡΠΏΠΏΠ΅ ΠΎΡΠ΅Π½ΡΠΈΠΊΠΎΠ². ΠΠΎΠ»ΡΡΠ΅Π½Π½ΡΠ΅ ΡΠ΅Π·ΡΠ»ΡΡΠ°ΡΡ Π²ΠΎΠ·ΠΌΠΎΠΆΠ½ΠΎ ΠΏΡΠΈΠΌΠ΅Π½ΠΈΡΡ Π΄Π»Ρ Π·Π°ΡΠΈΡΡ ΠΎΠ±ΡΠ΅ΠΊΡΠΎΠ² ΠΊΡΠΈΡΠΈΡΠ΅ΡΠΊΠΎΠΉ ΠΈΠ½ΡΠΎΡΠΌΠ°ΡΠΈΠΎΠ½Π½ΠΎΠΉ ΠΈΠ½ΡΡΠ°ΡΡΡΡΠΊΡΡΡ
The optimization method of the integrated management system security audit
Nowadays the application of integrated management systems (IMS) attracts the attention of top management from various organizations. However, there is an important problem of running the security audits in IMS and realization of complex checks of different ISO standards in full scale with the essential reducing of available resources
An analysis of methods for assessing information security risks of financial institutions
The paper presents an analysis of the existing methods for assessing information security risks, their features, advantages and disadvantages, as well as determines the possibility of using such techniques for assessing information security risks in financial institutions. Criteria for comparing information security risk assessment methods have been formed,
the advantages and disadvantages of the methods are described. It is shown that, despite the requirements of regulators for assessing information security risks, most of the regulatory documents deal with operational risks. The evaluation of information security risks of credit and financial institutions does not have sufficient regulation and formalization. The authors substantiate the necessity of developing a method for assessing information security risks for credit and financial organizations, taking into account the features of risk assessment inherent to the mentioned organizations. The paper considers the need to create lists of existing threats to the credit and financial sector and their linking to existing vulnerabilities to optimize the process of assessing information security risks. The development of a methodology for
assessing information security risks will increase the degree of compliance of credit and financial institutions with the requirements of international, state and industry standards through an optimal set of protection measures and models for evaluating information security risks