STUDY OF THE POSSIBILITY OF IMPROVING
THE EFFICIENCY OF THE CERTIFICATION
PROCESS OF THE INFORMATION OBJECT
Alina E. Vanteeva
Information Security Engineer of the 2nd category,
Department of Information Security,
Information Technology Center of Volgograd Region
This email address is being protected from spambots. You need JavaScript enabled to view it.
Vitimskaya St, 15A, 400012 Volgograd, Russian Federation
Tatiana A. Omelchenko
Senior Lecturer, Department of Information Security,
Volgograd State University
This email address is being protected from spambots. You need JavaScript enabled to view it.
Prosp. Universitetsky, 100, 400062 Volgograd, Russian Federation
Arina V. Nikishova
Candidate of Sciences (Engineering), Associate Professor,
Department of Information Security,
Volgograd State University
This email address is being protected from spambots. You need JavaScript enabled to view it.
Prosp. Universitetsky, 100, 400062 Volgograd, Russian Federation
Abstract. Attestation of information objects (IO) is an important stage in the implementation
of information protection system at enterprise, organization or state body. In essence, attestation
is a set of measures carried out at the IO to check the reliability of the implemented information
protection system, as a result of which compliance with certain requirements of the state regulator
in the field of technical information protection (FSTEC of Russia) is confirmed. The attestation process
is necessary as a stage preceding the beginning of processing of the protected information, which
provides for comprehensive (certification) tests of the protected IO in order to assess them. Such
assessment is carried out in terms of compliance of the set of means and security measures used in
IO to the put forward level of protection and should be carried out under real operating conditions of
the system. The “Certificate of Conformity” obtained as a result of attestation gives the right to processes
of information processing with the established level of confidentiality for the period specified in the
certificate. This work examines various aspects of attestation of information object, the structure of attestation
tests, legal framework, and organizational issues. The basic stages of attestation tests, and a list of necessary
reporting documentation formed at various stages of tests are allocated. The concept of evaluation of attestation
tests’ efficiency is considered and the question of the approach’s realization to increase the efficiency of information
object’s attestation of information security requirements is raised.
Key words: attestation, information objects, OI, automation, efficiency.
This work is licensed under a Creative Commons Attribution 4.0 International License.
Attachments:
1_Vanteeva etc.pdf URL: https://ti.jvolsu.com/index.php/en/component/attachments/download/799 | 232 Downloads | |