STUDY OF THE POSSIBILITY OF IMPROVING

THE EFFICIENCY OF THE CERTIFICATION

PROCESS OF THE INFORMATION OBJECT

Alina E. Vanteeva

Information Security Engineer of the 2nd category,

Department of Information Security,

Information Technology Center of Volgograd Region
This email address is being protected from spambots. You need JavaScript enabled to view it.
Vitimskaya St, 15A, 400012 Volgograd, Russian Federation

Tatiana A. Omelchenko

Senior Lecturer, Department of Information Security,
Volgograd State University
This email address is being protected from spambots. You need JavaScript enabled to view it.
Prosp. Universitetsky, 100, 400062 Volgograd, Russian Federation

Arina V. Nikishova

Candidate of Sciences (Engineering), Associate Professor,

Department of Information Security,

Volgograd State University
This email address is being protected from spambots. You need JavaScript enabled to view it.
Prosp. Universitetsky, 100, 400062 Volgograd, Russian Federation

Abstract. Attestation of information objects (IO) is an important stage in the implementation 
of information protection system at enterprise, organization or state body. In essence, attestation 
is a set of measures carried out at the IO to check the reliability of the implemented information 
protection system, as a result of which compliance with certain requirements of the state regulator 
in the field of technical information protection (FSTEC of Russia) is confirmed. The attestation process 
is necessary as a stage preceding the beginning of processing of the protected information, which 
provides for comprehensive (certification) tests of the protected IO in order to assess them. Such 
assessment is carried out in terms of compliance of the set of means and security measures used in 
IO to the put forward level of protection and should be carried out under real operating conditions of 
the system. The “Certificate of Conformity” obtained as a result of attestation gives the right to processes
of information processing with the established level of confidentiality for the period specified in the 
certificate. This work examines various aspects of attestation of information object, the structure of attestation 
tests, legal framework, and organizational issues. The basic stages of attestation tests, and a list of necessary 
reporting documentation formed at various stages of tests are allocated. The concept of evaluation of attestation 
tests’ efficiency is considered and the question of the approach’s realization to increase the efficiency of information 
object’s attestation of information security requirements is raised.

Key words: attestation, information objects, OI, automation, efficiency.

This work is licensed under a Creative Commons Attribution 4.0 International License.

Attachments:

1_Vanteeva etc.pdf URL: https://ti.jvolsu.com/index.php/en/component/attachments/download/799

156 Downloads