Специфика обеспечения информационной безопасности в секторе малого и среднего бизнеса России
Almost all of the technologies that are now part of the cloud paradigm existed before, but so far the market has not been proposals that bring together emerging technologies in a single commercially attractive solution. However, in the last decade, there were public cloud services, through which these technologies, on the one hand, available to the developer, and on the other - it is clear to the business community. But many of the features that make cloud computing attractive, may be in conflict with traditional models of information security.
Due to the fact that cloud computing bring with them new challenges in the field of information security, it is imperative for organizations to control the process of information risk management in the cloud. In this article on the basis of Common Vulnerability Scoring System, allowing to determine the qualitative indicator of exposure to vulnerabilities of information systems, taking into account environmental factors, we propose a method of risk assessment for different types of cloud deployment environments.
Information Risk Management, determine the applicability of cloud services for the organization is impossible without understanding the context in which the organization operates and the consequences of the possible types of threats that it may face as a result of their activities. This paper proposes a risk assessment approach used in the selection of the most appropriate configuration options cloud computing environment from the point of view of safety requirements. Application of risk assessment for different types of deployment of cloud environments will reveal the ratio counter possible attacks and to correlate the amount of damage to the total cost of ownership of the entire IT infrastructure of the organization.
The direction of cloud computing protection development is considered in the article. It is suggested to consider the structure of a queuing system based on processing data centers (PDC), as the combination of six components: the hardware PDC element; telecommunication PDC resources access element; users and the software associated to them; the «middle» PDC layer, providing calculating virtualization and including control system; application services, provided by PDC as the layer of application software for guest operating systems; data storage systems, especially databases. The ways of data protection in every subsystem, the directions of necessary development and the possibility of different security levels provision are discussed in the article. According to the author, the most complicated objective is to certify access control system in modern database systems like Oracle and DB-2.
IT Platform Choice Taking Into Account Economic Characteristics
Today the demand is growing for information security experts capable of analyzing problems and making decisions in business situations that involve risk or uncertainty. These skills can be acquired through systematic studying of various information security incidents. In this paper we propose a framework of methods, tools and taxonomies for analysis of case studies in information security field. Our framework allows to study every situation in a formal rather than ad-hoc way, and apply a wide range of threat modeling, risk analysis and project management techniques under lifelike conditions. We illustrate it by providing a case study based on a real conflict situation between a free email service provider and a commercial bank.
In this paper the authors propose a new approach to teaching practical information security in higher school based on case studies. They justify its place in information security curriculum by providing an example from the experience of using the approach for BSc and MSc students of Higher School of Economics in the courses on «Technical and Organizational Aspects of Information Security and Information Security Technologies». This paper fills the gap in existing practices for teaching information security which currently lack in guidelines for designing case studies and integrating them into the curriculum.