БАГАТОРІВНЕВА БЕЗПЕКА ІНФОРМАЦІЙНИХ СИСТЕМ. MULTI-LEVEL SECURITY OF INFORMATION SYSTEMS

Abstract
Multi-level Information Security (infosec) model of Information Systems (IS) is made of three levels: external, internal and mandatory security policy. External and internal security levels are based on conception “object – threat – protection”. Among the IS external security threats: the absence of zones of authorized access, unauthorized access (UAA) in the equipment repair mode, hardware and power supply failures. To protect information on IS external level are used: access control systems, radio frequency identification systems, closed circuit television, biometric systems that provides: access control and restriction, monitoring of buildings and rooms by using workstations, usage of passwords and employees’ access sharing , biometric protection against UAA. The threats of internal IS was considered: objective, subjective, casual, purposeful. Among the casual threats to IS security: failures and malfunctions of hardware, power supply failures, sensor glitches etc. Purposeful threats are based on offender’s behavior model and lead to leakage of confidential data, its unauthorized modification and its purposeful destruction. Technologies of providing infosec on hardware and software IS levels were presented. The infosec hardware levels provides: detection of tap devices, suppression of side electromagnetic radiation and interference etc. The infosec software level provides: subject identification/authentication, encryption of information resources, detecting software taps etc. Mandatory security policy provides a high level of information protection security due to the algorithm of countering information leakage from high- access objects to low-access objects. Multi-level IS security model is universal-designed and can be modified for informatization tasks and intellectualization of public infra- structure objects in the area of providing security infosec.
Description
Keywords
інформаційна система, інформаційна безпека, багаторівнева модель, концепція "об'єкт - загроза - захист", технології, information system, information security, multi-level model, conception “object – threat – protection”, technologies
Citation