ANALYSIS OF CYBER SECURITY MANAGEMENT CONCEPTS FOR DISTRIBUTED IT INFRASTRUCTURES

  • Y. L. Ponochovniy Associate Professor, PhD. tehn. Sciences State Agrarian Academy PSA
Keywords: afety and cybersecurity; management concepts; distributed IT-infrastructures.

Abstract

The paper summarizes the current issues of security management of organi-zationally complex systems. Massive introduction of cloud technologies, the In-ternet of things (IoT), intelligent data processing systems, block chain technolo-gies is not only a fashionable trend, but also dictates the conditions for the deve- lopment of the information and communication systems industry. 

Organization, definition and classification of safety and cybersecurity ma- nagement concepts in organizationally complex systems are disclosed in the work of researchers in various industries: aviation, economic, information (cybersecu-rity), administrative, environmental and the like. The article summarizes basic principles of conceptual approaches to safety and cybersecurity management in scientific works and regulatory documents for various spheres of human life.
The purpose of this article is to summarize basic principles for presenting conceptual approaches to managing the cybersecurity of IT-systems and infra-structures in scientific and regulatory documents. To solve the problem, it is ne- cessary to consider the concepts of security management in various spheres of human life, to determine the concept and components of cybersecurity for IT-systems and infrastructures, to consider the basic principles for various concep-tual approaches to security management.
Attention is paid both to the components of IT-systems security (functional-, informational-, cybersecurity), and the qualities of complex systems that include security (dependability, functional reliability). Among the main provisions of se-curity management concepts, an important place is given to security policy, both the general and the whole (often as security strategies), and the separation of po- licies into global and local.
A comparative list of principles for various concepts of managing IT-systems and infrastructures security is given. The security management concepts of distributed IT-systems are analyzed on the example of critical infrastructures, information and telecommunication systems, industrial automation systems, cy-berphysical systems and continuous business systems. It is determined that vari-ous concepts can use general principles, such as risk management, improvement/adaptation of the security management system.

 

References

1. Yeun R., Bates P. and Murray P. (2014), “Aviation safety management systems”, posted in World Review of Intermodal Transportation Research, vol. 5, No. 2, pp. 168–196.
2. Kozachenko G., Lyashenko O. and Bezbozhnyy V. (2010), Enterprise economic security management conception, ТЕКА Кom. Mot. i Energ. Roln. OL PAN, 2010. 10A, pp. 263−270.
3. Cherep O. G. and Stepanenko O. V. (2013), “Kontseptsiya upravlinnya ekonomichnoyu bezpekoyu mashynobudivnykh pidpryyemstv” [“The concept of economic safety management of machine-building enterprises”], Journal Stalyy rozvytok ekonomiky [Sustainable development of economy], vol. 4, pp. 110−114.
4. Shangin V. F. (2017), Informatsionnaya bezopasnost' komp'yuternykh sistem i setey [Information Security of Computer Systems and Networks], Mos-cow, Press Publishing House “FORUM”: INFRA-M, 416 p.
5. Raggad B. (2010), Information Security Management, Concepts and Practice, London: CRC Press, 868 p.
6. Kontseptsiya upravleniya bezopasnost'yu v administratsii goroda Permi. [Security Management Concept in Perm City Administration], available at: http://docs.cntd.ru/document/428682486 (accessed 15.10.2019).
7. KMU (2007), Kontseptsiya natsional’noyi ekolohichnoyi polityky Ukrayiny na period do 2020 roku [The concept of national environmental policy of Ukraine for the period up to 2020Concept of national environmental policy of Ukraine for the period up to 2020], the Decree of the Cabinet of Ministers of Ukraine of October 8, No. 880-p, available at: https://zakon.rada.gov.ua/ laws/show/880-2007-%D1%80 (accessed 10.15.2019).
8. Kontseptsiya [Concept], Entsyklopediya Suchasnoyi Ukrayiny [Encyclo-pedia of Such Ukraine], available at: http://esu.com.ua/search_articles. php?id=3256 (accessed 15.10.2019).
9. Sudakova O. I., Medvedovskaya T. P., Garbuz E. V. and O. V. Lut- chenko et al (2017), “Upravlinnya bezpekoyu vzayemodiyi pidpryyemstva z kon-trahentamy, diyuchymy v zahal’nomu zhyttyevomu prostori” [“Management of security of interaction of the enterprise with the counterparties operating in the common living space”], Journal Hlobal’ni ta natsional’ni problemy ekonomiky [Global and national problems of economy], vol. 19, pp. 256–261.
10. Dudykevych V. B., Mykytin G. V. and Rebetets’ A. I. (2018), “Do problemy upravlinnya kompleksnoyu systemoyu bezpeky kiberfizychnykh system” [“On the problem of control of complex security system of cyberphysical sys-tems’], Bulletin of the National university “Lviv Polytechnic”. Information sys-tems and networks, vol. 901, pp. 10−21.
11. Brezhnev Ye. V. and Kharchenko V. S. (2015), “Metodologiya obespecheniya bezopasnosti kriticheskikh infrastruktur v usloviyakh neopredelen-nosti: kontseptsiya i printsipy” [“Methodology for Critical Infrastructure Safety in Uncertainty: Concept and Principles”], Journal Radíoyelektronní í komp’yuterní sistemi [Radioelectronic and Computer Systems], vol. 1, pp. 25–32.
12. Dudykevych V., Mykytyn G., Kret T. and Rebets A. (2016), “Security of Cyber-Physical Systems from Concept to Complex Information Security Sys-tem”, Advances in cyber-physical systems, vol. 1, No. 2, pp. 67–75.
13. Gordeyev A. A. and Kharchenko V. S. (2014), “Elementy metodologii profileoriyentirovannogo otsenivaniya kachestva programmnogo obespecheniya informatsionnykh sistem” [“Elements of methodology of profile oriented evalua-tion of software quality of information systems”], a collection of scientific works Problemy informatyzatsiyi ta upravlinnya [Problems of informatization and man-agement], t. 3, vol. 47, pp. 24−30.
14. Kharchenko V.S., Yakovlev S.V., Gorbachik O.S. and oth. (2019), Zab-ezpechennya funktsional’noyi bezpeky krytychnykh informatsiyno-keruyuchykh system [Functional safety of critical information and control systems], mono-graph. Kharkiv: Constant, 272 p.
15. ISO/IEC 13335−1: 2004, Information technоlоgy − Security techniques − Management of information and communications technology security − Part 1: Concepts and models for information and communications technology security management, available at: https://www.iso.org/standard/39066.html (accessed 51.10.2019).
16. IEC TS 62443−1−1:2009, Industrial communication networks − Net-work and system security − Part 1−1: Terminology, concepts and models, availa-ble at: https://webstore.iec.ch/publication/7029 (accessed 15.10.2019).
17. ISO/IEC 27000:2018, Information technology Security techniques − Information security management systems − Overview and vocabulary, available at: https://www.iso.org/standard/73906.html (accessed 15.10.2019).
18. KMU (2012), Kontseptsiya zabezpechennya natsional’noyi bezpeky u finansoviy sferi [The concept of ensuring national security in the financial sphere], Ordinance of the Cabinet of Ministers of Ukraine of August 15, No. 569-p. URL: https://zakon.rada.gov.ua/laws/show/569-2012-%D1%80 (accessed 10.15.2019).
19. President of Ukraine (2016), Stratehiya kiberbezpeky Ukrayiny [Ukraine's Cybersecurity Strategy], Presidential Decree No. 96/2016 of March 15, available at: https://zakon5.rada.gov.ua/laws/show/96/2016 (accessed 15.10.2019).
20. IEC 61508-1:2010, Functional safety of electrical/electronic/program- mable electronic safety-related systems, Part 1: General requirements, available at: https://webstore.iec.ch/publication/5515. (accessed 15.10.2019).
21. ARP 4761, Guidelines and methods for conducting the safety assess-ment process on civil airborne systems and equipment, available at: https://www.sae.org/standards/content/arp4761/ (accessed 15.10.2019).
22. ISO 26262-1:2018, Road vehicles − Functional safety − Part 1: Vocabu-lary, available at: https://www.iso.org/standard/68383.html (accessed 15.10.2019).
23. CENELEC − EN 50159, Railway applications − Communication, sig-nalling and processing systems − Safety-related communication in transmission sys-tems, available at: https://standards.globalspec.com/std/1285055/ EN%2050159 (accessed 15.10.2019).
24. IEC 61513:2011, Nuclear power plants − Instrumentation and control important to safety − General requirements for systems, available at: https://webstore.iec.ch/publication/5532 (accessed 15.10.2019).
25. Gluschke G. (2018), Cyber security policies and critical infrastructure protection. Potsdam: Institute for Security and Safety (ISS) Press, 388 p.
26. Limba T., Plėta T., Agafonov K. and Damkus M. (2017), “Cyber securi-ty management model for critical infrastructure.”, Journal Entrepreneurship and Sustainability Issues, vol. 4 (4), pp. 559−573.
27. Maglaras L., Kim K. and Janicke H. et al. (2018), “Cyber security of critical infrastructures”, Journal ICT Express, vol. 4 (1), pp. 42−45.
28. Dhawan S. (2014), “Information and Data Security Concepts, Integra-tions, Limitations and Future”, International Journal of Advanced Information Science and Technology (IJAIST), vol. 3 (9), pp. 9−13.
29. Avizienis A., Laprie J.-C. and Randell B. (2004), “Dependability and its threats: a taxonomy”, In Proc. Of the IFIP 18th World Computer Congress, Kluwer Academic Publishers, pp. 91−120.
30. Shubinskiy I. B. (2012), Funktsional'naya nadezhnost' informatsionnykh sistem. Metody analiza [Functional reliability of information systems. Methods of analysis], Moscow, Press Reliability Magazine, 296 p.
31. Malygin V. B. and Nechayev Ye. Ye. (2011), Obespecheniye bezopas-nosti polotov pri upravlenii vozdushnym dvizheniyem [Flight safety in air traffic control], Tutorial, Moscow, Press Moscow State Technical University of Civil Aviation, 86 p.
32. Kontseptsiya hlobal’noho upravlinnya bezpekoyu [Global security man-agement concept, available at: https://ssbb.com.ua/uk/sistemy-kontrolya-dostupa/sistema-kontrolyu-dostupu/koncepciya-globalnogo-upravleniya-bezopasnostu/ (accessed 15.10.2019)
33. Carder J. (2018), How to build a SOC with limited resources. Maiden-head: LogRhythm Labs, 16 p.
34. ISO/IEC 27031:2011, Information technology − Security techniques − Guidelines for information and communication technology readiness for business continuity, available at: https://www.iso.org/standard/44374.html (accessed 15.10.2019).
Published
2019-12-13
How to Cite
Ponochovniy, Y. L. (2019). ANALYSIS OF CYBER SECURITY MANAGEMENT CONCEPTS FOR DISTRIBUTED IT INFRASTRUCTURES. Systems and Technologies, 2(58), 87-101. https://doi.org/10.32836/2521-6643-2019-2-58-5