Professional Documents
Culture Documents
Ensuring Comprehensive Security of Information
Ensuring Comprehensive Security of Information
Abstract— The article deals with the issues of improving the and the environment [1,2,3]. The introduction of new
quality of corporate information systems functioning and technologies contributes to the emergence of new, difficult to
ensuring the information security of financial organizations predict types of threats and requires in-depth analysis,
that have a complex structure and serve a significant number modeling and forecasting of risks in the information
of customers. The formation of the company's informational environment of the technosphere [4,5]. The development of
system and its integrated information security system is comprehensive information security is designed to protect
studied based on the process approach, methods of risk the external environment and the systems operating in it from
management and quality management. The risks and threats to harmful information influences.
the security of the informational system functioning and the
quality of information support for customer service of a Since information is a universal component of
financial organization are analyzed. The methods and tools for communication, threats directed from the external
improving the quality of information services and ensuring environment to information and threats directed from
information security are considered on the example of an information into the external environment have a significant
organization for social insurance. Recommendations are being impact on such basic areas of society as: technical,
developed to improve the quality of the informational system economic, political and socio-cultural ones [6,7].
functioning in a large financial company.
Material and reputational damage arising from
Keywords— information security, organization informational inconsistencies and problems in the field of information
system, quality management, risk analysis, process approach protection is most significant for large organizations in the
financial and economic sphere of activity that provide
I. ANALYSIS OF THE PROBLEM OF services to a large number of customers [8,9].
INFORMATION PROTECTION IN LARGE FINANCIAL
INSTITUTIONS As a rule, modern financial organizations have a number
of functioning features that create an increased risk of
The role of information and information technology in external information attacks and unauthorized interventions,
today's world is increasing more and more due to major namely [10]:
factors such as:
• high level and volume of remote information
• technology development, interaction with clients;
• growth of consumer requirements to the quality and • confidential financial and proprietary information
functionality of products and services, about customers, which is valuable for interested third
• communications development, parties;
• growing need for big data analysis; • potential unauthorized third party influence on
financial transactions;
• increasing demand for process management
automation and intellectualization, • possibility of internal influence of unscrupulous
employees on functioning of the information system
• growing need for globalization of systems in all areas in order to achieve personal benefits;
of society,
• Other
• Other.
Let us take the example of the Russian Pension Fund
The growth of the complexity and size of any man-made (RPF), whose clients include more than 80 million
systems is accompanied by an avalanche increase in the pensioners and 20 million beneficiaries. The RPF structure
number of variations of the system states, which creates includes more than 80 regional offices and 2,500 client
additional threats and risks for the system itself, the people
Authorized licensed use limited to: Universiti Kuala Lumpur. Downloaded on April 02,2024 at 05:04:12 UTC from IEEE Xplore. Restrictions apply.
services, and the organization has more than 100,000 The analysis shows that special threats are aimed at
employees. cryptographic interconnection service hardware and
software.
The information system that supports the organization's
business processes and interacts with clients with the support Fig. 2 shows the scheme for protecting the RPF
of the state services portal and other state social sphere information system against malware.
platforms is represented by the automated management
system RPF AMS.
II. QUALITY ASSURANCE AND DEVELOPMENT
OF THE INFORMATION SECURITY SYSTEM FOR THE
RPF
Let us consider inconsistencies in the quality of IT
services in the RPF. The statistics of discrepancies by type
are presented as a checklist in Table 1.
1757
Authorized licensed use limited to: Universiti Kuala Lumpur. Downloaded on April 02,2024 at 05:04:12 UTC from IEEE Xplore. Restrictions apply.
o Problem identification and registration, Consider the development of an ISMS for the RPF based
on the PDCA cycle:
o Problem classification,
• Plan:
o Problem investigation and diagnostics.
Developing risk management and information security
o Solution and closing. policies, objectives, and processes that are consistent with
• Monitoring and controlling errors: the organization's policies and objectives
• Traffic disruption, Let us consider the process of working with risks as part
of the developing the ISMS for the RPF, Fig. 6.
• Information access disruption,
• Disruption of security threat identification
Quality assurance of remote work with clients in the RPF
AMS is best ensured as part of the organization's quality
management system (QMS). At the same time improvement
of security of the organization`s IT-environment, over and
above the documented external mandatory requirements at
the level of federal laws and orders of relevant ministries, is
provided in the best way based on the development and
implementation of information security management system
(ISMS) [12].
1758
Authorized licensed use limited to: Universiti Kuala Lumpur. Downloaded on April 02,2024 at 05:04:12 UTC from IEEE Xplore. Restrictions apply.
(Ishikawa diagram, "five why" based cause
tree, "bow tie" cause and effect tree, and
others);
o Method of corrective and preventive actions;
o Modeling and forecasting (econometric
modeling, simulation modeling, dynamic
modeling, and others);
o Methods and models of the process approach
and system analysis.
• Handling incidents and problems based on IT
Infrastructure Library methods and practices.
• Applying process and systems analysis methods
and models.
It is recommended to create an "Information Resource
Control Center" with the following structure, Figure 8, in
Fig.6. Scheme of working with risks in the ISMS. order to improve the efficiency of information security:
Fig.7. Структура ИСМ, включающая СМИБ и другие системы The proposed methods of analysis and development of
менеджмента.
comprehensive information security system based on the
CONCLUSION creation of integrated systems of quality management,
information security, risk management, are recommended
To ensure and improve the functioning of the integrated for the organization and improve information security of the
security of the financial organization`s information system, organization with extensive functions of remote interaction
the following is recommended: with customers.
• Analyzing the quality of remote customer service
REFERENCES
in the organization`s information environment. It is
recommended to apply tools and methods of quality [1] Ryabchik T.A., Smirnova E.E., Lukashova M.I., Haydar H.
Manufacturing processes quality control as a main factor of
management, including: performance enhancement in industrial management. Proceedings of
the 2019 IEEE Conference of Russian Young Researchers in
o Statistical quality tools. (checklist, Pareto chart, Electrical and Electronic Engineering, ElConRus 2019this link is
Schuchart chart, stratigraphic analysis, and disabled, 2019, стр. 1463–1466.Emelyanov A.I., Savchuk R.R.
others); Automated Control System for Lighting Devices. Proceedings of the
2021 IEEE Conference of Russian Young Researchers in Electrical
o Matrix analysis methods (including Quality and Electronic Engineering, ElConRus 2021this link is disabled,
House, correlation matrix analysis, 2021, pp. 870–873.
responsibility matrices, and others); [2] Narusova E.Yu., Struchalin V.G., Stepanov A.N. Determination of
the required personal qualities of a leader for ensuring safe work of
o Structural methods of logical analysis
1759
Authorized licensed use limited to: Universiti Kuala Lumpur. Downloaded on April 02,2024 at 05:04:12 UTC from IEEE Xplore. Restrictions apply.
the employees. Bezopasnost' Truda v Promyshlennostithis link is activities in the field of protection of the population and territories. В
disabled, 2021, 2021(8), pp. 91–95. сборнике: Proceedings of the 2020 IEEE International Conference
[3] Ryabchik T.A., Sidrakov A.A., Grechishnikov V.A., Smirnova E.E., "Quality Management, Transport and Information Security,
Shevlugin M.V. The emergence of electrical burning of insulated rail Information Technologies", IT and QM and IS 2020. 2020. С. 286-
joints in the moscow metro. Proceedings of the 2020 IEEE 289.
Conference of Russian Young Researchers in Electrical and [10] Guskova M.F., Nemtsov Y.V. Study of the effect of repeated requests
Electronic Engineering, EIConRus 2020this link is disabled, 2020, pp. for quality of customer service in digital radio communication
1667–1669. networks of railway transport. Proceedings of the 2021 IEEE
[4] MacHeret P.D., Savchuk R.R. Automated design systems based on Conference of Russian Young Researchers in Electrical and
the use of three-dimensioal object modeling techniques. Proceedings Electronic Engineering, ElConRus 2021this link is disabled, 2021, pp.
of the 2021 IEEE Conference of Russian Young Researchers in 2118–2123.
Electrical and Electronic Engineering, ElConRus 2021. 2021. pp. [11] Telyatnikova N.A , Paliy R.V., Spiridonov E.S., Cerniauskaite L.
1004-1008. The logical structure of the software file archive formation as a part of
[5] Telyatnikova N.A., Spiridonov. E.S, Boyarinov D. Innovation, industrial management, Proceedings of the 2019 IEEE conference of
informatization and digitalization of the infrastructure facilities Russian Young Researchers in Electrical and Electronic Engineering,
design and construction of high-speed railway in Russia and Eurasian ElConRus 2019, р. 1435-1439, 8657021
Union Transport Means. Proceedings of the International Conference, [12] Shmeleva A.G., Ladynin A.I., Smirnova E.E., Ryabchik T.A.
2018, 2018-October, р. 1161-1166. Transport logistics management information system. Proceedings of
[6] Narusova E.Yu., Struchalin V.G., Strelnikova E.N., Paruleva I.V., the 2019 IEEE Conference of Russian Young Researchers in
Reducing the occupaitional burnout level on the basis characteristics Electrical and Electronic Engineering, ElConRus 2019this link is
of personal at working group organizing. Bezopasnost' Truda v disabled, 2019, pp. 1471–1473.
Promyshlennosti, 2021, 2021(9), pp.45–49. [13] Guskova M.F., Pashina A.S. Choice modelling of a power supply
[7] Voronkova O.Y., Logvina E.V., Glubokova N.Y., Akhmadeev R.G., system for level crossings. Proceedings of the 2021 IEEE Conference
Bykanova O.A. Economical and ecological risks of the creation of of Russian Young Researchers in Electrical and Electronic
clusters in the agricultural sector: case study for education process. Engineering, ElConRus 2021this link is disabled, 2021, pp. 1890–
Talent Development and Excellence. 2020. Т. 12. № SpecialIssue3. 1894.
pp. 677-686. [14] Leifer B.K., Savchuk R.R. comparative analysis of automated control
[8] Agarkov M.A., Guskova M.F., Korzhin S.N. An innovative method and information systems for the technical operation of railway
of procurement management in the electronics industry. Proceedings crossings. Proceedings of the 2021 IEEE Conference of Russian
of the 2021 IEEE Conference of Russian Young Researchers in Young Researchers in Electrical and Electronic Engineering,
Electrical and Electronic Engineering, ElConRus 2021this link is ElConRus 2021this link is disabled, 2021, pp. 994–999.
disabled, 2021, pp. 1870–1873.
[9] Savchuk R.R. Development of automation systems for the unified
duty dispatch service 'system-112' in order to increase efficiency
1760
Authorized licensed use limited to: Universiti Kuala Lumpur. Downloaded on April 02,2024 at 05:04:12 UTC from IEEE Xplore. Restrictions apply.