Article

Article title INTELLIGENT DECISION MAKING SUPPORT FOR PERSONAL DATA INFORMATION SYSTEM AUDIT BASED ON CONSTRUCTING ONTOLOGIES
Authors V.V. Sagitova, V.I. Vasilyev
Section SECTION I. COMPUTER SECURITY
Month, Year 05, 2015 @en
Index UDC 005.2
DOI
Abstract The problem of personal data information system audit taking into account the particularity personal data as a protection object is considered. The overview of basic requirements to personal data security established by laws and regulations of the Federal Service for Technical and Export Control and the Federal Security Service is considered. The approach to solving the problem of audit automatization for personal data information system based on a review of possible approaches to information security audit based on these documents and existing international and national information security standards is offered. This approach is based on the intelligent decision making support with use of ontological analysis and fuzzy logic inference. The ontological approach allows to systematize a subject domain, to select a subset of concepts and relations between them, which are used for solving the problems of personal data information system audit. The ontology of decision support for personal data information system audit is constructed in Protege program module. The ontology includes metaontology and subject domain ontology containing information security concepts, personal data protection concepts, personal data information system audit concepts. The built-in ontology knowledge base includes solutions alternatives to personal data security, based on subject domain analysis and experts knowledge. The architecture of intelligent decision making support system based on fuzzy neural network, application of which will allow to increase the efficiency of decision making for personal data protection, is offered.

Download PDF

Keywords Decision making support system; ontology; audit; personal data information system; fuzzy logic; security level for personal data; risk assessment of personal data information system
References 1. O personal'nykh dannykh [On personal data]: Feder. Zakon: prinyat Gos. Dumoy 8 iyulya 2006 g. [Federal law: passed by the State Duma on July 8, 2006]. Moscow: Rossiyskaya gazeta, 2006, 21 p.
2. Likhonosov A., Denisov D. Osnovy audita informatsionnoy bezopasnosti: Uchebnoe posobie [The fundamentals of auditing information security: a Training manual]. Moscow: MFPA, 2010, 305 p.
3. Salova V.V. Analiz metodov otsenki riska v informatsionnykh sistemakh personal'nykh dannykh [Analysis of methods of risk assessment in information systems of personal data], Materialy Vos'moy Vserossiyskoy zimney shkoly-seminara aspirantov i molodykh uchenykh «Informatsionnye i infokommunikatsionnye tekhnologii» [The materials of the Eighth all-Russia winter school-seminar of graduate students and young scientists "Information and communication technologies"]. Ufa, 2013, pp. 289-292.
4. Sheela S., Rajasundari T. Information Flow Analysis Based On Security Metrics, International Journal of Innovative Research in Science, Engineering and Technology, March 2014, Vol. 3, Special Issue 3, pp. 2264-2269.
5. CMS Information Security Risk Assessment (is RA) Procedure (Centers for Medicare & Medicaid Services), March 19, 2009.
6. Security Risk Assessment & Audit Guidelines [G51] (The Government of the Hong Kong Special Administrative Region), Version 5.0, September, 2012.
7. Practical Methods for Information Security Risk Management, Informatica Economică, 2011, Vol. 15, No. 1, pp. 151-159.
8. Risk Assessment Process: Information Security (New Zealand Government), February, 2014.
9. Behnia A, Rashid R.A., Chaudhry J.A. A Survey of Information Security Risk Analysis Methods, Smart Computing Review, February, 2012, Vol. 2, No. 1.
10. Breier J., Hudec L. Risk analysis supported by information security metrics, Proc. of the 12th International Conference on Computer Systems and Technologies, 2011.
11. Golembiovskaya O.M. Avtomatizatsiya vybora sredstv zashchity personal'nykh dannykh na osnove analiza ikh zashchishchennosti: Avtoref. diss. … kand. tekhn. nauk [Automating the choice of protection of personal data based on the analysis of their security: Autoabstract cand. eng. sc. diss]. St. Petersburg, 2013, 19 p.
12. Kurakin A.S. Metody i algoritmy postroeniya informatsionnykh sistem personal'nykh dannykh v zashchishchennom ispolnenii: Avtoref. diss. … kand. tekhn. nauk [Methods and algorithms of information systems of personal data in a secure execution: Autoabstract cand. eng. sc. diss.]. St. Petersburg, 2013, 33 p.
13. Shelupanov A.A., Mironova V.G., Erokhin S.S., Mitsel' A.A. Avtomatizirovannaya sistema predproektnogo obsledovaniya informatsionnoy sistemy personal'nykh dannykh «AIST-P» [Automated system of pre-survey information systems of personal data "STORK-P”, Doklady Tomskogo gosudarstvennogo universiteta sistem upravleniya i radioelektroniki [Reports of Tomsk state University of control systems and Radioelectronics], 2010, No. 1 (21), pp. 14-22.
14. B-152. Available at: http://b-152.ru (accessed 17 February 2015).
15. Bolotova L.S. Sistemy iskusstvennogo intellekta: modeli i tekhnologii, osnovannye na znaniyakh [Artificial intelligence systems: models and technologies based on knowledge]. Moscow: Finansy i statistika, 2012, 664 p.
16. Chernyakhovskaya L.R., Startseva E.B., Muksimov P.V. i dr. Podderzhka prinyatiya resheniy pri strategicheskom upravlenii predpriyatiem na osnove inzhenerii znaniy [The decision support in strategic management of enterprise-based knowledge engineering]. Ufa: AN RB, Gilem, 2010, 128 p.
17. Metodika opredeleniya aktual'nykh ugroz bezopasnosti personal'nykh dannykh pri ikh obrabotke v informatsionnykh sistemakh personal'nykh dannykh: Metod. dokument: utverzhden FSTEK Rossii 14 fevr. 2008 g. [The method of determining actual threats to the security of personal data during their processing in personal data information systems: a Methodological document: approved by the Russian FSTEC 14 Febr. 2008]. Available at:
http://fstec.ru/component/attachments (accessed 17 February 2015).
18. Bazovaya model' ugroz bezopasnosti personal'nykh dannykh pri ikh obrabotke v informatsionnykh sistemakh personal'nykh dannykh: Metod. dokument: utverzhden FSTEK Rossii 15 fevr. 2008 g. [The basic model of threats to the security of personal data at their processing in information systems of personal data: Method. document: approved by the FSTEC
of Russia 15 Feb. 2008]. Available at: http://www.zki.infosec.ru (accessed 17 February 2015).
19. Ob utverzhdenii trebovaniy k zashchite personal'nykh dannykh pri ikh obrabotke v informatsionnykh sistemakh personal'nykh dannykh: Postanovlenie Pravitel'stva RF: utverzhdeno 1 noyab. 2012 g. [About approval of requirements to protection of personal data during their processing in personal data information systems: regulation of the Government of
the Russian Federation: approved 1 Nov. 2012]. Moscow: Rossiyskaya gazeta, 2012, 7 p.
20. Ob utverzhdenii sostava i soderzhaniya organizatsionnykh i tekhnicheskikh mer po obespecheniyu bezopasnosti personal'nykh dannykh pri ikh obrabotke v informatsionnoy sisteme personal'nykh dannykh: Prikaz: utverzhden FSTEK Rossii 18 fevr. 2013 g [On approval
of the composition and content of organizational and technical measures for personal data security at their processing within the information system of personal data: the Order: approved by the Russian FSTEC 18 Feb. 2013]. Moscow: Rossiyskaya gazeta, 2013, 8 p.

Comments are closed.