Научная электронная библиотека ULRICH'S Periodicals Directory

Сибирский государственный университет
науки и технологий имени академика М.Ф. Решетнева

Сибирский аэрокосмический журнал
ISSN 2712-8970 (Print) ISSN 2782-5760 (on-line)

Сведения об образовательной организации

UDK 004.056
ACCESS MATRIX AS A PASSIVE ELEMENT IN THE PROTECTION OF INFORMATION RESOURCES
I. Z. Krasnov
Siberian Federal University 79, Svobodnyi Av., Krasnoyarsk, 660041, Russian Federation E-mail: bk_24@bk.ru
In modern business environment the role of effective governance on the basis of reliable information increases many times is very important. Error management based on insufficient or incorrectly interpreted data, can lead to the collapse of even a large company. Modern, complex and dynamic market environment requires from Russian companies continuous improvement of their management systems and information systems support. One of the main directions of creation of effective system of enterprise management is the application of the process approach to organization and management. Information becomes the most powerful tool in the hands of the manager. Effective management is impossible without information gathering and processing by various methods. The methods of obtaining information are diverse and are not considered in this work. The methods of the targeted distribution of information on the recipients were much more interesting, which is reflected in this work. In this work the author considers a problem of management of access to information resources of the enterprises. The purposes of a control system of access are formulated. Interrelation of the purposes of information security and available threats of safety is defined. It is suggested to use an access matrix as a passive element of protection of information resources. The tasks which need to be solved in any control system of access are formulates. A task of an exception of redundancy when carrying out measures of protection of information resources is set. A technique of formation of a matrix of access is offered. The procedure of categorization of information, identification of groups of risk, formation of profiles of access, fixing of access rights in regulating documents of the organization is described.
matrix of access, information resources, information protection, process approach.
References

  1. Andrianov V. V., Marshmallows S. L., Golova-
    nov V. B., Golduev N.A., Kurylo A. P. Obespechenie informatsionnoy bezopasnosti biznesa [Providing business information security]. Moscow, Alpina Publisher, 2011, 392 p.

  2. GOST R ISO/MEK 9001:2008. Sistemy me-nedzhmenta kachestva. Trebovaniya. [State Standart 9001:2008 Quality management systems – Requirements (IDT)]. Moscow, Standartinform Publ., 2009.

  3. Aleksandrov S. L. Protsessy organizatsiy pri vypolnenii trebovaniy GOST R ISO 9001 [Organizations process in the executions requirements ISO 9001:2008]. Metody menedzhmenta kachestva. 2009, no. 1, p. 340
    (In Russ.).

  4. GOST R ISO/MEK 17799:2005. Prakticheskie pravila upravleniya informatsionnoy bezopasnost'yu. [ISO 17999:2005. Code of practice for information security management]. Moscow, Standartinform Publ., 2006.

  5. Becker Th. et al. Menedzhment protsessov Per.
    s nem. [Management processes. Per. with German]. Moscow, Eksmo Publ., 2007, p 384.

  6. Andersen B. Biznes-protsessy. Instrumenty sovershenstvo-vaniya Per. s angl. [The business processes. Tools improvement. Per. from English]. Moscow, RIA “Standarty i kachestvo” Publ., 2004, 272 p.

  7. Kondratyev V. V., Kuznetsov M. N. Pokazyvaem biznes-protsessy (na spirali). [Show business processes (spiral)]. Moscow, Eksmo Publ., 2008, 480 p.

  8. Novikov M. C. Modelirovanie biznes-protsessov upravleniya. [Modeling the business process management]. Available at: http://www.intalev.ru.

  9. Chertovskoy V. D., Brusakova I. A. Informatsi-onnye sistemy i tekhnologii v ekonomike. [Information systems and technologies in Economics]. Moscow,
    Finansy i statistika Publ., 2007, p. 364.

  10. Andersen B. The business-processesy. Instrumenty sovershenstvo-vaniya Per. s angl. [The business processes. Tools improvement. Per. from English]. Moscow, RIA “Standarty i kachestvo” Publ., 2003, 272.

  11. Evdokimenko E. Biznes-protsessy, protsessnoe upravlenie i effektivnost' [Business processes, process management and efficiency]. Available at: http://www. finansy.ru/publ/mend/009.htm.

  12. Baldin K. V. Risk-menedzhment [Risk management]. Moscow, Eksmo Publ., 2006, 368 p.

  13. Kovalev A. I. [Composite and dynamic processes management]. Standarty i kachestvo. 2010, no. 2, p. 72–73 (In Russ.).

  14. Astakhov A. M. Iskusstvo upravleniya infor-matsionnymi riskami. [The art of managing information risk]. Moscow, DMK Press Publ., 2010, 312 p.

  15. Repin V. Biznes-protsessy. Modelirovanie, vnedrenie, upravlenie. [Business Processes. Modeling, implementation, management]. Moscow, Mann, Ivanov and Ferber Publ., 2013, 512 p.


Krasnov Igor Zaryevich. – Docent of Institute of Space and Information Technologies, Siberian Federal University. E-mail: bk_24@bk.ru