PDFHladun A. Ia. – PhD in Engineering, Senior Researcher, International Research and Training Center for Information Technologies and Systems under NAS and MES of Ukraine, 40, Acad. Glushkova Ave., Kyiv, Ukraine, 03680; +38(044) 502-63-66; glanat@yahoo.com; ORCID: 0000-0002-4133-8169
Khala K. O. – Junior Researcher, IRTCITS under NAS and MES of Ukraine, 40, Acad. Glushkova Ave., Kyiv, Ukraine, 03680; +38(044) 502-63-66; cecerongreat@ukr.net; ORCID: 0000-0002-9477-970X
TAXONOMY OF INFORMATION SECURITY STANDARDS
Abstract. This paper presents a taxonomy (structural classification) of standards for information security (hereafter — IS), which represents a certain systematic analysis of standards both in terms of standard makers and from the point of view of designers and developers of secure systems. The taxonomy of standards provides a systematic approach of decomposition of general security management problems for solving specific problems.
Keywords: information security, standard, authorization, authentication, taxonomy.
REFERENCES
1. Hladun A.Ia., Rohushyna Yu.V. (2016) Ontolohichnii pidkhid do problem pidvyshchennia yakosti rozroblennia natsionalnykh standartiv Ukrainy [Ontological approach to improving the quality of development of national standards of Ukraine]. Standartyzatsiia, sertyfikatsiia, yakist [Standardization, Certification, Quality], no. 2, pp. 19–28.
2. Hladun A.Ia., Rohushyna Yu.V. (2016) Data Maning: Poshuk znan v danykh [Search for knowledge in these], Ed. S. Kuznetsov. Kyiv: TOV “VD “ADEFUkraina”, 452 p.
3. Kryterii otsinky zakhyshchenosti informatsii v kompiuternykh systemakh vid nesanktsionovanoho dostupu: ND TZI 2.5-004-99 [Criteria for evaluating information security in computer systems from unauthorized access: Sun Heat 2.5-004-99. — Kind. official. — For the first time intr. 07/01/1999]. Kyiv:
Derzhspozhyvstandart Ukrainy [State Committee of Ukraine], 1999. IV, 61 p. Normatyvnii dokument Systemy tekhnichnoho zakhystu informatsii [Normative documents of technical protection of information].
4. Hladun A.Ia., Rohushyna Yu.V. (2016) Semantychni tekhnolohii: pryntsypy ta praktyky: monohrafiia [Principles and Practice. monograph]. Kyiv: TOV “VD “ADEF-Ukraina”, 387 p.
5. Systemy obroblennia informatsii. Vzaiemozviazok vidkrytykh system. Bazova etalonna model. Chastyna 2. Arkhitektura zakhystu informatsii (ISO 7498-2: 1989, IDT): DSTU ISO 7498-2:2004. — 2006-04-01 [Information processing systems. Open Systems Interconnection. Basic reference model. Part 2
6. Systemy obrobky informatsii — Vzaiemozviazok vidkrytykh system — Bazova etalonna model — Chastyna 4: Struktura upravlinnia: ISO/IEC 7498-4: 1989 — ISO/IEC. — 1989-11-16 [Information processing systems — Open Systems Interconnection — Basic Reference Model — Part 4: Management framework: ISO/IEC 7498-4:1989 — ISO/IEC. — First edit. 1989-11-16]. Mizhnarodna orhanizatsiia zistandartyzatsii [International Organization for Standardization], 2006. I, 9 p. Mizhnarodnyi standart [International standard].
7. Informatsiini tekhnolohii. Nastanovy z keruvannia bezpekoiu informatsiinykh tekhnolohii (IT). Chastyna 2. Keruvannia ta planuvannia bezpeky IT (ISO/IEC TR 13335-2:1997, IDT): DSTU ISO/IEC TR 13335-2:2003. — 2004-10-01 [Information Technology. Guide to Security Management Information Technology (IT). Part 2: Managing and planning IT Security (ISO/IEC TR 13335-2: 1997, IDT): GOST ISO/IEC TR 13335-2: 2003. — Kind. official. — For the first time intr. 2004-10-01]. Kyiv: Derzhspozhyvstandart Ukrainy [State Committee of Ukraine], 2005. IV, 16 p. Natsionalnyi standart Ukrainy [National standard of Ukraine].
8. Informatsiini tekhnolohii. Nastanovy z keruvannia bezpekoiu informatsiinykh tekhnolohii (IT). Chastyna 3. Metody keruvannia zakhystom IT (ISO/IEC TR 13335-3:1998, IDT): DSTU ISO/IEC TR 13335-3: 2003
[Information technology. Guide to Security Management Information Technology (IT). Part 3. Methods of protection of IT management (ISO/IEC TR 13335-3:1998, IDT): GOST ISO / IEC TR 13335-3: 2003. — Kind. official. — For the first time intr. 2004-10-01]. Kyiv: Derzhspozhyvstandart Ukrainy [State Committee of
Ukraine], 2005. IV, 16 p. Natsionalnyi standart Ukrainy [National standard of Ukraine].
9. Informatsiini tekhnolohii. Nastanovy z keruvannia bezpekoiu informatsiinykh tekhnolohii (IT). Chastyna 5. Nastanova z keruvannia merezhnoiu bezpekoiu (ISO/IEC TR 13335-5:2001, IDT): DSTU ISO/IEC TR 13335-5:2005. — 2006-07-01 [Information technology. Guide to Security Management Information Technology (IT). Part 5. Guidance on managing network security (ISO / IEC TR 13335-5: 2001, IDT): GOST ISO/IEC TR 13335-5: 2005. — Kind. official. — For the first time intr. 2006-07-01]. Kyiv: Derzhspozhyvstandart
Ukrainy [State Committee of Ukraine], 2007. VIII, 21 p. Natsionalnyi standart Ukrainy [National standard of Ukraine].
10. Informatsiini tekhnolohii. Kryptohrafichnyi zakhyst informatsii. Alhorytm symetrychnoho blokovoho peretvorennia: DSTU 7624:2014. — 2015- 07-01. [Information technology. Cryptographic protection. The algorithm is a symmetric block transformation: ISO 7624: 2014. — Kind. official. — For the first time intr. 07/01/2015]. Kyiv: Derzhspozhyvstandart Ukrainy [State Committee of Ukraine], 2015. III, 226 p. Natsionalnyi standart Ukrainy [National standard of Ukraine].
11. Informatsiini tekhnolohii. Kryptohrafichnyi zakhyst informatsii. Funktsiia kheshuvannia: DSTU 7564: 2014. — 2015-04-01. [Information technology. Cryptographic protection. Hash function: ISO 7564: 2014. — Kind. official. — For the first time intr. 04/01/2015]. Kyiv: Derzhspozhyvstandart Ukrainy [State Committee of Ukraine], 2015. III, 37 p. Natsionalnyi standart Ukrainy [National standard of Ukraine].
12. Informatsiini tekhnolohii — Metody ubezpechennia — Kryterii otsinennia bezpeky IT — Chastyna 2: Funktsionalni komponenty bezpeky: ISO/IEC 15408-2:2008 — ISO / IEC. — 2008-08-19; 2014-12-01 [Information technology — Security techniques — Evaluation criteria for IT security — Part 2: Security functional components: ISO/IEC 15408-2: 2008 — ISO/IEC. — First edit. 2008-08-19; Last edit. 2014-12-01]. Mizhnarodna orhanizatsiia postandartyzatsii [International Organization for Standardization], 2008. III, 218 p. Mizhnarodnyi standart [International standard].
13. Informatsiini tekhnolohii — Metody ubezpechennia — Kryterii otsinennia bezpeky IT — Chastyna 3: Komponenty ubezpechennia: ISO/IEC 15408-2 2008 — ISO/IEC. — 2008-08-19; 2014-12-01. [Information technology — Security techniques — Evaluation criteria for IT security — Part 3: Security assurance components: ISO/IEC 15408-2:2008 — ISO/IEC. — First edit. 2008-08-19; Last edit. 2014-12-01]. Mizhnarodna orhanizatsiia po standartyzatsii [International Organization for Standardization], 2008. III, 174 p. Mizhnarodnyi standart [International standard].
