Information security management system of a corporate network
Дипломная работа - Компьютеры, программирование
Другие дипломы по предмету Компьютеры, программирование
anisation or the considered document. Secondly, it is needed to explore the IS solutions market and find those that provide the most of demanded functions or best comply with the set requirements.exist a very large number of IS solutions. Each target organisation should select the solutions according to its needs, implementation potential and budget. The IS standards usually do not specify the concrete solutions in order to give some freedom (and thus ease) in implementation. It is the best practice if the set of solutions (вирішення) contains concrete names of the IS products used at the target enterprise, but general names like Application of controls (Застосування контролів) or Access limitation (Обмеження доступу) are also available.
5.5.Implementations (впровадження)element initially designated the actions taken in order to implement the selected IS solutions (that in turn satisfy the set requirements). The implementation may occur at different IS levels (administrative, organisational, technical) and at all stages (design, construction, testing or upgrade of an ISS).define the set of implementation entries, it is needed to decide what methods and organisational arrangements will be used to implement the selected IS solutions at the target organisation.set of implementations depends on the structure and other peculiarities of the target organisation and its personnel in particular. It is recommended to state the decree and control of the target organisations management concerning the IS implementation, because practical implementation experience shows that personnels unwillingness is one of the strongest obstructive factors on the way to establishment of the corporate information security. It is recommended to list the general names of the implementation procedures, like Personnel training (Навчання персоналу) or Equipment tuning (Налаштування обладнання).
.6.Control (контроль)
As in the classic system approach to information security, this element represents the processes of the ISS integrity control and IS management. These processes encompass a wide scope of functions ranging from strictly-technical, like Control of copying (Контроль копіювання) to high-level managerial, like Control of IS responsibilities (Контроль відповідальностей за ІБ). The Ukrainian branch standard [4] defines controls as means of risk management that include policy, procedures, directives, practice or organisational structures, which can have administrative, technical, managerial or legal character. But in the proposed ISMS implementation control has the broader aspect, aimed not at risk management, but at the maintenance of IS and implementation of certain regulations. Thus risk control becomes a part of more complex IS mechanism.
To define the set of control it is necessary to compose the list of procedures that ensure the integrity of the target organisations ISS, or check and manage the implementation of the considered document.security standards like [4] sometimes list the control entries explicitly, but the users can also fill the control set by all management and testing IS processes that take place at the target organisation. The list may include names of control groups with sub-controls, like Control of personnel (Контроль персоналу) and Control of employment (Контроль прийому на роботу) respectively.the sets of values in each of the classifying elements are formed by the end users for the target organisation or the considered document, so the obtained system complies both with the system approach to IS and the business processes of the target organisation, having the structure matching the system approach and the filling matching the target organisation and considered documents.the example if the end users have all the sets filled with minimal necessary amounts of items, i.e. that each task or document record can be classified at least in general. In this case the system will have the following elements of the system approach to IS:
1.Bases, consisting of the documents, employees, measures and means that exist in the target organisation;
2.Directions, corresponding to target organisations major business processes;
.Seven classical stages of the system approach to IS that have their results listed (for example, the asset definition as the first stage results in the list of assets);
.The custom list of stages that represents the target organisations IS process.
3.4.3 Main data storages
The main storages of the database in ISMS Matrix are the tables Tasks (Ту_ЗАДАЧИ) and Knowledge (Тд_ЗНАНИЯ).table Tasks (Ту_ЗАДАЧИ) contains two sets of fields: the group of classifying fields and the ones that constitute the operational task itself. The classifying fields group places each task in the systematised framework of the system approach to IS. The fields that constitute the task are listed below:
1.Date set (Коли поставлена) - the date of task setting;
2.Execution term (Строк виконання) - the final date of the task execution;
.Status (Статус) - the general state of the task (current, urgent, cancelled, archived, etc.);
.Date Updated (Оновлена) - the date of the last changes made to the task;
.Task description (Опис задачі) - the list of necessary actions;
.Executors (Виконавці) - regular and involved executors of the task and their contact information (if more than one employee is involved in execution);
.State (Стан) - the degree of execution of the task and the list of performed actions and involved measures;
.Problems (Проблеми) - questions and obstacles appeared during the execution of the task;
.Remarks (Зауваження) - short remarks of the supervisor or management;
.Supplementary (Додатково) - hyperlink to supplementary information;
.Man-hours (Люд-год) - number of man-hours given to execute the task.
The second main data storage in the database structure of the ISMS Matrix is the table Knowledge (Тд_ЗНАНИЯ). Its strings are intended to store the sections of documents that can be referred entirely to a certain place of the system approach to IS, i.e. have assigned one of each classifying elements. In case when the document is small and has a narrow coverage (like a decree or a standard order), it can be stored in one record of the table entirely. The table Knowledge (Тд_ЗНАНИЯ) contains two sets of fields: the group of classifying fields and the ones that constitute the document section itself. The classifying fields group places each document section in the systematised framework of the system approach to IS. The fields constituting the document section are listed below:
1.Shortly (Коротко) - the short heading of the document section;
2.Completely (Повно) - the full heading of the document section;
.Description (Опис) - description of the document section, including annotation or notes concerning the section content;
.Contents (Зміст) - the full content of the document section. The field can contain only a small note if the link to the document file is used (see next item);
.Reference (Посилання) - hyperlink to supplementary information or the file with the document itself (in this case the document content can be updated independently of the ISMS).
3.4.4 Program modules
The implementation of the ISMS Matrix required the development of program modules in Microsoft Visual Basic for Applications language (MS VBA). Such modules were used for forms and reports. One module was independent and contained the shared custom functions. This module is presented in appendix E as an example.
3.5 Interfaces of the ISMS
.5.1 Main menu
The interaction of the end users with the ISMS Matrix starts from the main menu (see fig. 3.1), which is automatically opened at the start-up. The following functions are accessible from the main menu.
1.Management - operational tasks (Керування - оперативні задачі) - open the form Detailed tasks information (Детальна інформація щодо задач) to enter or edit the operational tasks;
2.Knowledge - documents (Знання - документи) - open the form Knowledge - documents input (Знання - Введення документів) to enter or edit the documents or their sections;
. 3.1. The main menu of the ISMS Matrix
3.Risks estimation (Оцінка ризиків) - open the pivot table with the same name that presents the risks considered at the target enterprise;
4.Statistics of tasks and knowledge (Статистика задач та знань) - open the form Statistics (Статистика) to call pivot tables on various aspects of operational tasks and knowledge;
.Conditions of records selection for reports or filters (Умови відбору записів для звітів/фільтрів) - open the form Selection conditions (Умови відбору) to select the filtering criteria used in input forms, compiled documents and task reports;
.Formation of documents or reports (Формування документів / звітів) - open the form with the same name to produce the reports on operational tasks or compile the documents by various selections;
.Edit the elements lists (Редагувати списки елементів) - open the form Elements lists (Спи?/p>