Information security management system of a corporate network
Дипломная работа - Компьютеры, программирование
Другие дипломы по предмету Компьютеры, программирование
mode. This action is usually needed in the two following situations. First, when some of the filtered records have been changed and do not fit the selection criterion anymore. Second, when the selection criterion has been changed and it is needed to filter the records in the same mode again.button Conditions of records selection (Умови відбору записів) is used to enable the filter and to switch to Selection conditions form. It is also possible to switch to the form and back by the standard means of MS Access.button Disable filter (Вимкнути фільтр) cancels the filtering selection, hides the filter controls and closes the form Selection conditions, unless that form is used by another filter or report formation.
3.5.5 Pivot table Risks estimation
The form Risks estimation (Оцінка ризиків) is opened from the main menu of the ISMS Matrix. The fig. 3.5 presents the overview of the pivot table. The form visualises the distribution of risks among the assets of the target organisation.
. 3.5. The pivot table Risks estimation of the ISMS Matrix
pivot table presents the distribution of risks as the correlation between threats and assets of the target organisation. The total risk estimations are provided for each threat, each asset and the whole organisation.values of the risk estimations can be conventional or be measured in terms of financial losses. The detailed description of the risk estimation mechanism is presented below in subsection 3.6.3 Risk assessment.can be applied to the pivot chart by assets and threats. The display of certain elements of assets or threats is controlled by the standard means of MS Access for pivot charts. To enter the list of displayed elements, it is necessary to click the triangle next to the name of the element header. On the fig. 3.5 such filter-enabling triangles can be seen near the row heading Asset (Актив) and the column heading Threat (Загроза). The filters of the pivot table can be applied simultaneously.
3.5.6 Form Statistics of tasks and knowledge
The form Statistics of tasks and knowledge (Статистика задач та знань) is opened from the main menu of the ISMS Matrix. The fig. 3.6 presents the overview of the form. The form calls the pivot charts that display the general overviews of the IS state at the target enterprise from the different perspectives.
. 3.6. The form Statistics of tasks and knowledge of the ISMS Matrix
information from the pivot tables can be used to facilitate the ISS audit process. The statistics are provided for both tasks and documents sections of the ISMS.list of pivot tables opened from the form is the following.
1.Group Statistics of tasks (Статистика задач):
.1.Tasks by the Matrix (Задачі по Матриці);
1.2.Tasks by employees (statuses) (Задачі по співробітникам (статусам));
1.3.Tasks by objects (Задачі по об'єктам);
1.4.Tasks by supervisors (Задачі по керівникам);
1.5.Expired tasks (Прострочені задачі);
2.Group Statistics of knowledge (Статистика знань):
2.1.Assets by responsible (Активи за відповідальними);
2.2.Assets by documents and responsible (Активи за документами та відповідальними);
2.3.Distribution of requirements by responsible (Розподіл вимог за відповідальними).detailed descriptions of the listed pivot tables are presented below in the subsection 3.5.10 Pivot tables of statistics.
3.5.7 Form Selection conditions
The form Selection conditions (Умови відбору) can be opened either from the main menu of the ISMS Matrix, tasks and knowledge input forms, or Formation of documents or reports (Формування документів / звітів) form. The fig. 3.7 presents the overview of the form. The fields on the form duplicate the group of the classifying fields in the input forms.combo list boxes of the classifying elements are intended to store the selection conditions for the tasks and knowledge input forms or formation of documents and reports. For example, if the field Document (Документ) is set to НБУ СУІБ-1 27001 (the short name of [3]), then when the input form filters will be switched into the Document mode, all the records having НБУ СУІБ-1 27001 in the Document field will be selected. This also applies to reports involving selection by document.
. 3.7. The form Selection conditions of the ISMS Matrix
form contains the group of fields For tasks only (Тільки для задач), including updating range limiters and Show archived (Відображати архівні) checkbox. The group is situated in the lower-right part of the form.date fields From (З) and Till (По) specify the range of task updating date. Both fields must be specified to use the task reports involving a time period. If the starting range is unknown, the users can enter any early date (like 01.01.1900).button Close the form (Зачинити форму) closes the form in no forms depend on it. For example, if a filter is on in the tasks input form, the Selection conditions form would not close upon the button press.button Tasks input (Введення задач) opens the form Detailed tasks information (Детальна інформація щодо задач) and enables its filter automatically.button Documents input (Введення документів) opens the form Knowledge - documents input (Знання - Введення документів) and enables its filter automatically.button Formation of documents or reports (Формування документів / звітів) opens the form with the same name to select a report or document compilation based on selected criteria.
3.5.8 Form Formation of documents or reports
The form Formation of documents or reports (Формування документів / звітів) is opened either from the main menu of the ISMS Matrix or from the form Selection conditions (Умови відбору). The fig. 3.8 presents the overview of the form. There are three groups of elements on the form situated vertically. The topmost group has the elements serving for common purposes. The next group forms the task reports. The group at the lower side of the form sets the document compilations.
. 3.8. The form Formation of documents or reports of the ISMS Matrix
The button Conditions of records selection (Умови відбору записів) opens the corresponding form.checkbox Create *.rtf file (Створити файл *.rtf) triggers the export of selected report to an external file.list Form the report on operational tasks (Сформувати звіт з оперативних задач) is intended to select the report to be produced. The report is made immediately after the selection of the corresponding item in the list. The following reports are available for the operational tasks section of the ISMS Matrix.
1.All tasks (Всі задачі);
2.Archived tasks over a period (Архівні задачі за період);
3.Expired tasks for today (Прострочені задачі на сьогодні);
4.Tasks by direction (Задачі по напрямку);
5.Tasks by direction and responsible (Задачі по напрямку та відповідальному);
6.Tasks by direction and object (Задачі по напрямку та об'єкту);
7.Tasks by direction over a period (Задачі по напрямку за період);
8.Tasks over a period by responsible (Задачі за період по відповідальному);
9.Tasks over a period by supervisor (Задачі за період по керівнику);
10.Tasks over a period by object (Задачі за період по об'єкту);
11.Tasks over a period by object and responsible (Задачі за період по об'єкту та відповідальному);
12.All problems (Всі проблеми);
13.Problems by responsible (Проблеми по відповідальному);
14.Problems by object (Проблеми по об'єкту);
15.Problems over a period (Проблеми, що виникли за період);
16.Tasks by stage (Задачі по етапу);
17.Tasks by stage and direction (Задачі по етапу та напрямку).
The reports involving selection for the time period assume the range of updating dates and do not take into account the records with empty Updated fields.group Compile the document (Скомпонувати документ) contains the set of knowledge selection criteria checkboxes and two document compilation buttons. The knowledge can be selected from the database by any combination of the criteria. If none of the criteria is selected, the full list of documents and knowledge will be compiled.button Compile (Скомпонувати) launches the compilation of the document according to the ticked checkboxes of selection criteria. If none of the criteria are selected, the full list of documents and knowledge will be compiled.
The button Form the information security policy (Сформувати політику інформаційної безпеки) launches the formation of the high-level IS policy based on all the stored knowledge. The description of the formed policy is presented in the subsection 3.6.4 Information security policy formation below. The