The modeling of information security system design processes in state information systems

The relevance and necessity of implementing measures to protect information in state information systems today is obvious both from the point of view of existing legislation, and from the point of view of the objective presence of a large number of threats of a very different nature. Protective measures should take into account such factors as the growth of the volume of processed information, the use of various data processing technologies, the multi-user nature of access to information resources, and the complexity of the modes of operation of technical means [Schneier, 2003]. Thus, ensuring information security is a complex of interrelated business processes of an organizational, legal and technical nature. The complexity of the processes of implementing security systems makes it necessary to perform the planning stage of this process, which is closely related to the need to develop a domain model. This determines the relevance of writing this work. The purpose of this article is to develop a set of models that describe the features of organizational, legal and technical processes that arise at the design stages of information security systems in state information systems. The methodological basis for writing the work is the normative legal acts of the FSTEC of Russia. A comparative analysis of possible methods of modeling the described subject area allowed us to determine the tools used. To describe the ongoing processes in the design of the information security system, the SADT functional graphical modeling methodology was used. Mathematical modeling methods were used to model the process of rational choice of information security tools. The result of the research presented in this paper is a set of models that describes the processes characteristic of the design stage of the information security system in state information systems.