Открытое образование (Москва) (Jul 2019)

Improving the efficiency of the formation of professional competencies Masters in “Information Security” based on the use o CASE-technologies

  • A. V. Gavrilov,
  • V. A. Sizov

DOI
https://doi.org/10.21686/1818-4243-2019-3-25-32
Journal volume & issue
Vol. 23, no. 3
pp. 25 – 32

Abstract

Read online

Purpose of the study. In modern conditions, building an effective information security system for an enterprise requires specialists with appropriate professional competencies and systems approach skills in analyzing a combination of factors that influence the state of information security of an enterprise. For the preparation of such kind of specialists, qualitative changes in the content of educational disciplines are required, based on the use of methods and means of system analysis in the process of building an information security system. The current approaches to assessing the risk of an enterprise are based on the formation of a register of its information resources necessary for the further processing of risks. Adequate assessment of the value of a resource is impossible without a correct understanding of the semantics of this resource and its role in the implemented business processes. Modern approaches to the formation of the register of enterprise information resources, according to the authors, do not offer an effective method of identifying resources and estimating their value.This paper considers an approach based on the use of structural and functional analysis methods and CASE-technologies in the formation of a register of information resources of the enterprise in the training of masters in the direction of “Information Security”. Materials and methods. For the formation of the register of enterprise information resources, it is proposed to build a structural-functional enterprise model using the IDEF0 notation. Business process modeling was performed in the Business Studio environment of «Modern Control Technologies». As an example for risk analysis, the activities of a typical IT-industry company engaged in the development and implementation of enterprise management information systems were considered. Results. The technique was successfully tested in the educational process. According to the authors of the article, the use of this technique in conducting laboratory classes for masters enrolled in the “Information Security” direction has made it possible to increase the efficiency of the formation of professional competencies in students and, consequently, in general, the quality of education. The results obtained can be used not only as a training method for specialists in the field of information security. The application of the methodology of forming the register of information resources of an enterprise considered in the article in practical activities to ensure the information security of an enterprise will increase the validity of decisions to protect the information of the enterprise. Conclusion. The paper proposes a method to justify the choice of the main directions for the protection of enterprise information based on the analysis of its business processes. A distinctive feature of the technique is the use of modern CASE-technologies for decision-making in the field of enterprise information security. The implementation of the methodology allows you to create a register of information resources of the enterprise, including an assessment of the likely damage for each resource. The registry shows the bottlenecks in the organization of protection, which should be given priority when planning measures to protect information. On the basis of the data obtained, it is possible to form a strategy and tactics for developing an enterprise information protection system that is reasonable from an economic point of view.

Keywords