Вестник Дагестанского государственного технического университета: Технические науки (Oct 2024)

Categorization of objects of critical information infrastructure of higher education institutions

  • E. V. Burkova,
  • A. A. Rychkova,
  • L. A. Gritsenko

DOI
https://doi.org/10.21822/2073-6185-2024-51-3-42-53
Journal volume & issue
Vol. 51, no. 3
pp. 42 – 53

Abstract

Read online

Objective. Currently, the task of ensuring the security of Russia's national information resources is being updated as an important area of state policy in the information sphere. The purpose of the article is to describe a methodology for determining the criticality of processes in the research activities of a higher educational institution in order to solve the issue of assigning it the category of critical information infrastructure and, in accordance with this category, ensuring the requirements for the information security system. Method. The method of expert assessments and BPMN business process modeling are used. Result. An overview of approaches to categorizing objects of critical information infrastructure of scientific activity of higher education institutions is presented. The analysis and comparison of regulatory documents of regulators, their adaptation for the field of science, the main stages of categorization, local regulatory documents allowing categorization in accordance with the requirements of the regulatory framework are determined. To carry out the categorization process of the university, a scheme of categorization stages has been developed, the rules of analysis of the organization's objects for the purpose of identifying criticality with subsequent assignment of a category of significance or rejection of a category have been considered. Conclusion. The scientific activity of a higher education institution is subject to analysis to identify critical processes, inventory of objects with identification of possible consequences as a result of the implementation of security threats, identification of subjects and objects of critical information infrastructure, assessment of the category of significance. To increase the reliability of the results obtained, the rules of procedure of the special commission on categorization, drafts of local documents on the inventory of objects and the formalization of processes have been developed.

Keywords