Russian Federation
The work is devoted to solving the problem of harmonizing the regulatory legal framework on Information Security and Protection for EMERCOM of Russia, which required creating an appropriate methodology. The main contradictions of subject area in the categorical analysis notation are shown, namely between: obsolescence and updating of the regulatory legal framework on Information Security and Protection; normative legal documents quantity and quality; global/national and departmental/state interests in the infosphere. It is hypothesized that all the identified contradictions are not antagonistic and, therefore, their mitigation can be subject of harmonization. The harmonization principles have been synthesized, which can act as (principled) requirements to methodology and special information technology for solving applied harmonization tasks of the regulatory legal framework on Information Security and Protection. First, scientific validity principle, in the sense of systematicity, logicality, necessity and sufficiency, formalisability, unambiguity and reliability. Secondly, realisability principle, in the sense of determinacy, effectiveness and massiveness, as well as the tools availability. Thirdly, extensibility principle, in the sense of the applied problems pool and methods of their solution. Fourthly, pragmatism principle, in the sense of a basis for developing evidence-based proposals and recommendations for harmonization. It has been found that there is no (or no known) methodology suitable for solving such a large and difficult to formalize task as harmonizing of the regulatory legal framework on Information Security and Protection. The harmonization notion of the regulatory legal framework is defined in a broad and narrow sense. For the latter, the objectives are defined: primary – comparability, secondary – establishment of equivalence in form/content and identity. A formalized record of such harmonization idea and its secondary aims is given; primary is understood through the ontology of subject area and is achieved by the essence alphabet unity of normative legal documents markup. A methodological scheme for harmonization of the regulatory legal framework on Information Security and Protection is proposed in the form of a logically linked (by initial data and results) stages sequence. An example of proposed methodology workability is given and a replenishable pool of the regulatory legal framework on Information Security and Protection harmonization applied tasks for EMERCOM of Russia is defined. Conclusions are drawn regarding the novelty and practical significance of the results obtained, as well as directions for further research.
information security and protection, regulatory legal framework, harmonization principles, harmonization methodology, applied tasks, special solution technology
1. Bujnevich M.V., Primakin A.I. Kategorial'nyj analiz problem garmonizacii normativno-pravovoj bazy informacionnoj bezopasnosti // Informacionnaya bezopasnost' regionov Rossii (IBRR-2015). 2015. S. 34–35.
2. Ob utverzhdenii Osnov gosudarstvennoj politiki Rossijskoj Federacii v oblasti mezhdunarodnoj informacionnoj bezopasnosti: Ukaz Prezidenta Ros. Federacii ot 12 apr. 2021 g. № 213. Dostup iz sprav.-pravovogo portala «Garant».
3. Organizacionno-tekhnicheskoe obespechenie ustojchivosti funkcionirovaniya i bezopasnosti seti svyazi obshchego pol'zovaniya / M.V. Bujnevich [i dr.]; pod. obshch. red. S.M. Docenko. SPb.: Izd-vo SPbGUT, 2013. 142 s.
4. Izrailov K.E., Tatarnikova I.M. Podhod k analizu bezopasnosti programmnogo koda s pozicii ego formy i soderzhaniya // Aktual'nye problemy infotelekommunikacij v nauke i obrazovanii (APINO-2019): sb. nauch. statej VIII Mezhdunar. nauch.-tekhn. i nauch.-metod. konf. SPb, 2019. S. 462–467.
5. Izrailov K.E. Modelirovanie programmy s uyazvimostyami s pozicii evolyucii ee predstavlenij. Chast' 1. Skhema zhiznennogo cikla // Trudy uchebnyh zavedenij svyazi. 2023. T. 9. № 1. S. 75–93. DOI:https://doi.org/10.31854/1813-324X-2023-9-1-75-93.
6. Izrailov K.E. Modelirovanie programmy s uyazvimostyami s pozicii evolyucii ee predstavlenij. Chast' 2. Analiticheskaya model' i eksperiment // Trudy uchebnyh zavedenij svyazi. 2023. T. 9. № 2. S. 95–111. DOI:https://doi.org/10.31854/1813-324X-2023-9-2-95-111.
7. Bujnevich M.V., Izrailov K.E. Analiticheskoe modelirovanie raboty programmnogo koda s uyazvimostyami // Voprosy kiberbezopasnosti. 2020. № 3 (37). S. 2–12. DOI:https://doi.org/10.21681/2311-3456-2020-03-02-12.
8. Modeling the Development of Energy Network Software, Taking into Account the Detection and Elimination of Vulnerabilities / I. Kotenko [et al.] // Energies. 2023. Vol. 16. Iss. 13. P. 5111. DOI:https://doi.org/10.3390/en16135111.
9. Bujnevich M.V. Metody iskusstvennogo intellekta v reshenii zadachi garmonizacii normativno-pravovogo obespecheniya pozharnoj i informacionnoj bezopasnosti dlya integrirovannyh sistem zashchity informacii // Pozharnaya bezopasnost': sovremennye vyzovy. Problemy i puti resheniya: materialy Vseros. nauch.-prakt. konf. SPb, 2024. S. 29–34.
10. Metodika ocenki ugroz bezopasnosti informacii: metod. dokument (utv. FSTEK Rossii 5 fevr. 2021 g.). Dostup iz sprav.-pravovogo portala «Garant».
11. Koncepciya informacionnoj bezopasnosti MChS Rossii (utv. resheniem kollegii MCHS Rossii ot 4 iyunya 2019 g. № 4/I). Dostup iz sprav.-pravovogo portala «Garant».
12. Ob utverzhdenii trebovanij o zashchite informacii, ne sostavlyayushchej gosudarstvennuyu tajnu, soderzhashchejsya v gosudarstvennyh informacionnyh sistemah: prikaz FSTEK Rossii ot 11 fevr. 2013 g. № 17. Dostup iz sprav.-pravovogo portala «Garant».
13. Mery zashchity informacii v gosudarstvennyh informacionnyh sistemah: metod. dokument (utv. FSTEK Rossii 11 fevr. 2014 g.). Dostup iz sprav.-pravovogo portala «Garant».