On the Problem of Complex Security System Management of Cyber-physical Systems

2018;
: pp. 10 - 21
Автори: 
Valeriy Dudykevych, GalynaMykytyn, Andrii Rebets

Department of Information Security, Lviv Polytechnic National University, S. Bandery Str., 12, Lviv, 79013, UKRAINE

E-mail:

  1. vdudykev@polynet.lviv.ua,
  2. cosmos-zirka@ukr.net,
  3. a.rebets@ukr.net

Models of information security (IS) management of cyber-physical systems (CPS) were analyzed according to ISO/IEC TR 13335 and ISO/IEC 27001, which are the basis for developing a management methodology of a complex security system (CSS) within the management model “plan – do – check – act”. The CSS management structure of CPS was proposed at the level of an information life cycle and the multilevel model “cyberspace – communication environment – physical space” based on the conception “object – threat – protection”, which extends an application of the IS management system.

  1. Proekt Stratehii kibernetychnoi bezpeky Ukrainy. Elektronnyi resurs. – Rezhym dostupu: http://www. niss. gov. ua/public/File/2013_nauk_an_rozrobku/kiberstrateg. pdf.
  2. Mykytyn G.V. Security of Cyber-Physical Systems from Concept to Complex Information Security System/ Dudykevych V., Mykytyn G., Kret T., Rebets A. // Advances in Cyber-Physical Systems. – Volume 1, Number 2 (2016). – S. 67–75.
  3. Informatsiini tekhnolohii. Nastanovy z keruvannia bezpekoiu informatsiinykh tekhnolohii (IT). Chastyna 1. Kontseptsii y modeli bezpeky IT (ISO/IEC TR 13335-1: 1996, IDT): DSTU ISO/IEC TR 13335-1-2003. – [Chynnyi vid 2004-10-01]. – K.: Derzhspozhyvstandart Ukrainy, 2004. – 23 s.
  4. Informatsiini tekhnolohii. Nastanovy z keruvannia bezpekoiu informatsiinykh tekhnolohii (IT). Chastyna 2. Keruvannia ta planuvannia bezpeky IT (ISO/IES TR 13335- 2: 1997, IDT): DSTU ISO/IEC TR 13335-2-2003. – [Chynnyi vid 2004-10-01]. – K.: Derzhspozhyvstandart Ukrainy, 2004. – 20 s.
  5. Informatsiini tekhnolohii. Nastanovy z keruvannia bezpekoiu informatsiinykh tekhnolohii (IT). Chastyna 3. Metody keruvannia zakhystom IT (ISO/IES TR 13335-3: 1998, IDT): DSTU ISO/IEC TR 13335-3-2003. – [Chynnyi vid 2004-10-01]. – K.: Derzhspozhyvstandart Ukrainy, 2004. – 48 s.
  6. Informatsiini tekhnolohii. Metody zakhystu. Systema upravlinnia informatsiinoiu bezpekoiu. Vymohy: HSTU SUIB 1.0 / ISO/IEC 27001: 2010. – [Chynnyi vid 2010-01-01]. – K.: Natsionalnyi bank Ukrainy, 2010. – 49 s.
  7. Informatsiini tekhnolohii. Metody zakhystu. Systema upravlinnia informatsiinoiu bezpekoiu. Zvid pravyl dlia upravlinnia informatsiinoiu bezpekoiu: HSTU SUIB 2.0 / ISO/IEC 27002: 2010. – [Chynnyi vid 2010-01-01]. – K.: Natsionalnyi bank Ukrainy, 2010. – 149 s.