The paper considers specifics of information resources protection in corporate networks and systems. An approach to assessing protection means is described which allows to reduce their deployment cost and adapts easily to specific needs of any organization with an allowance for specifics of its activities and business. Such an approach makes it possible to describe information resources more precisely through their characteristic vulnerabilities and resources cost. It also helps to rank the risks and information resources according to their criticality for organization activities.
1 Форристал Д. Защита от хакеров WEB-приложений. – ДМК. 2004. – 496 с. 2. Trusted Computer Systems Evaluation criteria, US DoD 5200.28-STD, 1985. 3. Information Tecnhology Security Evaluation Criteria, v. 1.2. – Office for Official ublications of the European Communities, 1991. 4. Canadian Tusted Computer Product Evaluation Criteria, v. 3.0. Canadian System Security Centre, Communications Security Establishment, Government of Canada, 1993. 5. Federal Criteria for Information Technology security. – NIST, NSA, US Government, 1993. 6. ISO/IEC 15408-1:1999 – Information technology – Security techniques – Evaluation criteria for IT security – Part 1: Introduction and general model. 7. ISO/IEC 15408-2:1999 – Information technology – Security techniques – Evaluation criteria for IT security – Part 2: Security functional requirements. 8. ISO/IEC 15408-3:1999 – Information technology – Security techniques – Evaluation criteria for IT security – Part 3: Security assurance requirements. 9. СЕМ-97/017. Common Evaluation Methodology for Information Technology Security – Part 1: Introduction and general model. 10. Якименко І. З. Критерії оцінки рівня захисту комп’ютерних мереж з врахуванням їх архітектури // Інформатика та математичні методи в моделюванні, 2013. – Т. 3 – №1 – С. 82–90. 11. Защита сетевого периметра: наиболее полное руководство по брандмауэрам, виртуальным частным сетям, маршрутизаторам и системам обнаружения вторжений [Текст] / С. Норткатт [и др.]; науч. ред. Н. И. Алишов. – К.; М.; СПб.: DiaSoft, 2004. – 664 с. 12. Петров А. А. Компьютерная безопасность. Криптографические методы защиты. – М.: ДМК, 2000. – 445 c. 13. ISO/IEC 15408-2:1999 – Information technology – Security techniques – Code of practice for information security management