Journal of Engineering and Applied Sciences
Year:
2017
Volume:
12
Issue:
6 SI
Page No.
7776 - 7778
Definition of the Method of Determination of the Violator of Information
Security in Process of Modeling the Threats of Information Security in the
Information Systems of Processing Personal Data
Authors :
Roman Zhuk
and
Alexandra Vlasenko
References
CWE., 2006. Overview: What is CWE?. Common Weakness Enumeration, USA. https://cwe.mitre.org/about/index.html
DGRF., 2012. On the approval of the requirements for the protection of personal data when processing them in information systems of personal data. Decrees of the Government of the Russian Federation, Moscow, Russia.
FSTEC., 2008. The basic model of threats to the security of personal data under their: Processing in the information systems of personal data. Federal Service for Technical and Export Control, Russia.
FSTEC., 2015. Methodology definitions of threats security information in information systems. Federal Service for Technical and Export Control, Russia. http://fstec.ru/component/attachments/download/812.
FSTEC., 2017. State research institute of problems of technical protection of information. Federal Service for Technical and Export Control, Russia. http://bdu.fstec.ru/
Federal Law, 2006. On personal data. Federal Law, Russia. https://iapp.org/media/pdf/knowledge_center/Russian_Federal_Law_on_Personal_Data.pdf
First, IST., 1995. Common vulnerability scoring system SIG. FIRST-Improving Security Together, Tempe, Arizona, USA. https://www.first.org/cvss/
ISO. and IEC., 2010. Information technology methods and means of ensuring security: Risk management information security. International Organization for Standardization, International Electrotechnical Commission, Geneva, Switzerland.