ANALYSIS OF MODERN APPROACHES AND METHODOLOGIES IN THE FIELD OF INFORMATION AND DATA PROTECTION
DOI:
https://doi.org/10.35546/kntu2078-4481.2024.1.32Keywords:
security classes, confidentiality, information and data protection, information security, threats, security measuresAbstract
In this work on the topic "Analysis of modern approaches and methods in the field of information and data protection" by D. V. Lubko. and Miroshnichenko M. Yu. the classification of data according to the degree of confidentiality and availability is considered as an important component of information security management. The purpose of the article is the analysis of modern approaches to classification in the field of information protection and the use of these techniques to prevent malicious influence. There are a number of security technologies that can help protect data from unauthorized access, disclosure, alteration or destruction; security audits should be conducted regularly (security audits will help you determine whether your security measures are effective). The authors of the article indicate that security classes can be used for a variety of purposes, including: developing a security policy (a security policy is a document that defines the rules and procedures that an organization must follow to protect its data, and security classes can be used to developing a security policy that provides adequate protection for all data used by the organization); measuring the effectiveness of security measures (i.e. organizations should regularly audit their security measures to ensure they are effective, and security classes themselves can be used to assess the effectiveness of security measures, as they help determine whether data is adequately protected given its level of sensitivity); security audit (a security audit is an independent study conducted to assess the security posture of an organization, and the security classes themselves can be used for a security audit because they help determine whether an organization meets data security requirements). The paper notes that threats to private information can come from a variety of sources, and it is important to have a broad set of security measures in place to protect data. This may include cryptographic encryption, two-factor authentication, regular security audits, social engineering training for staff, and regular updates to information and data protection systems.
References
Гуцу С.Ф. Правові основи інформаційної діяльності: навч. посіб. Харьків: Нац. аерокосм. ун-т «Харк. авіац. ін-т». 2009. 48 с.
Кормич Б.А. Організаційно-правові основи політики інформаційної безпеки України : автореф. дис. на здобуття наук. ступеня докт. юрид. наук: спец. 12.00.07 «Адміністративне право і процес; фінансове право; інформаційне право». Нац. ун-т внутр. справ. Харьків. 2004. 42 c.
Марущак А.І. Інформаційно-правові напрями дослідження проблем інформаційної безпеки. Державна безпека України. 2011. № 21. С. 92–95.
Сороківська О.А., Гевко В.Л. Інформаційна безпека підприємства : нові загрози та перспективи. Вісник Хмельницького національного університету. 2010. № 2. т. 2. С. 32–35.
Lubko D., Sharov S., Strokan O. Software development for the security of TCP-connections. Modern development paths of agricultural production: trends and innovations. Cham: Springer international publishing. 2019. С. 99–109.
Michaelsen J.R., Vacca J.W. Information security risk management: A guide to managing risks to information assets. Springer. 2018.
Grossman J. et al. XSS Attacks: Cross site scripting exploits and defense. MA: Syngress, Elsevier. 2007. 463 p.
NIST. National institute of standards and technology. Cybersecurity framework. URL: https://www.nist.gov/cyberframework (дата звернення: 15.02.2024).
ISO/IEC 27005:2011. Information security risk management.
Michael Whitman, Herbert Mattord. Information security: principles and practices. Publisher: Cengage learning. 2017. 656 p.
