Analyzing organizational and legal aspects of the information security tools operation in the organization

The paper analyzes the main regulatory requirements imposed on the information security tools in creating information security systems for the state information systems, personal data information systems, and information systems of significant objects of the critical information infrastructure. It states requirements for security tools in various categories of the protected information. The paper identifies areas of responsibility for the regulatory bodies in terms of forming requirements for the information security tools used in the organizations to create the secure information systems. It shows the differences in requirements for the information security tools depending on the categories of processed information to be protected. The paper defines restrictions to using the foreign-made information security tools when creating a secure information system for the organization and conditions for conducting certification tests of the created information security systems.

References

[1] Trofimov V.V., Ilyina O.P., Kiyaev V.I. and others. Information technology. Moscow, Yurait Publishing House, 2025, 546 p. (In Russ.).

[2] Shvetsov A.N. “Information Society”: theory and practice of formation in the world and in Russia. Moscow, URSS Publ., 2021, 304 p. (In Russ.).

[3] Suvorova G.M. Information security. Moscow, Yurait Publishing House, 2025, 277 p.

[4] Rodichev Yu.A. Information security. National standards of the Russian Federation. St. Petersburg, Piter Publ., 2023, 384 p. (In Russ.).

[5] Vostretsova E.V. Fundamentals of information security. Yekaterinburg, Ural Publishing House University, 2019, 204 p. (In Russ.).

[6] Sokolovsky V.E., Glinskaya E.V. Secure software development as a component of the information security system. Politekhnicheskiy molodezhnyy zhurnal, 2024, no. 3. (In Russ.). URL: https://ptsj.bmstu.ru/catalog/icec/insec/979.html (accessed 09.09.2024).