<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE article PUBLIC "-//NLM//DTD JATS (Z39.96) Journal Publishing DTD v1.3 20210610//EN" "JATS-journalpublishing1-3.dtd">
<article article-type="research-article" dtd-version="1.3" xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xml:lang="ru"><front><journal-meta><journal-id journal-id-type="publisher-id">dt</journal-id><journal-title-group><journal-title xml:lang="ru">Цифровая трансформация</journal-title><trans-title-group xml:lang="en"><trans-title>Digital Transformation</trans-title></trans-title-group></journal-title-group><issn pub-type="ppub">2522-9613</issn><issn pub-type="epub">2524-2822</issn><publisher><publisher-name>Educational Establishment “Belarusian State University of Informatics and Radioelectronics”</publisher-name></publisher></journal-meta><article-meta><article-id pub-id-type="doi">10.35596/2522-9613-2022-28-3-65-72</article-id><article-id custom-type="elpub" pub-id-type="custom">dt-702</article-id><article-categories><subj-group subj-group-type="heading"><subject>Research Article</subject></subj-group><subj-group subj-group-type="section-heading" xml:lang="ru"><subject>ТЕХНИЧЕСКИЕ НАУКИ</subject></subj-group><subj-group subj-group-type="section-heading" xml:lang="en"><subject>TECHNICAL SCIENCES</subject></subj-group></article-categories><title-group><article-title>Методика создания и структура корпоративного подразделения информационной безопасности</article-title><trans-title-group xml:lang="en"><trans-title>Methodology of Creation and Structure of the Corporate Information Security Unit</trans-title></trans-title-group></title-group><contrib-group><contrib contrib-type="author" corresp="yes"><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Кочин</surname><given-names>В. П.</given-names></name><name name-style="western" xml:lang="en"><surname>Kochin</surname><given-names>V. P.</given-names></name></name-alternatives><bio xml:lang="ru"><p>к. т. н., начальник центра информационных технологий</p></bio><bio xml:lang="en"><p>Cand. Of Sci.., Head of the Information Technology Center</p></bio><xref ref-type="aff" rid="aff-1"/></contrib><contrib contrib-type="author" corresp="yes"><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Шанцов</surname><given-names>А. В.</given-names></name><name name-style="western" xml:lang="en"><surname>Shantsou</surname><given-names>A. V.</given-names></name></name-alternatives><bio xml:lang="ru"><p>аспирант кафедры технологий программирования</p></bio><bio xml:lang="en"><p>Cand. Of Sci., Postgraduate at the Department of Programming Technologies</p></bio><email xlink:type="simple">downseason@mail.ru</email><xref ref-type="aff" rid="aff-1"/></contrib></contrib-group><aff-alternatives id="aff-1"><aff xml:lang="ru"><institution>Белорусский государственный университет</institution></aff><aff xml:lang="en"><institution>Belarusian State University</institution></aff></aff-alternatives><pub-date pub-type="collection"><year>2022</year></pub-date><pub-date pub-type="epub"><day>21</day><month>11</month><year>2022</year></pub-date><volume>28</volume><issue>3</issue><fpage>65</fpage><lpage>72</lpage><permissions><copyright-statement>Copyright &amp;#x00A9; Кочин В.П., Шанцов А.В., 2022</copyright-statement><copyright-year>2022</copyright-year><copyright-holder xml:lang="ru">Кочин В.П., Шанцов А.В.</copyright-holder><copyright-holder xml:lang="en">Kochin V.P., Shantsou A.V.</copyright-holder><license xml:lang="ru" license-type="creative-commons-attribution" xlink:href="https://creativecommons.org/licenses/by/4.0/" xlink:type="simple"><license-p>Данная работа распространяется под лицензией Creative Commons Attribution 4.0.</license-p></license><license xml:lang="en" license-type="creative-commons-attribution" xlink:href="https://creativecommons.org/licenses/by/4.0/" xlink:type="simple"><license-p>This work is licensed under a Creative Commons Attribution 4.0 License.</license-p></license></permissions><self-uri xlink:href="https://dt.bsuir.by/jour/article/view/702">https://dt.bsuir.by/jour/article/view/702</self-uri><abstract><p>Рассмотрена проблематика обеспечения безопасности информационных ресурсов в Республике Беларусь. Определена необходимость применения и рассмотрены типы подразделений информационной безопасности для обеспечения защиты информационных ресурсов. Выделены основные принципы создания подразделения информационный безопасности корпоративного уровня. Определены задачи и основной состав корпоративного подразделения информационной безопасности, а также предложена методика расчета его структуры. Выполнен расчет нагрузки на аналитиков первого и второго уровней из состава команды корпоративного подразделения информационной безопасности. Рассчитано соотношение количества аналитиков первого и второго уровней в составе команды и определены размеры защищаемых информационных ресурсов с помощью подразделения информационной безопасности корпоративного уровня. Предложена структура корпоративного подразделения информационной безопасности и рассмотрены режимы его работы</p></abstract><trans-abstract xml:lang="en"><p>The problems of ensuring the security of information resources in the Republic of Belarus are considered. The necessity of application is determined and the types of information security units to ensure the protection of information resources are considered. The basic principles of creating a corporate-level information security unit are highlighted. The tasks and the main composition of the corporate information security unit are determined, and the methodology for calculating its structure is proposed. The load on analysts of the first and second levels from the team of the corporate information security unit was calculated. The ratio of the number of analysts of the first and second levels in the team is calculated and the sizes of the protected information resources is determined with the help of the corporate-level information security unit. The structure of the corporate information security unit is proposed and the modes of its operation are considered.</p></trans-abstract><kwd-group xml:lang="ru"><kwd>информационные технологии</kwd><kwd>информационная безопасность</kwd><kwd>подразделение информационной безопасности</kwd></kwd-group><kwd-group xml:lang="en"><kwd>information technology</kwd><kwd>information security</kwd><kwd>information security unit</kwd></kwd-group></article-meta></front><back><ref-list><title>References</title><ref id="cit1"><label>1</label><citation-alternatives><mixed-citation xml:lang="ru">Кочин, В. П. Проблемы проектирования комплексной системы защиты информации облачных ресурсов в Республике Беларусь / В. П. Кочин, А. В. Шанцов // Цифровая трансформация. – 2021. – № 3. – С. 34– 39.</mixed-citation><mixed-citation xml:lang="en">Kochyn, V.P. Problems of designing complex information security system for cloud resources in the Republic of Belarus / V. P. Kochyn, A. V. Shantsou // Cifrovaja transformacija [Digital transformation]. – 2021. – Vol. 3 (16). – P. 34–39. (In Russ.)</mixed-citation></citation-alternatives></ref><ref id="cit2"><label>2</label><citation-alternatives><mixed-citation xml:lang="ru">Кочин, В. П. Комплексная система защиты информации облачных ресурсов. / В. П. Кочин, А. В. Шанцов // Комплексная защита информации: материалы XXVI научно-практической конференции, Минск, 25–27 мая 2021 г. – С. 332–334.</mixed-citation><mixed-citation xml:lang="en">Kochyn, V.P. Integrated system of information protection of cloud resources / V. P. Kochyn, A. V. Shantsou // Kompleksnaya zashchita informacii: Materialy XXVI nauchno-prakticheskoj konferencii Kompleksnaya zashchita informacii. [Comprehensive information protection: Materials of the XXVI scientific-practical conference Comprehensive information protection]. – Minsk, 2021. – P. 332–334. (In Russ.)</mixed-citation></citation-alternatives></ref><ref id="cit3"><label>3</label><citation-alternatives><mixed-citation xml:lang="ru">Zimmerman, C. Ten strategies of a world-class cybersecurity operations center / C. Zimmerman. – Bedford: MITRE, 2014.</mixed-citation><mixed-citation xml:lang="en">Zimmerman, C. Ten strategies of a world-class cybersecurity operations center / C.Zimmerman. – Bedford: MITRE, 2014.</mixed-citation></citation-alternatives></ref><ref id="cit4"><label>4</label><citation-alternatives><mixed-citation xml:lang="ru">Bejtlich, R. The Practice of Network Security Monitoring: Understanding Incident Detection and Response / R. Bejtlich. – San Francisco: No StarchPress, 2013.</mixed-citation><mixed-citation xml:lang="en">Bejtlich, R. The Practice of Network Security Monitoring: Understanding Incident Detection and Response / R. Bejtlich. – San Francisco: No StarchPress, 2013.</mixed-citation></citation-alternatives></ref><ref id="cit5"><label>5</label><citation-alternatives><mixed-citation xml:lang="ru">Bejtlich, R. The TAO of Network Security Monitoring: Beyond Intrusion Detection / R. Bejtlich. – San Francisco, No StarchPress, 2013.</mixed-citation><mixed-citation xml:lang="en">Bejtlich, R. The TAO of Network Security Monitoring: Beyond Intrusion Detection / R. Bejtlich. – San Francisco, No StarchPress, 2013.</mixed-citation></citation-alternatives></ref></ref-list><fn-group><fn fn-type="conflict"><p>The authors declare that there are no conflicts of interest present.</p></fn></fn-group></back></article>
