Methodology of Creation and Structure of the Corporate Information Security Unit
https://doi.org/10.35596/2522-9613-2022-28-3-65-72
Abstract
The problems of ensuring the security of information resources in the Republic of Belarus are considered. The necessity of application is determined and the types of information security units to ensure the protection of information resources are considered. The basic principles of creating a corporate-level information security unit are highlighted. The tasks and the main composition of the corporate information security unit are determined, and the methodology for calculating its structure is proposed. The load on analysts of the first and second levels from the team of the corporate information security unit was calculated. The ratio of the number of analysts of the first and second levels in the team is calculated and the sizes of the protected information resources is determined with the help of the corporate-level information security unit. The structure of the corporate information security unit is proposed and the modes of its operation are considered.
About the Authors
V. P. KochinBelarus
Cand. Of Sci.., Head of the Information Technology Center
A. V. Shantsou
Belarus
Cand. Of Sci., Postgraduate at the Department of Programming Technologies
References
1. Kochyn, V.P. Problems of designing complex information security system for cloud resources in the Republic of Belarus / V. P. Kochyn, A. V. Shantsou // Cifrovaja transformacija [Digital transformation]. – 2021. – Vol. 3 (16). – P. 34–39. (In Russ.)
2. Kochyn, V.P. Integrated system of information protection of cloud resources / V. P. Kochyn, A. V. Shantsou // Kompleksnaya zashchita informacii: Materialy XXVI nauchno-prakticheskoj konferencii Kompleksnaya zashchita informacii. [Comprehensive information protection: Materials of the XXVI scientific-practical conference Comprehensive information protection]. – Minsk, 2021. – P. 332–334. (In Russ.)
3. Zimmerman, C. Ten strategies of a world-class cybersecurity operations center / C.Zimmerman. – Bedford: MITRE, 2014.
4. Bejtlich, R. The Practice of Network Security Monitoring: Understanding Incident Detection and Response / R. Bejtlich. – San Francisco: No StarchPress, 2013.
5. Bejtlich, R. The TAO of Network Security Monitoring: Beyond Intrusion Detection / R. Bejtlich. – San Francisco, No StarchPress, 2013.
Review
For citations:
Kochin V.P., Shantsou A.V. Methodology of Creation and Structure of the Corporate Information Security Unit. Digital Transformation. 2022;28(3):65-72. (In Russ.) https://doi.org/10.35596/2522-9613-2022-28-3-65-72