Development of a methodology for building an information security system in the corporate research and education system in the context of university autonomy

Abstract

The development of computational tools and technologies of corporate networks has expanded the range of educational and information services in corporate scientific and educational networks (CSEN). CSEN belong to critical cybernetic information systems (CCIS) built on the basis of open network models. This approach did not consider the need to build a security system, which does not allow it to provide the required level of protection against modern hybrid threats in the early 80s of the 20th century. The transition to autonomy in decision-making, education and university management all over the world places demands on ensuring the required quality of service (QoS) of CSEN clients. CSEN users include university administration, faculty, students and support personnel of educational services in higher education institutions. One of the main criteria for QoS is information security. However, there is no general approach to building integrated information security in CSEN, which provided the required level of security. The methodology is based on the concept of synthesizing a synergistic model of threats to CCISs, improved infrastructure models for an intruder, an intruder, assessing the current state of information security (IS) and an improved method of investing in the IS CSEN. It is shown that the basis of the synergistic model is a three-level model of strategic security management, which provides a synergistic effect in the context of simultaneous threats to information security, cybersecurity and information security. In contrast to the known, such an approach provides for the determination of qualitatively new and previously unknown emergent properties of an information security system, taking into account the means used to create it. The application of the methodology in practice through the development and implementation of new solutions to provide security services allows for the required level of information security in the CSEN. The proposed information security service mechanisms are built on hybrid cryptosystems based on crypto-code structures with unprofitable codes.