<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE article PUBLIC "-//NLM//DTD JATS (Z39.96) Journal Publishing DTD v1.3 20210610//EN" "JATS-journalpublishing1-3.dtd">
<article article-type="research-article" dtd-version="1.3" xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xml:lang="ru"><front><journal-meta><journal-id journal-id-type="publisher-id">sibsutis</journal-id><journal-title-group><journal-title xml:lang="ru">Вестник СибГУТИ</journal-title><trans-title-group xml:lang="en"><trans-title>The Herald of the Siberian State University of Telecommunications and Information Science</trans-title></trans-title-group></journal-title-group><issn pub-type="ppub">1998-6920</issn><publisher><publisher-name>СибГУТИ</publisher-name></publisher></journal-meta><article-meta><article-id pub-id-type="doi">10.55648/1998-6920-2021-15-1-50-59</article-id><article-id custom-type="elpub" pub-id-type="custom">sibsutis-43</article-id><article-categories><subj-group subj-group-type="heading"><subject>Research Article</subject></subj-group><subj-group subj-group-type="section-heading" xml:lang="ru"><subject>Статьи</subject></subj-group></article-categories><title-group><article-title>Обзор нормативно-правовых источников и практик управления инцидентами информационной безопасности</article-title><trans-title-group xml:lang="en"><trans-title>An overview of regulatory sources and practices of information security incidents management</trans-title></trans-title-group></title-group><contrib-group><contrib contrib-type="author" corresp="yes"><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Логинова</surname><given-names>А. О.</given-names></name><name name-style="western" xml:lang="en"><surname>Loginova</surname><given-names>A. ..</given-names></name></name-alternatives><email xlink:type="simple">loginova@linguanet.ru</email><xref ref-type="aff" rid="aff-1"/></contrib></contrib-group><aff xml:lang="ru" id="aff-1"><institution>МГЛУ</institution><country>Russian Federation</country></aff><pub-date pub-type="collection"><year>2021</year></pub-date><pub-date pub-type="epub"><day>18</day><month>03</month><year>2021</year></pub-date><volume>0</volume><issue>1</issue><fpage>50</fpage><lpage>59</lpage><permissions><copyright-statement>Copyright &amp;#x00A9; Логинова А.О., 2021</copyright-statement><copyright-year>2021</copyright-year><copyright-holder xml:lang="ru">Логинова А.О.</copyright-holder><copyright-holder xml:lang="en">Loginova A...</copyright-holder><license xml:lang="ru" license-type="creative-commons-attribution" xlink:href="https://creativecommons.org/licenses/by/4.0/" xlink:type="simple"><license-p>Данная работа распространяется под лицензией Creative Commons Attribution 4.0.</license-p></license><license xml:lang="en" license-type="creative-commons-attribution" xlink:href="https://creativecommons.org/licenses/by/4.0/" xlink:type="simple"><license-p>This work is licensed under a Creative Commons Attribution 4.0 License.</license-p></license></permissions><self-uri xlink:href="https://vestnik.sibsutis.ru/jour/article/view/43">https://vestnik.sibsutis.ru/jour/article/view/43</self-uri><abstract><p>В стремлении обеспечить защищенность информационной среды любая организация должна принимать во внимание угрозы, связанные с информационными активами. Обозначить поле всех возможных угроз для каждого конкретного бизнеса не представляется возможным: появление новых неучтенных угроз может быть обусловлено сменой внутренних или внешних условий работы организации, развитием новых технологий, а также изменениями иного рода. Для организации работы с инцидентами рекомендуется использовать проверенные временем стандарты и лучшие мировые практики.</p></abstract><trans-abstract xml:lang="en"><p>Any organization should take into account the threats to information assets to ensure information environment security. It is impossible to identify an entire field of all possible threats for each specific business: appearance of new threats may be caused by changes in the internal or external working conditions of an organization as well as the development of new technologies and other changes. Using time-tested standards and best international practices is highly recommended for managing incidents.</p></trans-abstract><kwd-group xml:lang="ru"><kwd>инциденты информационной безопасности</kwd><kwd>управление инцидентами</kwd><kwd>нормативно-правовые акты</kwd><kwd>практики управления инцидентами</kwd><kwd>международные стандарты</kwd><kwd>зарубежные стандарты</kwd><kwd>российские стандарты</kwd><kwd>отраслевые документы</kwd><kwd>руководящие документы</kwd></kwd-group><kwd-group xml:lang="en"><kwd>information security incident</kwd><kwd>incident management</kwd><kwd>regulatory sources</kwd><kwd>incident management practices</kwd><kwd>international standards</kwd><kwd>foreign standards</kwd><kwd>Russian standards</kwd><kwd>industry documents</kwd><kwd>guidelines</kwd></kwd-group></article-meta></front><back><ref-list><title>References</title><ref id="cit1"><label>1</label><citation-alternatives><mixed-citation xml:lang="ru">Корнеев И. Р. Система управления непрерывностью бизнеса: Почему она должна быть внедрена на каждом предприятии? М.: ЛЕНАНД, 2016. 352 с.</mixed-citation><mixed-citation xml:lang="en">Корнеев И. Р. Система управления непрерывностью бизнеса: Почему она должна быть внедрена на каждом предприятии? М.: ЛЕНАНД, 2016. 352 с.</mixed-citation></citation-alternatives></ref><ref id="cit2"><label>2</label><citation-alternatives><mixed-citation xml:lang="ru">Рыженкова А. Управление инцидентами информационной безопасности: о чем говорят стандарты // CONNECT. На пути к полнофункциональному SOC. 2014. № 7-8. С. 62-65.</mixed-citation><mixed-citation xml:lang="en">Рыженкова А. Управление инцидентами информационной безопасности: о чем говорят стандарты // CONNECT. На пути к полнофункциональному SOC. 2014. № 7-8. С. 62-65.</mixed-citation></citation-alternatives></ref><ref id="cit3"><label>3</label><citation-alternatives><mixed-citation xml:lang="ru">Sunil Ladekar. Best Practices for Information Security Breach Management. East Carolina University, College of Technology and Computer Science, Department of Technology Systems. 2014.</mixed-citation><mixed-citation xml:lang="en">Sunil Ladekar. Best Practices for Information Security Breach Management. East Carolina University, College of Technology and Computer Science, Department of Technology Systems. 2014.</mixed-citation></citation-alternatives></ref><ref id="cit4"><label>4</label><citation-alternatives><mixed-citation xml:lang="ru">ISO/IEC 27035:2016. Information technology - Security techniques - Information security incident management. ISO/IEC, 2016.</mixed-citation><mixed-citation xml:lang="en">ISO/IEC 27035:2016. Information technology - Security techniques - Information security incident management. ISO/IEC, 2016.</mixed-citation></citation-alternatives></ref><ref id="cit5"><label>5</label><citation-alternatives><mixed-citation xml:lang="ru">NIST SP 800-61. Computer Incident Handling Guide. Gaithersburg: NIST, 2012.</mixed-citation><mixed-citation xml:lang="en">NIST SP 800-61. Computer Incident Handling Guide. Gaithersburg: NIST, 2012.</mixed-citation></citation-alternatives></ref><ref id="cit6"><label>6</label><citation-alternatives><mixed-citation xml:lang="ru">NIST SP 800-83. Guide to Malware Incident Prevention and Handling. Gaithersburg: NIST, 2013.</mixed-citation><mixed-citation xml:lang="en">NIST SP 800-83. Guide to Malware Incident Prevention and Handling. Gaithersburg: NIST, 2013.</mixed-citation></citation-alternatives></ref><ref id="cit7"><label>7</label><citation-alternatives><mixed-citation xml:lang="ru">NIST SP 800-86. Integrating Forensic Techniques into Incident Response. Gaithersburg: NIST, 2006.</mixed-citation><mixed-citation xml:lang="en">NIST SP 800-86. Integrating Forensic Techniques into Incident Response. Gaithersburg: NIST, 2006.</mixed-citation></citation-alternatives></ref><ref id="cit8"><label>8</label><citation-alternatives><mixed-citation xml:lang="ru">CMU/SEI-2004-TR-015. Defining incident management processes for Critical Insident Stress Response Team. CMU/SEI, 2004.</mixed-citation><mixed-citation xml:lang="en">CMU/SEI-2004-TR-015. Defining incident management processes for Critical Insident Stress Response Team. CMU/SEI, 2004.</mixed-citation></citation-alternatives></ref><ref id="cit9"><label>9</label><citation-alternatives><mixed-citation xml:lang="ru">ISO/IEC 27001:2005. Information security management systems - Requirements. ISO/IEC, 2005.</mixed-citation><mixed-citation xml:lang="en">ISO/IEC 27001:2005. Information security management systems - Requirements. ISO/IEC, 2005.</mixed-citation></citation-alternatives></ref><ref id="cit10"><label>10</label><citation-alternatives><mixed-citation xml:lang="ru">ISO/IEC 27002:2005. Information technology - Security techniques - Code of practice for Information security management. ISO/IEC, 2005.</mixed-citation><mixed-citation xml:lang="en">ISO/IEC 27002:2005. Information technology - Security techniques - Code of practice for Information security management. ISO/IEC, 2005.</mixed-citation></citation-alternatives></ref><ref id="cit11"><label>11</label><citation-alternatives><mixed-citation xml:lang="ru">ISO/IEC 27031:2011 Information technology - Security techniques - Guidelines for information and communication technology readiness for business continuity. ISO/IEC, 2011.</mixed-citation><mixed-citation xml:lang="en">ISO/IEC 27031:2011 Information technology - Security techniques - Guidelines for information and communication technology readiness for business continuity. ISO/IEC, 2011.</mixed-citation></citation-alternatives></ref><ref id="cit12"><label>12</label><citation-alternatives><mixed-citation xml:lang="ru">ISO/IEC 27005:2018. Information technology - Security techniques - Information security risk management. ISO/IEC, 2018.</mixed-citation><mixed-citation xml:lang="en">ISO/IEC 27005:2018. Information technology - Security techniques - Information security risk management. ISO/IEC, 2018.</mixed-citation></citation-alternatives></ref><ref id="cit13"><label>13</label><citation-alternatives><mixed-citation xml:lang="ru">ISO/IEC 27001:2013. Information security management systems - Requirements. ISO/IEC, 2013.</mixed-citation><mixed-citation xml:lang="en">ISO/IEC 27001:2013. Information security management systems - Requirements. ISO/IEC, 2013.</mixed-citation></citation-alternatives></ref><ref id="cit14"><label>14</label><citation-alternatives><mixed-citation xml:lang="ru">Царегородцев А. В. Критичные вопросы оперативного и организационно-технического управления информационной безопасностью облачных вычислений // Национальная безопасность. Nota bene. 2011. № 6 (17). С. 11-17.</mixed-citation><mixed-citation xml:lang="en">Царегородцев А. В. Критичные вопросы оперативного и организационно-технического управления информационной безопасностью облачных вычислений // Национальная безопасность. Nota bene. 2011. № 6 (17). С. 11-17.</mixed-citation></citation-alternatives></ref><ref id="cit15"><label>15</label><citation-alternatives><mixed-citation xml:lang="ru">ISO/IEC 27002:2013. Information technology - Security techniques - Code of practice for Information security management. ISO/IEC, 2013.</mixed-citation><mixed-citation xml:lang="en">ISO/IEC 27002:2013. Information technology - Security techniques - Code of practice for Information security management. ISO/IEC, 2013.</mixed-citation></citation-alternatives></ref><ref id="cit16"><label>16</label><citation-alternatives><mixed-citation xml:lang="ru">BS 7799-1:1995. Code of Practice for Information Security Management. London: British Standards Institution, 1995.</mixed-citation><mixed-citation xml:lang="en">BS 7799-1:1995. Code of Practice for Information Security Management. London: British Standards Institution, 1995.</mixed-citation></citation-alternatives></ref><ref id="cit17"><label>17</label><citation-alternatives><mixed-citation xml:lang="ru">ISO/IEC 17799:2005. Information technology - Code of practice for information security management. ISO/IEC, 2005.</mixed-citation><mixed-citation xml:lang="en">ISO/IEC 17799:2005. Information technology - Code of practice for information security management. ISO/IEC, 2005.</mixed-citation></citation-alternatives></ref><ref id="cit18"><label>18</label><citation-alternatives><mixed-citation xml:lang="ru">BS 7799-2:1999. Information security management, Specification for information security management systems. London: British Standards Institution, 1999.</mixed-citation><mixed-citation xml:lang="en">BS 7799-2:1999. Information security management, Specification for information security management systems. London: British Standards Institution, 1999.</mixed-citation></citation-alternatives></ref><ref id="cit19"><label>19</label><citation-alternatives><mixed-citation xml:lang="ru">BS 7799-3. Information security management systems. Guidelines for information security risk management. London: British Standards Institution.</mixed-citation><mixed-citation xml:lang="en">BS 7799-3. Information security management systems. Guidelines for information security risk management. London: British Standards Institution.</mixed-citation></citation-alternatives></ref><ref id="cit20"><label>20</label><citation-alternatives><mixed-citation xml:lang="ru">ISO/IEC 27005:2008. Information technology - Security techniques - Information security risk management. ISO/IEC, 2008.</mixed-citation><mixed-citation xml:lang="en">ISO/IEC 27005:2008. Information technology - Security techniques - Information security risk management. ISO/IEC, 2008.</mixed-citation></citation-alternatives></ref><ref id="cit21"><label>21</label><citation-alternatives><mixed-citation xml:lang="ru">MEHARI. CLISIF, 2016.</mixed-citation><mixed-citation xml:lang="en">MEHARI. CLISIF, 2016.</mixed-citation></citation-alternatives></ref><ref id="cit22"><label>22</label><citation-alternatives><mixed-citation xml:lang="ru">ISO/IEC 20000:2011. Information technology - Service management. ISO/IEC, 2011.</mixed-citation><mixed-citation xml:lang="en">ISO/IEC 20000:2011. Information technology - Service management. ISO/IEC, 2011.</mixed-citation></citation-alternatives></ref><ref id="cit23"><label>23</label><citation-alternatives><mixed-citation xml:lang="ru">ISO/IEC 20000:2018. Information technology - Service management. ISO/IEC, 2018.</mixed-citation><mixed-citation xml:lang="en">ISO/IEC 20000:2018. Information technology - Service management. ISO/IEC, 2018.</mixed-citation></citation-alternatives></ref><ref id="cit24"><label>24</label><citation-alternatives><mixed-citation xml:lang="ru">COBIT 5. ISACA, 2012.</mixed-citation><mixed-citation xml:lang="en">COBIT 5. ISACA, 2012.</mixed-citation></citation-alternatives></ref><ref id="cit25"><label>25</label><citation-alternatives><mixed-citation xml:lang="ru">Об информации, информационных технологиях и о защите информации: Федеральный закон от 27 июля 2006 г. №149-ФЗ.</mixed-citation><mixed-citation xml:lang="en">Об информации, информационных технологиях и о защите информации: Федеральный закон от 27 июля 2006 г. №149-ФЗ.</mixed-citation></citation-alternatives></ref><ref id="cit26"><label>26</label><citation-alternatives><mixed-citation xml:lang="ru">О персональных данных: Федеральный закон от 27 июля 2006 г. №152-ФЗ.</mixed-citation><mixed-citation xml:lang="en">О персональных данных: Федеральный закон от 27 июля 2006 г. №152-ФЗ.</mixed-citation></citation-alternatives></ref><ref id="cit27"><label>27</label><citation-alternatives><mixed-citation xml:lang="ru">Рекомендации в области стандартизации Банка России «Обеспечение информационной безопасности организаций банковской системы Российской Федерации. Менеджмент инцидентов информационной безопасности»: РС БР ИББС-2.5-2014. Банк России, 2014.</mixed-citation><mixed-citation xml:lang="en">Рекомендации в области стандартизации Банка России «Обеспечение информационной безопасности организаций банковской системы Российской Федерации. Менеджмент инцидентов информационной безопасности»: РС БР ИББС-2.5-2014. Банк России, 2014.</mixed-citation></citation-alternatives></ref><ref id="cit28"><label>28</label><citation-alternatives><mixed-citation xml:lang="ru">ГОСТ ИСО/МЭК 18044-2007. Информационная технология - Методы и средства обеспечения безопасности - Менеджмент инцидентов информационной безопасности. М.: Стандартинформ, 2009.</mixed-citation><mixed-citation xml:lang="en">ГОСТ ИСО/МЭК 18044-2007. Информационная технология - Методы и средства обеспечения безопасности - Менеджмент инцидентов информационной безопасности. М.: Стандартинформ, 2009.</mixed-citation></citation-alternatives></ref><ref id="cit29"><label>29</label><citation-alternatives><mixed-citation xml:lang="ru">PCI DSS v 3.2:2016. PCI Security Standards Council, 2016.</mixed-citation><mixed-citation xml:lang="en">PCI DSS v 3.2:2016. PCI Security Standards Council, 2016.</mixed-citation></citation-alternatives></ref><ref id="cit30"><label>30</label><citation-alternatives><mixed-citation xml:lang="ru">Мещеряков Р. В., Исхаков С. Ю. О проблемах анализа данных в системах управления инцидентами безопасности роботов // Труды 8-й Всероссийской научной конференции с международным участием «Информационные технологии и системы», Ханты-Мансийск, 2020. С. 108-114.</mixed-citation><mixed-citation xml:lang="en">Мещеряков Р. В., Исхаков С. Ю. О проблемах анализа данных в системах управления инцидентами безопасности роботов // Труды 8-й Всероссийской научной конференции с международным участием «Информационные технологии и системы», Ханты-Мансийск, 2020. С. 108-114.</mixed-citation></citation-alternatives></ref></ref-list><fn-group><fn fn-type="conflict"><p>The authors declare that there are no conflicts of interest present.</p></fn></fn-group></back></article>
