Извините, этот техт доступен только в “Американский Английский”. For the sake of viewer convenience, the content is shown below in the alternative language. You may click the link to switch the active language.
CLASSIFICATION OF PERSONAL DATA SECURITY THREATS IN INFORMATION SYSTEMS
Vladimir A. Dokuchaev, MTUCI, Moscow, Russia, v.dok@tlsf.ru
Victoria V. Maklachkova, MTUCI, Moscow, Russia, v.maklachkova@tlsf.ru
Vyacheslav Yu. Statev, JSC «RZD», Moscow, Russia, svu@rnt.ru
Abstract
The purpose of this work is to analyze and classify threats that arise when working with personal data in information systems. In the field of information technology in any country, one of the national interests is to ensure and protect the constitutional rights and freedoms of man and citizen in so far as it relates to the receipt and use of information, as well as confidentiality when using information technologies. In this regard, special attention is currently being paid to the organization of processing and ensuring the security of personal data in information systems, including during their cross-border transfer. In the European Union, this activity is regulated by the General Data Protection Regulation (GDPR), which was put into effect on May 25, 2018. Personal data are in a high-risk area, especially in organizations that operate with large amounts of personal data, such as passport data, solvency data, employers, contact details, phone numbers, addresses, email, and other information that represents interest for potential computer attacks. The solution to the problem of ensuring the security of personal data is impossible without identifying and classifying potential threats to personal data in information systems. The proposed classification can serve as the basis for a threat model of a specific information system designed to process personal data.
Keywords: Personal Data, Information, Security, Threats, Risks, Information Systems, Classification.
References
- Dokuchaev V.A., Gorban E.V., Maklachkova V.V. (2019). The system of indicators for risk assessment in high-loaded infocommunication systems. Сonference proceedings “2019 Systems of Signals Generating and Processing in the Field of on Board Communications”.
- Dokuchaev V.A., Gorban E. V., Maklachkova V.V. (2018). Architecture of the Regional Transport Navigation and Information Systems”. Сonference proceedings “2018 System of Signals Generating and Processing in the Field of on Board Communications”.
- Vladimirova K.S., Dokuchaev V.A., Maklachkova V.V. (2018). Classification of personal data subject to automated processing”. XVI International Scientific and Practical Conference “Actual problems and prospects economic development”. Simferopol-Gurzuf, October 19-21, 2018.
- Dokuchaev V.A., Maklachkova V.V. (2017). Risk analysis for personal data processing in the enterprise information system”. XVI International Scientific and Practical Conference “Actual problems and prospects economic development”. Simferopol-Gurzuf, October 19-21, 2017.
- Dokuchaev V.A., Mitenkov S.S., Statev V.Y. (2017). Audit and risk management in corporate information and communication systems”. XVI International scientific and practical conference “Actual problems and prospects economic development” (Simferopol-Gurzuf, October 19-21, 2017), pp. 37-38.
- ISO 31000:2018. Risk management – Guidelines.
Information about authors:
Vladimir A. Dokuchaev, DSc (Tech), Professor, Head of the Department «Multimedia Communication Networks and Services» MTUCI, Moscow, Russia
Victoria V. Maklachkova, Senior Lecturer of the Department «Multimedia Communication Networks and Services» MTUCI, Moscow, Russia
Vyacheslav Yu. Statev, PhD, Head of the Department, JSC «RZD», Moscow, Russia