Abstract
This paper justifies the relevance of the reliable protection of information and the development of measures to reduce information risks in libraries with comprehensive information resources. A brief description of the objects of protection and the main threats, including those that are related to the processing of personal data, is provided. It is alleged that analysis of models of the business processes of a library makes it possible to track the impacts of changes on many aspects of information security. The position of the information system for security analysis of the business process in the overall system of information security is determined. Steps for the formalization and updating of the rights of access to information resources of a library are illustrated. It is emphasized that the basic document for information-security risk management is a threat model that reflects the data on sources of threats and vulnerabilities of the system, impacted objects, and a number of other parameters. A block diagram that illustrates the process of analyzing the threats and vulnerabilities and a knowledge meta-model for the management of information-security risks are provided. It is concluded that based on the relationship of business processes that are reflected in a formal notation it is possible to automatically obtain the data on the degree of influence of security aspects of information objects of a particular sub-process on the results of business processes of a higher level, and as a result, on the achievability of the purposes of an organization.
Similar content being viewed by others
References
Chernykh, O., Information services and the organization of the market using Internet technologies. http://citforum.ru/abtec/s2/3.shtm. Cited June 22, 2015.
Kulikov, L.V., Prakticheskoe rukovodstvo po razvitiyu obshchedostupnykh munitsipal’nykh bibliotek: normativnyi podkhod (Practical Guide to the Development of Public Municipal Libraries: Regulatory Approach), St. Petersburg: RBV, RNB, 2010.
Medyankina, I.P., Distance learning technologies: Study of Information Needs of Students, Vestn. NGUEU, 2012, no. 1, pp. 236–246.
Medyankina, I.P. and Bobrov, L.K., University library in distance education: The use of elements of the Logical Framework Analysis, Nauchn. Tekh. Bibl., 2009, no. 12, pp. 5–11.
World history of infections. http://lenta.ru/articles/2014/11/18/virus/. Cited June 12, 2015.
Internet: figures and facts (3). http://www.bizhit.ru/index/digital_internet_3/0-563. Cited June 12, 2015.
Evgeny Kaspersky on trends in information security. http://www.it-weekly.ru/market/security/74418.html. Cited June 12, 2015.
Kaspersky Security Bulletin 2014. https://securelist.ru/files/2014/12/Kaspersky-Security-Bulletin-2014-RU.pdf. Cited May 12, 2015.
The Digital World in 2025. http://beta.futureview.ru/files/documents/505966f4379ce1000000001c.pdf. Cited June 10, 2015.
Antipov, G., Guzner, I.A., Donskikh, O.A., Ermolenko, S.M., Ivonin, Yu.P., Isakov, S.P., Lesnevskii, Yu.Yu., Lizunova, I.V., Litvintseva, G.P., Makarova, N.I., Muratov, P.D., Os’muk, L.A., Sivirinov, B.S., Smirnova, O.V., et al., Round table: Are libraries without books the inevitability of the future? Idei i Idealy, 2011, vol. 1, no. 2, pp. 2–22.
Svergunova, N.M., Information security of libraries. http://library.gu-unpk.ru/docs/publ_sotr/Informacionnay%20bezopasnosti.pdf. Cited June 4, 2015.
Rodionova, Z.V., Technology of access rights change management based on analysis of business processes, Vestn. NGUEU, 2011, no. 1, pp. 16–21.
Pestunova, T.M. and Rodionova, Z.V., Information system for managing access rights on the basis of analysis of business processes. Part 2, Dokl. Tomsk. Gos. Univ. Sist. Upr. Radioelektron., 2010, no. 2 (22), pp. 253–256.
Pestunova, T.M., Rodionova, Z.V., and Gorinova, S.D., Analysis of aspects of information security based on formal models of business processes, Dokl. TUSUR, 2014, pp. 150–156.
Astakhov, A.M., Iskusstvo upravleniya informatsionnymi riskami (Art of Information Risk Management), Moscow: DMK-Press, 2010.
Author information
Authors and Affiliations
Corresponding author
Additional information
Original Russian Text © Z.V. Rodionova, L.K. Bobrov, 2016, published in Nauchno-Technicheskaya Informatsiya, Seriya 1, 2016, No. 1, pp. 21–29.
About this article
Cite this article
Rodionova, Z.V., Bobrov, L.K. Protection of the information resources of a library based on analysis of business processes. Sci. Tech.Inf. Proc. 43, 20–27 (2016). https://doi.org/10.3103/S0147688216010032
Received:
Published:
Issue Date:
DOI: https://doi.org/10.3103/S0147688216010032