• A
  • A
  • A
  • ABC
  • ABC
  • ABC
  • А
  • А
  • А
  • А
  • А
Regular version of the site

Student
Title
Supervisor
Faculty
Educational Programme
Final Grade
Year of Graduation
Yury Svirko
Building a System of Information Security Software for the Enterprise
Business Informatics
(Bachelor’s programme)
8
2016
Development of information technologies and global informatization of society creates both positive, and negative results. Increase in amount of information and information streams in society leads to perfection of many processes, development and improvement of interaction, but also gives rise to new threats and new type of malefactors which operate with virtual data.

In order to give a detailed answer to the question "how to build a system of information security software for the enterprise to protect it and the data from malefactors", we have to consider both technical aspects of information system and standards and legal aspects of information security in the territory of the Russian Federation.

In order to solve the set of objectives I chose the medical industry (private dental clinic ООО «Ладент VIP») because not every establishment has an appropriate information security system. This is aggravated with the fact that even without the audit of system of the enterprise, it is possible to tell that the most part of information systems of similar clinics is classified as ИСПДн К1 that imposes certain restrictions based on Federal laws which mention the appropriate level of information security and the technical measures applied.

In this paper, an analysis of the information system of «Ладент VIP» has been carried out. As a result of this analysis, multiple vulnerabilities of the system of information security has been found out: vulnerabilities of authentication, differentiation of access rights of users as well as lack of control of passwords. As a solution on improvement of an information security system of the enterprise, I purposed the following points:

• usage of electronic keys eToken in order to improve the authentication process as well as a tool of passwords control;

• protection of infromation from illegal access and usage of security log with the aid of СЗИ «Аура 1.2.4»;

• improvements in anti-virus protection system.

Student Theses at HSE must be completed in accordance with the University Rules and regulations specified by each educational programme.

Summaries of all theses must be published and made freely available on the HSE website.

The full text of a thesis can be published in open access on the HSE website only if the authoring student (copyright holder) agrees, or, if the thesis was written by a team of students, if all the co-authors (copyright holders) agree. After a thesis is published on the HSE website, it obtains the status of an online publication.

Student theses are objects of copyright and their use is subject to limitations in accordance with the Russian Federation’s law on intellectual property.

In the event that a thesis is quoted or otherwise used, reference to the author’s name and the source of quotation is required.

Search all student theses