The Methodology of Information Security System Development

Today term “information” is a basic element of most modern technologies, because information is the main resource that provides existence of these technologies. By this way, information is valuable and expensive assets for many companies. However, its high value initiates the growth of the number of enemies who try to get information by various illegal ways. It is necessary to ensure information security to prevent this type of attacks. A great count of regulatory and methodological documents, which may be used as a guide for development of information security system, exists. Nevertheless, the regulatory and methodical documents refer for other additional ones they do not take account of changes, which were made to the regulatory base. For this reason, this work combines the requirements and guidance of current state standards. It is not a replication of state standards, but it shows results of this standards analysis and recommendations of experts in information security sphere. Besides, existing in some standards shortcomings are considered and corrected in this work. Described methodical recommendations focus Customers’ and Developers’ attention on the main and most important processes of development of information security system. This work is methodological recommendations for development of information security system in organization. It takes into account standards actual on Russian Federation territory regulatory and methodical documents. Received methodological recommendations does not burden Developers by search of required documentation that makes them easier for understanding.