International Journal of Open Information Technologies

The article describes a database containing a set of information security controls to automate the process of implementing an information security management system (ISMS). Author justifies the structure of the database of information security controls, using which it is possible to carry out the design of an appropriate ISMS and design a formal ontology of the subject area. The solution is based on the clauses of the international standard ISO/IEC 27002:2022 and the results of analysis of the attributes of information security measures specified in ISO/IEC 27002:2022.  The database is designed within a relational data model and provided with a graphical interface for user interaction. MS Access is used as the database management system. Interactive functionality of the database is implemented in the VBA programming language, as well as using built-in MS Access elements. SQL syntax is used to generate queries. The novelty of the database involves the use of a two-level graphical interface and the implementation of features to select information security controls based on the specified filters.  The proposed solution allows to automate the process of building an ISMS. Parts of the solution were registered as intellectual property objects in Russian patent and trademark office (Rospatent).

GOST R ISO/IEC 27002-2021. Information technology — Security techniques — Code of practice for information security controls. – Standardinform publ., 2021. Available at: https://protect.gost.ru/v.aspx?control=8&id=230363

ISO/IEC 27002:2022. Information security, cybersecurity and privacy protection — Information security controls. Available at: https://www.iso.org/ru/standard/75652.html

D. S. Burenok and V. A. Voevodin, "The information security controls database in accordance with ISO/IEC 27002:2022" RF certificate of state registration of a database, no. 2023620576, 2023.

D. S. Burenok and V. A. Voevodin, "The program for multi-criteria selection of information security controls in accordance with ISO/IEC 27002" RF certificate of state registration of a computer program, no. 2023619749, 2023.

V. V Rubanov, Sposoby otobrazheniya ob"ektov v relyatsionnykh bazakh dannykh. Trudy ISP RAN, no. 3, 2002, pp. 139-164.

J. Korol, Microsoft Access 2019 Programming by Example with VBA, XML, and ASP. Mercury Learning and Information, 2019. ISBN: ‎ 1683924037.

GOST R ISO/IEC 27001-2021. Information technology — Security techniques — Information security management systems — Requirements. – Standardinform publ., 2022. Available at: https://protect.gost.ru/v.aspx?control=8&id=231601

D. S. Burenok. The information security controls database in accordance with ISO/IEC 27002:2022// 30-ya Vserossiiskaya mezhvuzovskaya nauchno-tekhnicheskaya konferentsiya studentov i aspirantov “Mikroelektronika i informatika-2023”, 20 – 21 apr., 2023, Zelenograd.