Russian Federation
Russian Federation
Russian Federation
The security of information systems in higher education institutions is critical due to the increasing complexity and coordination of cyberattacks targeting personal data and critical infrastructure. This study examines the requirements for protecting personal data within the information systems of DonNTU, emphasizing compliance with Russian regulatory standards, such as FSTEC guidelines and the fourth level of security (UZ-4). A multi-layered protection architecture is proposed, encompassing user access control, application-level security, system software, and network infrastructure. The research introduces an algorithm for assessing asset vulnerabilities based on threat likelihood and existing safeguards, alongside an algorithm for determining acceptable risk levels, which is decided by expert groups to balance protection costs against asset value. Key protection measures include multi-factor authentication, data encryption, regular backups, and anomaly detection to ensure data integrity, confidentiality, and availability. The study also highlights the importance of import substitution to reduce reliance on foreign technologies amid geopolitical constraints. Quantitative vulnerability assessments are derived using statistical data and weighted coefficients to evaluate threat frequency and protection efficacy. Future research directions include enhancing domestic security tools and refining risk assessment methodologies to address evolving cyber threats, ensuring robust protection for educational institutions' information systems.
personal data protection, import substitution, asset vulnerability assessment, acceptable risk
1. Doctrine of Information Security of the Russian Federation. Approved by the Decree of the President of the Russian Federation dated 5 December 2016. N 646.
2. Yagnina O.A., Shcherbov I.L., Yakushina A.E. Making Decisions on Organizing Information Security at Information Technology Facilities // Informatics, Control Systems, Mathematical and Computer Modeling (IUSMKM-2022): Proceedings of the XIII International Scientific and Technical Conference within the Framework of the VIII International Scientific Forum of the Donetsk People's Republic, Donetsk, May 25–26, 2022. – Donetsk: Donetsk National Technical University, 2022. – P. 390. – EDN FAKABI.
3. Abramova O.V., Mikryukov A.A. Current Issues of Information Security in the Implementation of Big Data Technologies // XXXV International Plekhanov Readings: Collection of Articles by Participants: in 4 volumes, Moscow, March 22–24, 2022. Volume 1. – Moscow: Plekhanov Russian University of Economics, 2022. – Pp. 120–125. – EDN PWERHL.
4. Emdikhanov R.A., Smirnov Yu.N. Key Stages and Strategies for Successful Digital Transformation // Technological Sovereignty and Digital Transformation: International Scientific and Technical Conference, Kazan, April 5, 2023. – Kazan: Kazan State Power Engineering University, 2023. – Pp. 216–218. – EDN ZFGTWO.
5. Resolution of the Government of the Russian Federation of 01.11.2012 No. 1119 ‘On Approval of Requirements for the Protection of Personal Data when Processing in Information Systems of Personal Data’.
6. National Standard of the Russian Federation GOST R 50922-2006 ‘Information Protection Basic Terms and Definitions’ (approved by the Order of the Federal Agency for Technical Regulation and Metrology dated 27 December 2006 N 373-st).
7. Information Security Threat Assessment Methodology, methodological document, approved by the FSTEC of Russia on 5 February 2021.
8. GOST R ISO/IEC 27000-2021 ‘Information Technologies. Methods and means of ensuring security. Information security management systems. General overview and terminology’
9. GOST R ISO/IEC 13335-1 - 2006 Information technology. Methods and means of ensuring security. Part 1. Concept and models of information and telecommunication technologies security management. [Electronic resource]. - Access mode: https://ohranatruda.ru/upload/iblock/925/4293846603.pdf
10. Recommendations in the field of standardisation of the Bank of Russia RS BR IBS-2.9-2016
11. Voropaeva V.Ya., Shcherbov I.L., Khaustova E.D. Information Security Management of Information and Telecommunication Systems Based on the Plan-Do-Check-Act Model // Scientific Works of Donetsk National Technical University. Series: Computer Engineering and Automation. - 2013. - No. 25. - P-104-110.
