Information Security Management of Integrated Structure Organization based on a Dedicated Server with Container Virtualization
Abstract
Introduction: There is a contradiction between the requirements of the international standards on internal and external communication concerning the issues related to the quality management system and the system integrity when planning or reconfiguring under the conditions of cyberattacking. Purpose: We have to develop a way of information security management in which the documented information of the quality management system is controlled to ensure its accessibility, as well as its protection from a loss of confidentiality, misuse or loss of integrity. Results: A method of information security management is proposed, based on adding a dedicated server into the demilitarized zone of a computer network. The method uses the virtual container technology, deploying a virtual copy of the real network including the network services. Attackers, while interacting with the server, presume that they interact with the real network. The network administrator analyzes the attackers’ actions in real time and obtains the information about their priority targets, the tools they use and the vulnerabilities of the network elements. This allows the administrator to quickly take measures in order to increase the network security and avoid its compromise. Practical relevance: This approach allows you to maintain the operability of a quality management system at the required level considering the dynamics of the increasing number of threats and the process of scaling and making changes to the network under the conditions of cyberattacking.