Forming the Abilities of Designing Information Security Maintenance Systems in the Implementation of Educational Programmes in Information Security

  • Vladimir Budzko
  • Natalia MiloslavskayaEmail author
  • Alexander Tolstoy
Conference paper
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 531)


The paper shares the NRNU MEPhI’s experience in forming the abilities to design the Information Security Maintenance Systems (ISMaS) in training Bachelors, Masters and Engineers in the field of Information Security (IS). It is proposed to form their abilities and teamwork skills when executing a course project by a team of students under supervision of their Professor within the framework of the “IS Management” discipline. Course projects help to reinforce the students’ theoretical knowledge and develop their ability to apply this knowledge to the solution of practical problems. They are assigned at a group basis and in our case are aimed at designing the ISMaS of a particular object, which automates the implementation of a separate organization’s process. A brief description of the process model for ensuring IS of such objects is given and the regulations for implementing the course project are presented in detail, indicating the types of abilities that are gained at each stage.


Information security Professional competencies Abilities System Processes Educational programme 



This work was supported by the MEPhI Academic Excellence Project (agreement with the Ministry of Education and Science of the Russian Federation of August 27, 2013, project no. 02.a03.21.0005).


  1. 1.
    EN 16234-1:2016 “e-Competence Framework (e-CF) – A common European Framework for ICT Professionals in all industry sectors – Part 1: Framework” and CEN/TR 16234-2:2016 “… Part 2: User Guide”Google Scholar
  2. 2.
    Newhouse, W., Keith, S., Scribner, B., Witte, G.: National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, August 2017. Accessed 22 June 2018
  3. 3.
    Cybersecurity Curricula 2017: Curriculum Guidelines for Post-Secondary Degree Programs in Cybersecurity. Version 1.0. Report by ACM, IEEE, AIS, IFIP, 31 December 2017. Accessed 22 June 2018
  4. 4.
    Cybersecurity Skills Gap. ISACA. Accessed 22 June 2018
  5. 5.
    Miloslavskaya, N., Tolstoy, A.: Designing degree programmes for bachelors and masters in information security. In: Bishop, M., Futcher, L., Miloslavskaya, N., Theocharidou, M. (eds.) WISE 2017. IAICT, vol. 503, pp. 14–26. Springer, Cham (2017). Scholar
  6. 6.
    Bishop, M., Engle, S.: Software Assurance CBK and University Curricula: 10th Colloquium for Information Systems Security Education. University of California at Davis, USA (2006). Accessed 22 June 2018
  7. 7.
    Theoharidou, M., Gritzalis, D.: Common body of knowledge for information security. IEEE J. Secur. Priv. 5(2), 64–67 (2007)CrossRefGoogle Scholar
  8. 8.
    Miloslavskaya, N., Tolstoy, A.: ISO/IEC competence requirements for information security professionals. In: Bishop, M., Futcher, L., Miloslavskaya, N., Theocharidou, M. (eds.) WISE 2017. IAICT, vol. 503, pp. 135–146. Springer, Cham (2017). Scholar
  9. 9.
    Yusof, A.: Ways to Become an Effective Information Security Professional - From a GIAC Wannabe Perspectives. SANS Institute InfoSec Reading Room. Version: 1 (2001). Accessed 22 June 2018
  10. 10.
    ISO/IEC 27000:2018 Information technology – Security techniques – Information security management systems – Overview and vocabularyGoogle Scholar
  11. 11.
    Kissel, R.: Glossary of Key Information Security Terms. NIST Interagency/Internal Report (NISTIR), 7298rev2, May 2013. Accessed 22 June 2018
  12. 12.
    GOST R 50922-2006 Information security. Main terms and definitions. (In Russian)Google Scholar
  13. 13.
    Miloslavskaya, N.G., Tolstoy, A.I.: Visualization of information security management processes. Sci. Visual. J. 9(5), 117–136 (2017)Google Scholar
  14. 14.
    ISO 9000:2015 Quality management systems – Fundamentals and vocabularyGoogle Scholar
  15. 15.
    Deming, W.E.: Out of the Crisis. MIT, Cambridge (1986)Google Scholar
  16. 16.
    Bank of Russia Standard STO BR IBBS-1.0-2014 Information Security Maintenance for Organizations of the Banking System of the Russian Federation. General Conditions. (In Russian)Google Scholar
  17. 17.
    GOST R 57580.1-2017 Security of financial (banking) operations. Protection of information of financial organizations. Basic composition of organizational and technical measures. Accessed 22 June 2018
  18. 18.
    ISO/IEC 27001:2013 Information technology – Security techniques – Information security management systems – RequirementsGoogle Scholar
  19. 19.
    ISO/IEC 27002:2013 Information technology – Security techniques – Information security management systems – Code of practice for information security controlsGoogle Scholar
  20. 20.
    ISO/IEC 27003:2017 Information technology – Security techniques – Information security management systems – GuidanceGoogle Scholar
  21. 21.
    ISO/IEC 27005:2011 Information technology – Security techniques – Information security risk managementGoogle Scholar

Copyright information

© IFIP International Federation for Information Processing 2018

Authors and Affiliations

  • Vladimir Budzko
    • 1
  • Natalia Miloslavskaya
    • 1
    Email author
  • Alexander Tolstoy
    • 1
  1. 1.The National Research Nuclear University MEPhI (Moscow Engineering Physics Institute)MoscowRussia

Personalised recommendations