The strategic model of security analysis in the national information network of I.R. Iran
Document Type : Original Article
Authors
1 lecturer in Supreme National Defense University
2 PhD in Supreme National Defense University
Abstract
The National Information Network of the Islamic Republic of Iran is considered a rule of the country in cyber space, and not only is comparable to other dominations of the country in land, air, marine and spatial areas, due to the dependence of the vital infrastructure of the country to this space, irrelevant and diversity, plurality, and The complexity of technologies is of great importance and the use of a suitable strategic model for its security analysis will be necessary. The present research will address this important and analyzed and analyzed related documentation, significant factors (dimensions, components and indicators) the conceptual model and model has been drawn. In order to inform the conceptual model, a questionnaire was adjusted based on the Likert spectrum and provided 30 experts (paper and electronic) and ultimately 26 questionnaires were collected. In order to accurately infer the statistical results, structural equation modeling with partial least squares method (PLS) was used in SmartPLS software for analyzing research data. The results showed that security analysis should be observed in four steps (related to each other and feedback), observing and prevention, Discovery and direction, decision-making for response and ultimately action (reaction) and prediction (analysis), under centralized management "Center for Coordination, Control, Monitoring and Evaluation" (according to the integration of the Vincent Landers model and Gartner's compatible security architecture) and the kidney The results and feedback of the pattern should also be analyzed and continuous evaluation. To realize this, it is necessary that the two centers "of the security analysis of the National Information Network of Information (Analysis and Presidation of Requirements)" and "coordination, control, monitoring and evaluation (feedback, analysis, evaluation of results, reforming processes and communities Control commands) are considered (research innovations) to prepare for processing processes, promote security and control commands.
Keywords
فهرست منابع و مآخذ
الف- منابع فارسی
- آذر، عادل؛ غلامزاده، رسول؛ قنواتی، مهدی (۱۳۹۱)، مدلسازی مسیری، ساختاری در مدیریت: انتشارات نگاه دانش.
- تقیپور، رضا؛ خالقی، محمود؛ رامک، مهراب (۱۳۹۹)، الگوی معماری و تحلیل امنیت شبکه ملی سایبری جمهوری اسلامی ایران، دانشگاه عالی دفاع ملی: دانشگاه عالی دفاع ملی.
- خالقی، محمود (۱۳۹۳)، راهنمای برآورد تهدید سایبری کشور، تهران: مرکز پدافند سایبری کشور.
- خالقی، محمود (۱۳۹۱)، مأموریتها، ساختار تشکیلات و شرح وظایف قرارگاه پدافند سایبری کشور: مرکز پدافند سایبری کشور.
- داوری، علی؛ رضا زاده، آرش (۱۳۹۲)، مدلسازی معادلات ساختاری با نرمافزار PLS. تهران: جهاد دانشگاهی.
- سرتیپ ستاد محمود رستمی (۱۳۸۶)، فرهنگ واژههای نظامی.
- مؤمنی، منصور (۱۳۹۲)، مدل سازی معادلات ساختاری با تأکید بر سازههای بازتابنده و سازنده: گنج شایگان.
- مجمع تشخیص مصلحت نظام (۱۳۷۷)، سیاستهای کلی نظام در بخش شبکههای اطلاعرسانی رایانهای: مجمع تشخیص مصلحت نظام.
- محسنین، شهریار؛ اسقیدانی، محمدرحیم (۱۳۹۳)، معادلات ساختاری مبتنی بر رویکرد حداقل مربعات جزیی به کمک نرم افزار ُSmartPLS. تهران: مؤسسه کتاب مهربان نشر.
- مرکز آموزشی و پژوهشی شهید صیاد شیرازی (۱۳۸۴)، فرهنگ واژههای نظامی و مرتبط.
- مرکز ملی فضای مجازی (۱۳۹۹)، مرکز ملی فضای مجازی. بازیابی 1 تیر 2021، از http://www.majazi.ir/
ب- منابع لاتین
- Bartholomees, J. Boone (ed.). (2010). The U.S. Army War College guide to national security issues Volume 1 (4th ed, Vol. 1). Carlisle, PA: Strategic Studies Institute, U.S. Army War College.
- Fahrurozi, Muhammad; Tarigan, Soli Agrina; Tanjung, Marah Alam; & Mutijarsa, Kusprasapta. (2020). The Use of ISO/IEC 27005: 2018 for Strengthening Information Security Management (A Case Study at Data and Information Center of Ministry of Defence). In 2020 12th International Conference on Information Technology and Electrical Engineering (ICITEE) (pp. 86–91). IEEE.
- INTERNATIONAL TELECOMMUNICATION UNION. (2004). ITU-T Recommendation X.805: Security architecture for systems providing end-to-end communications. INTERNATIONAL TELECOMMUNICATION UNION.
- ISO/IEC TR 13335-1. (2004). Information technology — Security techniques — Management of information and communications technology security — Part 1: Concepts and models for information and communications technology security management.
- ITU, Frederick Wamala. (2011). ITU NATIONAL CYBERSECURITY STRATEGY GUIDE.
- Klimburg, Alexander; & NATO. (2012). National cyber security framework manual.
- Moscow State University. (2014). Russia-U.S. Bilateral on cybersecurity - critical terminology foundations. Moscow State University.
- Schweizerische, SNV. (2013). Information technology-Security techniques-Information security management systems-Requirements. ISO/IEC International Standards Organization.
- (2010). The United States Army’s Cyberspace Operations Concept Capability Plan 2016–2028. TRADOC.
- van der Meulen, Rob. (2017). Build Adaptive Security Architecture Into Your Organization - Smarter With Gartner. Retrieved May 13, 2019, from https://www.gartner.com/smarterwithgartner/build-adaptive-security-architecture-into-your-organization/
- Wamala, Frederick. (2011). ITUNationalCybersecurityStrategyGuide.pdf. ITU.
- ZEVIN, SUSAN. (2004). FIPS PUB 199: Standards for Security Categorization of Federal Information and Information Systems. INFORMATION TECHNOLOGY LABORATORY.
)