Abstract:
The paper analyzes the parameters of the data processing and granting the rights of access to them at the educational institutions. The vulnerabilities in organization and control of granting the access are revealed. The model of formalization of control of the access rights of the users in accordance with their functional duties, including monitoring the use of the granted rights is presented. The notions as "sample of user’s behavior" and "level of trust for user" are introduced. The main approaches and algorithms, the structure of data base for supplement development are described; they are the basis of designing the subsystem of access control, updating the system of information security.
Keywords:educational institutions, information security, access control, audit, job description.
Fulltext:
PDF file (592 kB)