Vladimir Ershov – Associate Professor, Department of Business Informatics, Institute of Economics, Kostroma State University.
Address: 14, 1 Maya str., Kostroma, 156002, Russian Federation.  
E-mail: yvn@mail.ru

Polina Smirnova – Student of MSc Program, Department of Business Informatics, Institute of Economics, Kostroma State University.
Address: 14, 1 Maya str., Kostroma, 156002, Russian Federation.  
E-mail: perovapol@gmail.com

This article is focused on personal data protection methodology and practices used in Russia which are derived from Federal Law "On Personal Data". This area substantially lacks detailed studies and analyses of personal data protection practices. Comments on the Law itself are also ambiguous and unclear. All this adds trouble and risk to operators of personal data who are left on their own on how to respond, and have to solve arising problems on the spot.

In this conjuncture, the object of this work is to review existing practices described in formal and informal standards and guidance materials in the area of personal data protection, and to develop missing aspects of personal data protection methodology.

The key concept of an advanced personal data protection system is the principle of generating an intruder model with the help of which the process of threat structuring may be implemented. However, there is no method for building such a model. Therefore, the article also proposes a method for configuring an intruder model for a personal data protection IT system on the basis of a review of existing standards and guidance materials, and through modification of existing methods. The model enables a detailed review of a threat and an assessment of probability of its fulfillment by all reasonably relevant groups of intruders. Relevant security threats should be selected on the basis of assessed probability of fulfillment of one and the same threat by all possible groups of intruders, i.e. in view of the predominant threat sources. To introduce an intruder model to a standard method, it is suggested that the parameter of threat emergence probability should be substituted with corresponding indicator of the probability of actual threat fulfillment by the intruder. Choice and systematization of actual threats may be most efficiently performed on the basis of multidimensional data presentation in the form of hypercube.