Towards Modelling Information Security with Key-Challenge Petri Nets

Developing an Information Security Risk Taxonomy and an Assessment Model using Fuzzy Petri Nets

Journal of Cases on Information Technology ◽

10.4018/jcit.2018070104 ◽

2018 ◽

Vol 20 (3) ◽

pp. 48-69

Author(s):

Dhanya Pramod ◽

S. Vijayakumar Bharathi

Keyword(s):

Risk Assessment ◽

Information Security ◽

Petri Nets ◽

Assessment Model ◽

Unique Contribution ◽

Security Risk ◽

Fuzzy Petri Nets ◽

Information Security Risk ◽

Security Risk Assessment ◽

Risk Taxonomy

In the digital era, organization-wide information security risk assessment has gained importance because it can impact businesses in many ways. In this article, the authors propose a model to assess the information security risk using Fuzzy Petri Nets (FPN). Deeply rooted in the OCTAVE framework, this research presents a taxonomy of risk practice areas and risk factors. The authors apply the constituents of the taxonomy to risk assessment through a well-defined FPN model. The primary motive of the article is to extend the usability of FPNs to newer and less explored domains like audit and evaluation of information security risks. The unique contribution of this article is the definition and development of a comprehensive and measurable model of risk assessment and quantification. The model can also serve as a tool to capture the risk perception of the respondents for validating the criticality of risk and facilitate the top management to invest in information security control eco-system judiciously.

Download Full-text

MODELING, ANALYSIS AND COUNTERING SCENARIOS OF INFORMATION SECURITY THREATS ON CORPORATE DISTRIBUTED COMPUTER SYSTEMS

ИНФОРМАЦИЯ И БЕЗОПАСНОСТЬ ◽

10.36622/vstu.2021.24.1.006 ◽

2021 ◽

pp. 63-72

Author(s):

Алексей Леонидович Сердечный ◽

Артем Александрович Шевелюхин ◽

Михаил Андреевич Тарелкин ◽

Александр Вильямович Бабурин

Keyword(s):

Information Security ◽

Petri Nets ◽

Computer Systems ◽

Model Development ◽

Security Threats ◽

Security Measures ◽

Protection Measures ◽

Modeling Analysis ◽

Computer Attacks ◽

Distributed Computer Systems

В настоящей статье представлены результаты моделирования способов реализации компьютерных атак на корпоративные распределенные компьютерные системы. Предложенные модели способов предназначены для формирования методического обеспечения расчета рисков и выявления оценки защищенности таких систем от актуальных сценариев реализации угроз безопасности информации, которое даёт возможность обоснованного выбора мер защиты. Построение моделей способов реализации компьютерных атак осуществлялось с использованием аппарата сетей Петри на основании сведений, содержащихся в базе данных MITRE ATT&CK. Разработанные модели взаимосвязаны по условиям и последствиям реализации основных технических приёмов, определённых в базе данных ATT&CK и актуальных для корпоративных распределённых компьютерных сетей (условия и последствия моделируются позициями сети Петри, а сами технические приёмы - переходами сети Петри). Также в статье продемонстрирована возможность наращивания модели за счёт включения в неё моделей мер защиты, используемых в нормативных и методических документах ФСТЭК России. This article presents the results of modeling computer attack methods on corporate distributed computer systems. The proposed models of methods are intended for the formation of methodological support for calculating risks and identifying the assessment of the security of such systems from current scenarios of information security threats, which makes it possible to choice of informed security measures. The model development of ways to implement computer attacks was carried out using the Petri nets approach based on the information contained in the MITRE ATT&CK database. The developed model is interconnected on the conditions and consequence of the basic techniques defined in the database ATT&CK and relevant for enterprise distributed computer networks (conditions and consequence are simulated positions Petri nets themselves and techniques - transitions Petri nets). In addition, the article demonstrates the possibility of increasing the model by including models of protection measures against the considered methods of implementing computer attacks, defined in the regulatory and methodological documents of the FSTEC of Russia

Download Full-text

MODELING OF ACTIONS OF THE VIOLATOR OF INFORMATION SECURITY OF THE ENTERPRISE WITH THE USE OF PETRI NETS

ZAVALISHENSKY READING’20 ◽

10.31799/978-5-8088-1446-2-2020-15-317-320 ◽

2020 ◽

Author(s):

T. N. Yelina ◽

◽

V. A. Mylnikov ◽

Keyword(s):

Information Security ◽

Petri Nets

Download Full-text

Petri nets

AccessScience ◽

10.1036/1097-8542.yb021270 ◽

2015 ◽

Keyword(s):

Petri Nets

Download Full-text

Modeling behavior and performance of air traffic controllers using coloured petri nets

PsycEXTRA Dataset ◽

10.1037/e557102013-034 ◽

2012 ◽

Cited By ~ 1

Author(s):

Hardy Smieszek

Keyword(s):

Petri Nets ◽

Air Traffic ◽

Coloured Petri Nets ◽

Air Traffic Controllers ◽

And Performance ◽

Modeling Behavior

Download Full-text

Computer and information security culture: Findings from two studies

PsycEXTRA Dataset ◽

10.1037/e577452012-006 ◽

2005 ◽

Author(s):

Sara Kraemer ◽

Pascale Carayon

Keyword(s):

Information Security ◽

Security Culture ◽

Information Security Culture

Download Full-text

Modeling Human-Robot Interaction with Petri-Nets

PsycEXTRA Dataset ◽

10.1037/e578522012-052 ◽

2009 ◽

Cited By ~ 1

Author(s):

Rosemarie Yagoda ◽

Michael D. Coovert

Keyword(s):

Petri Nets ◽

Human Robot Interaction ◽

Robot Interaction

Download Full-text

ESPNET: expert-system-based simulator of Petri nets

IEE Proceedings D Control Theory and Applications ◽

10.1049/ip-d.1988.0033 ◽

1988 ◽

Vol 135 (4) ◽

pp. 239 ◽

Cited By ~ 12

Author(s):

J. Duggan ◽

J. Browne

Keyword(s):

Expert System ◽

Petri Nets

Download Full-text

Information Security Management of a Commercial Enterprise

Central Ukrainian Scientific Bulletin. Economic Sciences ◽

10.32515/2663-1636.2019.3(36).219-228 ◽

2019 ◽

pp. 219-228

Author(s):

Volodymyr Panchenko ◽

Keyword(s):

Information Security ◽

Security Management ◽

Information Security Management ◽

Commercial Enterprise

Download Full-text

The formation of information security culture of college students

Informatics and Education ◽

10.32517/0234-0453-2019-34-9-29-36 ◽

2019 ◽

pp. 29-36

Author(s):

I. D. Rudinskiy ◽

D. Ya. Okolot

Keyword(s):

College Students ◽

Information Security ◽

Information Society ◽

Technical Aspect ◽

Data Sources ◽

Structural Components ◽

Security Culture ◽

The Individual ◽

Information Security Culture ◽

Ability And Willingness

The article discusses aspects of the formation of information security culture of college students. The relevance of the work is due to the increasing threats to the information security of the individual and society due to the rapid increase in the number of information services used. Based on this, one of the important problems of the development of the information society is the formation of a culture of information security of the individual as part of the general culture in its socio-technical aspect and as part of the professional culture of the individual. The study revealed the structural components of the phenomenon of information security culture, identified the reasons for the interest in the target group of students. It justifies the need for future mid-level specialists to form an additional universal competency that ensures the individual’s ability and willingness to recognize the need for certain information, to identify and evaluate the reliability and reliability of data sources. As a result of the study, recommendations were formulated on the basis of which a culture of information security for college students can be formed and developed and a decomposition of this process into enlarged stages is proposed. The proposals on the list of disciplines are formulated, within the framework of the study of which a culture of information security can develop. The authors believe that the recommendations developed will help future mid-level specialists to master the universal competency, consisting in the ability and willingness to recognize the need for certain information, to identify and evaluate the reliability and reliability of data sources, as well as to correctly access the necessary information and its further legitimate use, which ultimately forms a culture of information security.

Download Full-text