scholarly journals Analysis of Information Threats to Industrial Security

2020 ◽  
pp. 6-10
Author(s):  
Grigory Zharkov ◽  
◽  
Vadim Shevtsov ◽  
Keyword(s):  
Information System ◽  
Information Security ◽  
Security System ◽  
Comprehensive Approach ◽  
Security Threats ◽  
Enterprise Information ◽  
System A ◽  
Industrial Security ◽  
Data Objects ◽  
High Level

Information security of an enterprise (IS of an enterprise) is the state of security of data, objects of informatization of an enterprise and its interests. IS of an enterprise is achieved only when such properties of the basic properties of IS as confidentiality, integrity, availability of information and the technical component of an enterprise involved in technological processes are met. Ensuring IS of an enterprise is effective only with a systematic and comprehensive approach to protection. The information security system should take into account all current information threats and vulnerabilities. Information security threats are analyzed to determine the full set of requirements for the developed security system. A threat is considered relevant if it can be implemented in the information system of the enterprise and poses a threat to information with limited access. It is shown that the list of threats to information security of an industrial enterprise is very wide and is limited not only to those considered in this article. It is very important to maintain a high level of enterprise information security, especially at critical information infrastructure facilities.

IRISK METHOD FOR SECURITY ESTIMATION OF THE SIMULATION POLYGON FOR THE PROTECTION OF CRITICAL INFORMATION RESOURCES

2019 ◽  
Author(s):  
Bogdan Korniyenko ◽  
Lilia Galata
Keyword(s):  
Risk Assessment ◽  
Information System ◽  
Information Security ◽  
Risk Analysis ◽  
Information Resources ◽  
Security System ◽  
Assessment System ◽  
Automated System ◽  
Information Risk ◽  
Critical Information

In this article, the research of information system protection by ana­ ly­ zing the risks for identifying threats for information security is considered. Information risk analysis is periodically conducted to identify information security threats and test the information security system. Currently, various information risk analysis techni­ ques exist and are being used, the main difference being the quantitative or qualitative risk assessment scales. On the basis of the existing methods of testing and evaluation of the vulnerabilities for the automated system, their advantages and disadvantages, for the possibility of further comparison of the spent resources and the security of the information system, the conclusion was made regarding the deter­ mi­ nation of the optimal method of testing the information security system in the context of the simulated polygon for the protection of critical information resources. A simula­ tion ground for the protection of critical information resources based on GNS3 application software has been developed and implemented. Among the considered methods of testing and risk analysis of the automated system, the optimal iRisk methodology was identified for testing the information security system on the basis of the simulated. The quantitative method Risk for security estimation is considered. Generalized iRisk risk assessment is calculated taking into account the following parameters: Vulnerabili­ ty  — vulnerability assessment, Threat — threat assessment, Control — assessment of security measures. The methodology includes a common CVSS vul­ nerability assessment system, which allows you to use constantly relevant coefficients for the calculation of vulnerabilities, as well as have a list of all major vulnerabilities that are associated with all modern software products that can be used in the automated system. The known software and hardware vulnerabilities of the ground are considered and the resistance of the built network to specific threats by the iRisk method is calculated.

scholarly journals SELECTING SAFETY PACKAGE COMPONENTS OF ENTERPRISE INFORMATION SYSTEM FOLLOWING REQUIREMENTS OF STANDARD LEGAL DOCUMENTS

2018 ◽  
Vol 18 (3) ◽  
pp. 333-338
Author(s):  
E. A. Vitenburg ◽  
A. A. Levtsova
Keyword(s):  
Information System ◽  
Information Security ◽  
International Standards ◽  
Protection System ◽  
Enterprise Information System ◽  
Enterprise Information ◽  
Research Results ◽  
Legal Documents ◽  
The Russian Federation ◽  
Selection Of

Introduction. Production processes quality depends largely on the management infrastructure, in particular, on the information system (IS) effectiveness. Company management pays increasingly greater attention to the safety protection of this sphere. Financial, material and other resources are regularly channeled to its support. In the presented paper, some issues on the development of a safety enterprise information system are considered.Materials and Methods. Protection of the enterprise IS considers some specific aspects of the object, and immediate threats to IT security. Within the framework of this study, it is accepted that IS are a complex of data resources. A special analysis is resulted in determining categories of threats to the enterprise information security: hacking; leakage; distortion; loss; blocking; abuse. The connection of these threats, IS components and elements of the protection system is identified.  The requirements of normative legal acts of the Russian Federation and international standards regulating this sphere are considered. It is shown how the analysis results enable to validate the selection of the elements of the IS protection system.Research Results. A comparative analysis of the regulatory literature pertinent to this issue highlights the following. Different documents offer a different set of elements (subsystems) of the enterprise IS protection system. To develop an IS protection program, you should be guided by the FSTEC Order No. 239 and 800-82 Revision 2 Guide to ICS Security.Discussion and Conclusions. The presented research results are the basis for the formation of the software package of intellectual support for decision-making under designing an enterprise information security system. In particular, it is possible to develop flexible systems that allow expanding the composition  of the components (subsystems).

scholarly journals Information Security of Critically Important Information Systems

2019 ◽  
Vol 8 (4) ◽  
pp. 9030-9034
Keyword(s):  
Information System ◽  
Information Systems ◽  
Information Security ◽  
Legal Regulation ◽  
Security Threats ◽  
Legal Basis ◽  
Sources Of Information ◽  
Effective Mechanism ◽  
System Information

The article provides a comprehensive analysis of the concepts related to the information security of critically important information systems in Russia. Today, problems exist, which are associated with numerous threats to Russian information security due to the rapidly increasing role of the information sphere. To solve these problems, an effective mechanism is needed to prevent and eliminate these threats. To develop the organizational and legal basis of the mechanism, it is necessary to define a number of concepts, such as information security, critically important information system, information infrastructure, etc. The authors explore Russian legal regulation, as well as international experience and research on this topic. The article shows the main sources of information security threats and defines general principles and approaches to ensuring information security of critically important information systems. The concept and types of critically important information systems are identified and the necessity of developing and improving their legal regulation is substantiated. A number of legal and organizational measures aimed at ensuring the information system security of Russian infrastructure are proposed.

FORMALIZATION OF THE APPROACH TO DETERMINING THE DEGREE OF SOCIAL DAMAGE FOR INFORMATION SYSTEM OPERATORS

2020 ◽  
pp. 545-550
Author(s):  
Оксана Михайловна Голембиовская ◽  
Екатерина Владимировна Кондрашова ◽  
Михаил Юрьевич Рытов ◽  
Кирилл Евгеньевич Шинаков ◽  
Сергей Александрович Ермаков ◽  
...  
Keyword(s):  
Information System ◽  
Information Security ◽  
Russian Federation ◽  
Regulatory Framework ◽  
Security Threats ◽  
Security Properties ◽  
The Russian Federation ◽  
Degree Of Damage ◽  
Social Damage

На сегодняшний день в нормативно-правовой базе Российской Федерации отсутствуют точные механизмы определения степени ущерба от нарушения свойств информационной безопасности. Имеющиеся упоминания о степени ущерба (Приказ № 17ФСТЭК, проект методики ФСТЭК 2015 года) предлагают экспертный аппарат определения точных значений степени ущерба, а, следовательно, полученные результаты у экспертов разных направленностей и уровня знаний будут разными. В данной статье приведен подход к определению степени социального ущерба, основанный на проекте методики ФСТЭК по определению угроз безопасности информации в ИС от 2015 года. To date, the regulatory framework of the Russian Federation does not have precise mechanisms for determining the degree of damage caused by a violation of information security properties. The existing references to the degree of damage (Order No. 17FSTEC, draft FSTEC methodology 2015) offer an expert apparatus for determining the exact values of the degree of damage, and, consequently, the results obtained by experts of different fields and levels of knowledge will be different. This article presents an approach to determining the degree of social damage based on the draft FSTEC methodology for determining information security threats in IP from 2015.

scholarly journals The security system for maintenance of the required information security level

2018 ◽  
Vol 210 ◽  
pp. 04005
Author(s):  
Maciej Kiedrowicz ◽  
Jerzy Stanik
Keyword(s):  
Information System ◽  
Quality Management ◽  
Information Security ◽  
Working Conditions ◽  
Information Resources ◽  
Security System ◽  
Security Level ◽  
Security Feature ◽  
Organizational Configurations ◽  
The Impact

The article outlines the concept of maintaining the required security level of the information system in the organization (SIO) through appropriate control of the security configurations of the security system. The security system (SS) model was proposed and its basic elements characterized to maintain the current security level of the information resources. The desired current security feature of the SIO shall be obtained by generating appropriate security technical and organizational configurations from the set of permissible solutions. The proposed concept, which takes into account the impact of not only basic security elements of the information resources (e.g. types of resources, security attributes, risks, vulnerability), but also changes in the working conditions of the information system and security system as well as the entire security and quality management environment of the organization, constitutes own proposal of the authors.

scholarly journals Application of Digital Twin Technology for Modelling of Information Security Level of Industrial Plant

2021 ◽  
Vol 248 ◽  
pp. 02007
Author(s):  
Natalia Mikhailovna Kuznetsova ◽  
Tatyana Vladimirovna Karlova
Keyword(s):  
Information Security ◽  
Integrated Approach ◽  
Industrial Plant ◽  
Security Level ◽  
Special Role ◽  
Security Threats ◽  
Automated Systems ◽  
Digital Twin ◽  
Internal Information ◽  
High Level

Maintaining the high level of information security at all stages of production is one of the most important tasks of modern industrial plans. In this case, the complex (integrated) approach plays a special role in which information security is realized on maximum number of automated systems and communication channels. The article is devoted to the mechanism of modelling the realization of external and internal information security threats by means of digital twin application. The presented model is a generalized digital copy of all industrial automated systems.

scholarly journals Safeguarding the Information Systems in an Organization through Different Technologies, Policies, and Actions

2019 ◽  
Vol 12 (2) ◽  
pp. 117
Author(s):  
Hend K. Alkahtani
Keyword(s):  
Information System ◽  
Information Security ◽  
Security Policy ◽  
Background Information ◽  
Security Threats ◽  
Security Threat ◽  
Information Security Policy ◽  
Study Results ◽  
Improved Performance ◽  
Awareness Level

Background: Information system use has substantially increased among the organization based on its effective integration of the resources and improved performance. The increasing reliance on the information system serves as a great security threat for the firms. Objective: The study intends to evaluate the security of the information system in the organization located in the region of Saudi Arabia, concerning the user’s awareness level. Methods: The quantitative design of the study is adopted which uses the survey approach. A close-ended questionnaire is used for evaluating the awareness level among the individuals. A total of 109 participants (males and females) in the Saudi Company were recruited for the study. Results: Despite the implementation of the policy, employees were unaware of it. The study highlights that the development of the firm’s information security policy requires the firm to make employees aware of the significance of the information security. Conclusion: The study concludes that the organization needs to educate the workforce of the information security policy and develop their necessary understanding of the information security system. This allows the employees to identify and report security threats and risks which helps in the improvement of information security awareness.

Sign in / Sign up

Export Citation Format

Share Document