scholarly journals Methods of Developing Recommendations for Improving the Security of Information Systems

2021 ◽  
pp. 18-22
Author(s):  
Natalia Golovacheva ◽  
Keyword(s):  
Information System ◽  
Information Systems ◽  
Information Security ◽  
Information Technologies ◽  
Business Processes ◽  
Assessment Tools ◽  
Security Assessment ◽  
Malicious Attacks ◽  
Growth Trend ◽  
Security Breaches

With the advent of information technologies, information systems have been widely used in organizations and enterprises. The use of information systems allows optimizing the workforce, automating all or part of business processes. However, the use of information systems requires the development of an information security system to minimize malicious attacks. To reduce the likelihood of malicious attacks, there are a large number of software and hardware-based information security tools. The complexity of computing the distribution of the components of information systems complicates the process of creating and configuring protection systems, the number of threats to security are increasing every year. For a timely response to information security incidents, including attacks, it is necessary to use information system security assessment tools to reduce the risks of security breaches. InfoWath statistics show the growth trend of various types of attacks, both from an external attacker and from an internal one. Therefore, one of the most important tasks is to correctly determine the security of information systems. The paper implements a mathematical model for assessing the security of an information system based on the selected methods. The architecture of the software package for assessing the security of the information system is formed.

scholarly journals MODERN TOOLS FOR INFORMATION SECURITY SYSTEMS

2021 ◽  
Vol 335 (1) ◽  
pp. 14-18
Author(s):  
N. Baisholan ◽  
K.E. Kubayev ◽  
T.S. Baisholanov
Keyword(s):  
Information System ◽  
Risk Management ◽  
Information Systems ◽  
Information Security ◽  
Information Technologies ◽  
Business Processes ◽  
Security Audit ◽  
Security Systems ◽  
Security Models ◽  
Methods And Techniques

Efficiency of business processes in modern organizations depends on the capabilities of applied information technologies. The article describes and analyzes the role and features of audit tools and other methodological tools and models in ensuring the quality and security of information systems. The standard’s principles are reviewed, as well as the importance of meeting business needs. In order to protect virtual values in a company’s system environment, the importance of using information security models is revealed. Practical proposals in risk management and information security in information technology are analyzed through the COBIT standard. Measures for protecting the information system of an organization from accidental, deliberate or fake threats are considered. The possibility of using one of the real information security models by the information recipient or provider in accordance with the requirements of external processes is reported. Furthermore, in connection with increase in the number of attack methods and techniques and development of their new tools and vectors, the need to improve and ways to ensure information security are being considered. The essential tasks of security audit are considered, and the stages of their implementation are described. With regard to security of information systems, an analytical model is proposed for determining vulnerability’s numerical value.

scholarly journals MODERN TOOLS FOR INFORMATION SECURITY SYSTEMS

2021 ◽  
Vol 335 (1) ◽  
pp. 14-18
Author(s):  
N. Baisholan ◽  
K.E. Kubayev ◽  
T.S. Baisholanov
Keyword(s):  
Information System ◽  
Risk Management ◽  
Information Systems ◽  
Information Security ◽  
Information Technologies ◽  
Business Processes ◽  
Security Audit ◽  
Security Systems ◽  
Security Models ◽  
Methods And Techniques

Efficiency of business processes in modern organizations depends on the capabilities of applied information technologies. The article describes and analyzes the role and features of audit tools and other methodological tools and models in ensuring the quality and security of information systems. The standard’s principles are reviewed, as well as the importance of meeting business needs. In order to protect virtual values in a company’s system environment, the importance of using information security models is revealed. Practical proposals in risk management and information security in information technology are analyzed through the COBIT standard. Measures for protecting the information system of an organization from accidental, deliberate or fake threats are considered. The possibility of using one of the real information security models by the information recipient or provider in accordance with the requirements of external processes is reported. Furthermore, in connection with increase in the number of attack methods and techniques and development of their new tools and vectors, the need to improve and ways to ensure information security are being considered. The essential tasks of security audit are considered, and the stages of their implementation are described. With regard to security of information systems, an analytical model is proposed for determining vulnerability’s numerical value.

scholarly journals Model and Technique for Abonent Address Masking in Cyberspace

2020 ◽  
pp. 2-13
Author(s):  
Vadim Kuchurov ◽  
◽  
Roman Maximov ◽  
Roman Sherstobitov ◽  
◽  
...  
Keyword(s):  
Information System ◽  
Information Systems ◽  
Information Security ◽  
Information Exchange ◽  
Information Technologies ◽  
System Structure ◽  
Security Requirements ◽  
Kolmogorov Equation ◽  
Basic Set ◽  
Technical Solutions

Regulators charge to counter information security threats against the structural and functional characteristics of the information system to ensure the information security requirements. These requirements include information system structure and composition, information technologies and functioning characteristics, physical and logical, functional and technological interconnections between information system segments. They order false components of information system emulation as a basic step of protection, as well as information technologies hiding, information system configuration management and its switching to predetermined configuration that provides a protection. However that steps are not included into basic set and they protection aims are reached with compensative assets, formalizing and implementing inhibitory orders and set of organizational and technical measures on threat source. The purpose of research – to disclose and to state main ways of search of new technical solutions for structure masking of distributed information systems in cyberspace implementing masking traffic taking into account the requirements for the timeliness of information exchange. The method of research – operations research in the face of uncertainty, the application of the theory of Markov processes and Kolmogorov equation for solving the problem of increasing the efficiency of masking exchange. The result of research – finding the probabilistic and temporal characteristics of the functioning process of the data transmission network when applying technical solutions for information systems masking in cyberspace. The results obtained make it possible to explicitly implement protection measures aimed at forming persistent false stereotypes among violators about information systems and control processes implemented with their help.

USING BLOCKCHAIN TECHNOLOGY TO DEVELOP A CORPORATE INFORMATION SYSTEM IN A PROTECTION PERFORMANCE

2020 ◽  
pp. 399-408
Author(s):  
Петр Юрьевич Филяк ◽  
Максим Константинович Постников ◽  
Семен Евгеньевич Федоров ◽  
Александр Григорьевич Остапенко ◽  
Андрей Петрович Преображенский
Keyword(s):  
Information System ◽  
Information Systems ◽  
Information Security ◽  
Business Processes ◽  
Corporate Information System ◽  
Blockchain Technology ◽  
Block Chain ◽  
Corporate Information Systems ◽  
Corporate Information

В условиях развития информационного общества (Knowledgeable society - KS) информационные системы стали неотъемлемой частью любой организации, даже самой малой, независимо от реализуемых ими бизнес-процессов. Такие информационные системы принято называть корпоративными информационными системами (КИС), или Corporate Information System (CIS). Особые требования при разработке КИС предъявляются к обеспечению их информационной безопасности, что может быть реализовано путем разработки КИС в защищенном исполнении. Технологии blockchain являются очень перспективными не только при применении их в традиционных сферах - производстве, сервисе, на транспорте, но и для решения проблем безопасности и информационной, в частности. Анализу данной проблемы и подходам к ее решению и посвящена данная статья. At present, in the context of the development of Knowledgeable society, information systems are at now an integral part of any organization, even the smallest, regardless of the business processes they implement. Such information systems are commonly referred to as Corporate Information Systems (CIS). Special requirements for the development of CIS are made to ensure their information security, which can be achieved by developing a protected version of the CIS. In this article is considered the analysis of this problem and approaches to its solution. Block Chain technologies are very promising not only when applying them in traditional spheres - manufacturing, service, transport, but also to solve security and information problems, in particular.

scholarly journals Maturity Level Analysis of Inventory Information Systems Using COBIT 4.1 Framework at PT. MEDISTA UTAMA

2021 ◽  
Vol 5 (1) ◽  
pp. 1
Author(s):  
Susi Susilowati
Keyword(s):  
Information System ◽  
Information Systems ◽  
Information Security ◽  
Medical Devices ◽  
Business Processes ◽  
It Governance ◽  
Maturity Level ◽  
A Company ◽  
Level 2 ◽  
Level Analysis

PT. Medista Utama is a company engaged in the distribution of medical devices. We have implemented an information system in the inventory section that is used to control the movement of products in the company. The system used must be able to manage, convey and maintain information security properly. So it is necessary to carry out an audit that aims to evaluate the information system governance that is running and ensure that the existing procedures support the existing business processes in the company. The audits were conducted following the standards of the COBIT 4.1 Framework for IT governance. This study will focus on the Delivery Service and Support (DSS) domain to analyze several aspects of IT that are currently running in this company, from the level of system security used to the management carried out by the system. In this domain, the research is focused on the DS5, DS10, and DS11 sub-domains. From the research results it is known that DS5 is at the level of 1.3; DS10 and DS11 are at level 2 (Repetitive but Intuitive). The conclusion is the level of capability obtained from the inventory information system of PT. Medista Utama is still below the expected level. And many improvements are needed to maximize the company's performance to achieve the expected Maturity Level value.

PROSPECTS FOR THE DEVELOPMENT OF BANKING INFORMATION TECHNOLOGIES IN THE REPUBLIC OF UZBEKISTAN

2020 ◽  
Vol 9 (3) ◽  
pp. 33-38
Author(s):  
Iroda Abdullaeva ◽  
◽  
Dilyora Hoshimova ◽  
Hamdam Xomidov ◽  
Maftuna Raxmonova
Keyword(s):  
Information System ◽  
Information Processing ◽  
Information Systems ◽  
Information Technologies ◽  
The Republic

This article is devoted to the prospects of the development of banking information systems in the Republic of Uzbekistan and highlights issues such as the processing of significant flows of information in the banking information system using advanced information processing tools

Pengembangan Sistem Informasi Siklus Pendapatan pada PT XYZ (Pendekatan Studi Kasus)

2014 ◽  
Vol 5 (1) ◽  
pp. 12-19
Author(s):  
Yohannes Kurniawan ◽  
Janastasha Christie Parapaga
Keyword(s):  
Information System ◽  
Information Systems ◽  
Business Processes ◽  
Design Method ◽  
Accounting Information ◽  
Accounting Information System ◽  
Accounting Information Systems ◽  
Analysis And Design ◽  
Research Goal ◽  
Revenue Cycle

The research goal is to identify and analyze the need of accounting information system related to the revenue cycle at PT XYZ. This paper designing the useful of accounting information systems to support the current business processes, especially on the revenue cycle process. The design method is an Object Oriented Analysis and Design (OOAD) which refers to the modeling and design requirements discipline. And the result achieved by analysis and design of accounting information systems can support current activities of the revenue cycle, especially for the documentation and store of transaction data, and generate reports in accordance with company requirements. Conclusions derived from the analysis and design is the implementation of a webbased application that can help PT XYZ to do the work in different places, such as marketing office, head office and especially at the exhibition. Index Terms - Accounting Information System, revenue cycle, OOAD 

Sistem Informasi Penjualan Online di Universitas Katolik Santo Thomas (Tokounika) Berbasis Web Menggunakan Metode Feature Driven Development

2021 ◽  
pp. 63-71
Author(s):  
Andy Paul Harianja ◽  
Iwada Grawilser Talunohi
Keyword(s):  
Information Technology ◽  
Information System ◽  
Information Systems ◽  
Communication Networks ◽  
Business Processes ◽  
Business Students ◽  
The Internet ◽  
Online Sales ◽  
Catholic University ◽  
Business Entities

The development of the field of information technology is very rapid, therefore many companies, industries, shops and other business entities are using information systems to increase their business. Online sales information systems are used to carry out business processes such as distribution, sales, purchasing, marketing of goods or services by using communication networks and the internet. Online sales information systems can help people who do not have a place or shop to carry out their business. Students in this case, especially at the Catholic University of Santo Thomas, are an opportunity to take advantage of this facility in carrying out their business, especially if they do not have a place or shop to carry out their business. For this reason, an online sales information system was built that can be accessed through the website.

scholarly journals PRACTICAL IMPLEMENTATION OF THE MODEL OF FORMATION OF CADETS' READINESS TO ENSURE INFORMATION SECURITY IN PROFESSIONAL ACTIVITIES

2021 ◽  
Vol 1 ◽  
pp. 119-129
Author(s):  
Dmitry Dvoretsky ◽  
Natalia Kolesnikova ◽  
Oksana Makarkina ◽  
Kira Lagvilava
Keyword(s):  
Information Systems ◽  
Information Security ◽  
Information Technologies ◽  
The State ◽  
Practical Implementation ◽  
Positive Trend ◽  
Pedagogical Tools ◽  
Professional Activities ◽  
Security Issues ◽  
The Stability

The mass introduction of information technologies in the activities of state structures has made it possible to transfer the efficiency of their functioning to a qualitatively new level. Unfortunately, as a means of action, they have characteristic vulnerabilities and can be used not only for good, but also for harm. For the state, as a guarantor of the stability of a civilized society, the issue of ensuring the security of information processing is particularly important. Despite the automation of many information processes, the most vulnerable link in the work of information systems remains a person. A person acts as an operator of information systems and a consumer of information. The entire service process depends on the competence of the operator and the quality of his perception. There are areas of government activity where the cost of error is particularly high. These include ensuring the life and health of citizens, protecting public order and the state system, and ensuring territorial integrity. The specifics of the spheres must be taken into account when ensuring the security of information. This study concerns official activities that are provided by paramilitary groups. Currently, there is a discrepancy in the level of competence of new personnel in the first months of service. The author traces the shortcomings of general and special professional qualities in the field of information security. The purpose of the study is to substantiate certain pedagogical means of forming cadets ' readiness to ensure information security. As forms of theoretical knowledge, we will use the traditional hypothesis and model, as well as functionally distinguishable judgments – problem, assumption, idea and principle. Empirical forms of knowledge will be observation (experimental method) and fixation of facts. To evaluate the effectiveness of the developed pedagogical tools, we use statistical methods: observation (documented and interrogated) and calculation of generalizing indicators. To formulate conclusions, we will use logical methods: building conclusions and argumentation. The approbation of certain pedagogical tools described in this article showed a significant positive trend in terms of competence in information security issues.

scholarly journals Phát triển Framework ứng dụng AI hỗ trợ tự động khai thác lỗ hổng bảo mật

2022 ◽  
Vol 1 (13) ◽  
pp. 80-92
Author(s):  
Nguyễn Mạnh Thiên ◽  
Phạm Đăng Khoa ◽  
Nguyễn Đức Vượng ◽  
Nguyễn Việt Hùng
Keyword(s):  
Information System ◽  
Reinforcement Learning ◽  
Information Security ◽  
Vulnerability Assessment ◽  
Large Scale ◽  
Learning Technology ◽  
Security Assessment ◽  
Security Vulnerability ◽  
Different Levels

Tóm tắt—Hiện nay, nhiệm vụ đánh giá an toàn thông tin cho các hệ thống thông tin có ý nghĩa quan trọng trong đảm bảo an toàn thông tin. Đánh giá/khai thác lỗ hổng bảo mật cần được thực hiện thường xuyên và ở nhiều cấp độ khác nhau đối với các hệ thống thông tin. Tuy nhiên, nhiệm vụ này đang gặp nhiều khó khăn trong triển khai diện rộng do thiếu hụt đội ngũ chuyên gia kiểm thử chất lượng ở các cấp độ khác nhau. Trong khuôn khổ bài báo này, chúng tôi trình bày nghiên cứu phát triển Framework có khả năng tự động trinh sát thông tin và tự động lựa chọn các mã để tiến hành khai thác mục tiêu dựa trên công nghệ học tăng cường (Reinforcement Learning). Bên cạnh đó Framework còn có khả năng cập nhật nhanh các phương pháp khai thác lỗ hổng bảo mật mới, hỗ trợ tốt cho các cán bộ phụ trách hệ thống thông tin nhưng không phải là chuyên gia bảo mật có thể tự động đánh giá hệ thống của mình, nhằm giảm thiểu nguy cơ từ các cuộc tấn công mạng. Abstract—Currently, security assessment is one of the most important proplem in information security. Vulnerability assessment/exploitation should be performed regularly with different levels of complexity for each information system. However, this task is facing many difficulties in large-scale deployment due to the lack of experienced testing experts. In this paper, we proposed a Framework that can automatically gather information and automatically select suitable module to exploit the target based on reinforcement learning technology. Furthermore, our framework has intergrated many scanning tools, exploited tools that help pentesters doing their work. It also can be easily updated new vulnerabilities exploit techniques.

Sign in / Sign up

Export Citation Format

Share Document