Computational experiment for the purpose of determining the probabilistic and temporal characteristics of information security systems against unauthorized access in automated information systems

Article explores application methods for systems structural analysis to use in study of security in information systems, which is based on variants of general attack scenarios, features of cybersecurity culture, q-analysis, which is part of MCQA . General security system analysis usually is based on different factors, which include technical means, human-related mistakes in different ways and respond to security incidents. Q-analysis presents the basic principles of constructing model of information security systems elements connectivity on the example of two sets: set of threats and sets of security measures for information security and calculated numerical values. Elements of the two sets of are interconnected and form the basis of a system for ensuring their security. These calculations can be used to further determine overall formal assessment of security of the organization.

Download Full-text

MODERN TOOLS FOR INFORMATION SECURITY SYSTEMS

NEWS OF THE NATIONAL ACADEMY OF SCIENCES OF THE REPUBLIC OF KAZAKHSTAN ◽

10.32014/2021.2518-1726.2 ◽

2021 ◽

Vol 335 (1) ◽

pp. 14-18

Author(s):

N. Baisholan ◽

K.E. Kubayev ◽

T.S. Baisholanov

Keyword(s):

Information System ◽

Risk Management ◽

Information Systems ◽

Information Security ◽

Information Technologies ◽

Business Processes ◽

Security Audit ◽

Security Systems ◽

Security Models ◽

Methods And Techniques

Efficiency of business processes in modern organizations depends on the capabilities of applied information technologies. The article describes and analyzes the role and features of audit tools and other methodological tools and models in ensuring the quality and security of information systems. The standard’s principles are reviewed, as well as the importance of meeting business needs. In order to protect virtual values in a company’s system environment, the importance of using information security models is revealed. Practical proposals in risk management and information security in information technology are analyzed through the COBIT standard. Measures for protecting the information system of an organization from accidental, deliberate or fake threats are considered. The possibility of using one of the real information security models by the information recipient or provider in accordance with the requirements of external processes is reported. Furthermore, in connection with increase in the number of attack methods and techniques and development of their new tools and vectors, the need to improve and ways to ensure information security are being considered. The essential tasks of security audit are considered, and the stages of their implementation are described. With regard to security of information systems, an analytical model is proposed for determining vulnerability’s numerical value.

Download Full-text

Mobile Public Key Infrastructures

Encyclopedia of Mobile Computing and Commerce ◽

10.4018/978-1-59904-002-8.ch097 ◽

2007 ◽

pp. 581-588

Author(s):

I. Chochliouros ◽

G. Lalopoulos ◽

S. Chochliouros ◽

A. Spiliopoulou

Keyword(s):

Information Systems ◽

Information Security ◽

European Commission ◽

Public Key ◽

Security Measures ◽

Data Confidentiality ◽

Malicious Software ◽

Unauthorized Access

From today’s perspective, network and information security (European Commission, 2001) is about ensuring the availability of services and data; preventing the disruption and unauthorized interception of communications; confirming that data sent, received, or stored is complete and unchanged; securing data confidentiality; protecting information systems against unauthorized access; and protecting against attacks (involving malicious software and securing dependable authentication—that is, the confirming of an asserted identity of entities or users). Specific security measures therefore should be taken in order to establish an appropriate environment.

Download Full-text

Information security in organisations

Zeszyty Naukowe Akademii Sztuki Wojennej ◽

10.5604/01.3001.0010.3530 ◽

2017 ◽

Vol 105 (4) ◽

pp. 167-187

Author(s):

Joanna Werner ◽

Edyta Szczepaniuk

Keyword(s):

Information Systems ◽

Information Security ◽

Private Sector ◽

Empirical Research ◽

Legal Basis ◽

Monitoring Methods ◽

Security Systems ◽

Public And Private ◽

Security Models ◽

Public And Private Sector

The paper presents recommended methods of information security systems designs. The analysis comprises the essence and elements of information security, but also the relations between them. The systemic approach to the studied area required providing characteristics of legal basis and information security models – ISO/IEC and TISM. Also characterised were the implementation, exploitation, and monitoring methods of information systems. The paper concludes with a presentation of results of empirical research conducted in public and private sector entities, as well as conclusions and recommendations.

Download Full-text

Methods of Estimating Reliability of Information Security Systems which Protect from Unauthorized Access in Automated Systems

SPIIRAS Proceedings ◽

10.15622/sp.2019.18.6.1301-1332 ◽

2019 ◽

Vol 18 (6) ◽

pp. 1301-1332 ◽

Cited By ~ 1

Author(s):

Oksana Bokova ◽

Irina Drovnikova ◽

Andrei Etepnev ◽

Evgeniy Rogozin ◽

Victor Khvostov

Keyword(s):

Information Security ◽

Structural Complexity ◽

Systems Design ◽

Software Systems ◽

Automated Systems ◽

Security Systems ◽

Unauthorized Access ◽

Reliability Indicators ◽

Actual Design ◽

Guidance Documents

Modern methods of protecting information from unauthorized access in automated systems are based on the use of specialized information security systems from unauthorized access. Security systems are necessarily included in the form of additional software systems in the software as in a secure execution. Information security systems from unauthorized access can be developed not only in a process of automated systems design, but also complement the system-wide software of functioning systems. The use of the information security systems from unauthorized access can reduce a overall reliability of the automated systems, if they contain errors that are not detected during debugging. The reliability of the information security systems affects effectiveness of information security (confidentiality, integrity and availability). Guidelines of the Federal Service for Technical and Export Control (FSTEC) of Russia are a methodological basis for the formation of the information security systems’ image both in the process of development and in the process of modernization of the automated systems. The guidance documents of FSTEC of Russia do not contain methodological approaches to assessing the reliability of these program systems. In this regard, the actual design of techniques of estimating reliability of the information security systems from unauthorized access in automated systems in a secure execution. The structural complexity of the information security systems from unauthorized access and large number of functions performed necessitates the use of three reliability indicators that characterize the system in solving problems of confidentiality, integrity and availability of information. To develop the technique, the known methods of evaluating the reliability of complex systems are used, which do not allow their decomposition into serial and parallel connection. The developed methods were tested in assessing the reliability of the information security systems from unauthorized access with typical indicators of initial characteristics. The results of calculations and prospects of using the developed methods are presented in the paper.

Download Full-text

RISK MINIMIZATION MODEL FOR INFORMATION SECURITY SYSTEMS WITH COST CONSTRAINTS

Новые импульсы развития: вопросы научных исследований. Сборник статей XII Международной научно-практической конференции: сборник статей, [электронное издание сетевого распространения] / Под ред. Н.В. Емельянова. – М.: “КДУ”, “Добросвет”, 2021. – 199 с. ◽

10.31453/kdu.ru.978-5-7913-1175-7-2021-81-87 ◽

2021 ◽

Author(s):

Olga Nikolaevna Yarkova ◽

◽

Anastasiya Sergeevna Yarkova ◽

Keyword(s):

Information Security ◽

Optimal Distribution ◽

Risk Minimization ◽

Security Systems ◽

Protective Properties ◽

Unauthorized Access ◽

Cost Constraints ◽

Level Information ◽

Multi Level ◽

Access To Data

The paper presents a model of nonlinear programming that allows us to determine the optimal distribution of costs for improving the protective properties of a multi-level information security system that minimizes the risk of unauthorized access to data for a system described by the Markov model. A study of the protective properties depending on the allocated investments of the system was carried out.

Download Full-text

MODEL OF THE PROCESS OF PROTECTING INFORMATION FROM COMPUTER INTELLIGENCE IN INFORMATION SYSTEMS OF ORGANIZATIONS

Высокие технологии и инновации в науке: сборник избранных статей Международной научной конференции (Санкт-Петербург, Июль 2020) ◽

10.37539/vt186.2020.79.61.004 ◽

2020 ◽

Author(s):

Вадим Георгиевич Ерышов ◽

Никита Вадимович Ерышов

Keyword(s):

Information Systems ◽

Information Security ◽

Simulation Model ◽

Automated Systems ◽

Security Systems ◽

Source Data

В статье приведено описание имитационной модели, позволяющей оценивать процесс защиты информации от компьютерной разведки в автоматизированных системах организаций в зависимости от варьируемых исходных данных, а также разрабатывать требования для перспективных систем защиты информации. The article describes a simulation model that allows us to evaluate the process of protecting information from computer intelligence in automated systems of organizations, depending on the varying source data, as well as to develop requirements for advanced information security systems.

Download Full-text

MODEL OF THE PROCESS OF FUNCTIONING OF THE INFORMATION PROTECTION SYSTEM FROM UNAUTHORIZED ACCESS CREATED IN THE SOFTWARE ENVIRONMENT OF IMITATION MODELING "CPN TOOLS"

Herald of Dagestan State Technical University Technical Sciences ◽

10.21822/2073-6185-2019-46-1-90-102 ◽

2019 ◽

Vol 46 (1) ◽

pp. 90-102

Author(s):

O. I. Bokova ◽

I. G. Drovnikov ◽

A. D. Popov ◽

E. A. Rogozin

Keyword(s):

Simulation Model ◽

Computational Experiment ◽

Protection System ◽

Automated System ◽

Information Protection ◽

Software Environment ◽

Unauthorized Access ◽

Temporal Characteristics ◽

Cpn Tools ◽

Technical Specifications

Objectives. At present, conducting a computational experiment on a system for protecting information from unauthorized access operated in an automated system is a time consuming process. The greatest difficulty in this area of research is the determination of probabilistic-temporal characteristics and the formation of reports during the operation of the information protection system. In order to analyze, obtain and study the probabilistic-time characteristics of this system, it is necessary to develop a mathematical model of its operation using an imitational modeling tool.Method. One of the methods for solving this problem is a computational experiment, which is based on the construction of a simulation model. The CPN Tools environment was chosen as a software simulation product, the main advantages of which are: a high level of visualization, the ability to generate various reports on the system operation, fast modifiability of models for solving a different class of problems, as well as integration with other software means for the formation of graphical dependencies.Result. A simulation model of the system for protecting information from unauthorized access in the “CPN Tools” software environment was developed. protected performance.Conclusion. The presented im-model model of protecting information from unauthorized access in the software environment “CPN Tools” can be used as a tool in assessing the security of special bodies for the attestation of informatization objects and structural divisions of authorized departments. It can also be used in the design of such systems in order to prevent logical errors, determine their temporal characteristics and compare with the existing ones in accordance with the technical specifications for the system being developed to protect information from unauthorized access.

Download Full-text

Practical Training of Students on the Extraction and Analysis of Big Data

KnE Social Sciences ◽

10.18502/kss.v3i2.1565 ◽

2018 ◽

Vol 3 (2) ◽

pp. 361 ◽

Cited By ~ 1

Author(s):

Prokhorov I.V. ◽

Kochetkov O.T. ◽

Filatov A.A.

Keyword(s):

Big Data ◽

Information Systems ◽

Information Security ◽

Application Programming Interface ◽

The Internet ◽

Practical Training ◽

Security Systems ◽

Application Programming ◽

Data Scientist ◽

Programming Interface

The article deals with questions of studies, development and practical use in teaching complex laboratory work on extracting and analyzing big data to train specialists in the specialty 10.05.04 "Information and Analytical Security Systems", direction of training "Information sSecurity of Financial and Economic Structures" in the framework of the educational discipline "Distributed Automated Information Systems". Keywords: big data, data scientist, extraction, processing and analysis of big data, information security of financial and economic structures, the Internet, Yandex, Google, application programming interface –API.

Download Full-text