Resilience and Protection of Critical Information Infrastructure Resilience and Protection of Critical Information Infrastructure

The article deals with resilience and protection of critical information infrastructure elements. The elements affect rapid recovery of the system to its original state and the increase of resistance during the subsequent emergency events. The article also deals with sectoral and cross-sectional criteria for determining the critical information infrastructure elements, which are closely related to resilience and protection. Risk assessment has been conducted in the area of critical information infrastructure. Finally, amendments of the Czech Cyber Security Act have been mentioned.

Download Full-text

Critical Information Infrastructure Protection (CIIP) and Cyber Security in Africa – Has the CIIP and Cyber Security Rubicon Been Crossed?

Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering - e-Infrastructure and e-Services for Developing Countries ◽

10.1007/978-3-642-29093-0_11 ◽

2012 ◽

pp. 116-124

Author(s):

Basie von Solms ◽

Elmarie Kritzinger

Keyword(s):

Cyber Security ◽

Information Infrastructure ◽

Infrastructure Protection ◽

Critical Information

Download Full-text

Cyber Risk Assessment Model for Critical Information Infrastructure

2020 International Conference on Power Electronics & IoT Applications in Renewable Energy and its Control (PARC) ◽

10.1109/parc49193.2020.236613 ◽

2020 ◽

Author(s):

Dharmendra Kumar ◽

Aamir Hussain Khan ◽

Himanshu Nayyar ◽

Vinita Gupta

Keyword(s):

Risk Assessment ◽

Information Infrastructure ◽

Assessment Model ◽

Risk Assessment Model ◽

Critical Information ◽

Cyber Risk

Download Full-text

Some issues of improving state planning in the sphere of cyber security in conditions of hybrid threats

INFORMATION AND LAW ◽

10.37750/2616-6798.2021.1(36).238191 ◽

2021 ◽

pp. 114-122

Author(s):

S. GRIBOIEDOV

Keyword(s):

Strategic Planning ◽

Public Administration ◽

Cyber Security ◽

Information Infrastructure ◽

Information Resources ◽

Security Strategy ◽

State Planning ◽

State Information ◽

Critical Information ◽

Hybrid Threats

The main principles of state strategic planning in the sphere of cybersecurity are considered. The directions of improvement of public administration in the field of cyber protection of a critical information infrastructure and state information resources are identified. The shortcomings of the Cyber Security Strategy of Ukraine in 2016 are analyzed and summarized. The draft of Cyber Security Strategy of Ukraine for 2021 – 2025 is considered and directions for its improvement are proposed. The prospects of strategic state planning in the sphere of cybersecurity in the context of the spread of hybrid threats are outlined.

Download Full-text

Principles of legal regulation of the institute of information security

Uzhhorod National University Herald. Series: Law ◽

10.24144/2307-3322.2021.66.22 ◽

2021 ◽

Vol 66 ◽

pp. 129-134

Author(s):

M.V. Baran

Keyword(s):

Information Security ◽

Cyber Security ◽

Information Structure ◽

Information Infrastructure ◽

Legal Regulation ◽

Careful Study ◽

Basic Principles ◽

Critical Information ◽

Wide Range ◽

Legal Security

The article in the context of methodologies of systematic analysis of legal phenomena reveals the content of the principles of legal regulation of the institute of information security. It is noted that information security is defined as the impossibility of causing harm by means of a security object, due to information and information structure. Principles play an important role in the legal provision of information security. The basic principles of legal regulation of the information sphere are enshrined in the Laws "On Information", "On the Basic Principles of Cyber Security of Ukraine", most of which are key to the development of legal regulation of information security processes. In order to improve the information security system from various challenges and threats, it is proposed to enshrine in information legislation the principle of presumption of security of critical information infrastructure, which establishes that critical information infrastructure is considered protected as long as the organizational and legal security of these facilities requirements set forth in regulations in the field of information security. It is stated that a wide range of problems of information security of the individual, society and state, development of cybersecurity culture, ensuring privacy and protection of access rights, protection of information systems, resources and networks, expanding the use of information technology in public administration, other information problems security needs careful study. The principles of legal regulation in the field of information security are revealed through normative detail. It is emphasized that with the development of scientific and technological progress and the latest forms of processing and use of information, the principles of regulation in the field of information security need to be correlated at the level of regulatory support.

Download Full-text

Analysis of Cybersecurity Requirements of Automated Process Control Systems As Critical Information Infrastructure

Èlektronnoe modelirovanie ◽

10.15407/emodel.43.04.103 ◽

2021 ◽

Vol 43 (4) ◽

pp. 103-112

Author(s):

O. Bakalynskyi ◽

◽

D. Pakholchenko ◽

Keyword(s):

Process Control ◽

Control Systems ◽

Cyber Security ◽

Information Infrastructure ◽

Automated Control ◽

Critical Information ◽

Technological Processes ◽

Process Control Systems ◽

Automated Process

The analysis of the current legislation and the best world practices on cyber protection of automated control systems of technological processes in which requirements for realization of cyber protection of objects of critical information infrastructure are offered is carried out. Problematic issues related to cyber security of critical information infrastructure objects are given.

Download Full-text

Legal and organizational provision of protection of the critical information infrastructure from cyberattacks

INFORMATION AND LAW ◽

10.37750/2616-6798.2021.4(39).248832 ◽

2021 ◽

pp. 121-128

Author(s):

S. CIAPA

Keyword(s):

United States ◽

Organizational Support ◽

Cyber Security ◽

Critical Infrastructure ◽

Information Infrastructure ◽

The United States ◽

Cyber Attacks ◽

Positive Experience ◽

Security Strategy ◽

Critical Information

The article considers the legal and organizational aspects of ensuring the protection of the critical information infrastructure from cyberattacks. Attention is drawn to the positive experience of the United States in ensuring the resilience of the objects of critical infrastructure. The provisions of the new Cyber Security Strategy of Ukraine are analyzed, one of the priorities of which is to improve the regulatory framework for cyber security of critical information infrastructure. The shortcomings of the previous Cyber Security Strategy of Ukraine (2016) are noted. Contains a detailed analysis of legislation and initiatives on providing cybersecurity. General requirements for cyber protection of critical infrastructure objects are considered. Based on the analysis of the current legislation on cyber security of Ukraine, ways to improve the legal and organizational support for the protection of the critical information infrastructure from cyber attacks are proposed.

Download Full-text

Approach of Risk Assessment for Railway Critical Information Infrastructure Based on Fuzzy Analytic Hierarchy Process

2020 IEEE 5th International Conference on Signal and Image Processing (ICSIP) ◽

10.1109/icsip49896.2020.9339457 ◽

2020 ◽

Author(s):

Zhu Guang-jie ◽

Yao Hong-lei ◽

Yang Yi-jie

Keyword(s):

Risk Assessment ◽

Analytic Hierarchy Process ◽

Information Infrastructure ◽

Fuzzy Analytic Hierarchy Process ◽

Analytic Hierarchy ◽

Critical Information ◽

Hierarchy Process

Download Full-text

Cyber-security risk assessment framework for critical infrastructures

Intelligent Automation & Soft Computing ◽

10.31209/2018.100000049 ◽

2018 ◽

pp. -1--1 ◽

Cited By ~ 2

Author(s):

Zubair Baig ◽

Sherali Zeadally

Keyword(s):

Risk Assessment ◽

Cyber Security ◽

Critical Infrastructures ◽

Assessment Framework ◽

Security Risk ◽

Security Risk Assessment

Download Full-text

Ensuring the security of critical information infrastructure: the powers of the federal government bodies of the Russian Federation

Relevant issues of management, economics and economic security ◽

10.31483/r-32617 ◽

2019 ◽

Author(s):

Ilia Pavlovich Mikhnev ◽

Svetlana Vladimirovna Mikhneva

Keyword(s):

Information Security ◽

Federal Government ◽

Russian Federation ◽

Legal Status ◽

Information Infrastructure ◽

Critical Information ◽

Security Service ◽

Presidential Decree ◽

Computer Attacks ◽

The Russian Federation

The article discusses the competences and powers of the state authorities of the Russian Federation within their legal status in the field of ensuring the security of critical information infrastructure. Some functions and authorities in the field of information security have changed in a number of federal executive bodies. In particular, the Federal Security Service, on the basis of a presidential decree, is authorized to create a state system for detecting, preventing and eliminating the consequences of computer attacks on information resources of the Russian Federation. However, not all rights and obligations are enshrined; a number of powers cause the duality of the legal status of certain federal bodies of state power. The clarity and unambiguity of securing the rights and obligations of state bodies authorized in the field of information security are guarantees for effectively ensuring the security of important information infrastructure facilities.

Download Full-text

IRISK METHOD FOR SECURITY ESTIMATION OF THE SIMULATION POLYGON FOR THE PROTECTION OF CRITICAL INFORMATION RESOURCES

Visnyk Universytetu “Ukraina” ◽

10.36994/2707-4110-2019-2-23-27 ◽

2019 ◽

Author(s):

Bogdan Korniyenko ◽

Lilia Galata

Keyword(s):

Risk Assessment ◽

Information System ◽

Information Security ◽

Risk Analysis ◽

Information Resources ◽

Security System ◽

Assessment System ◽

Automated System ◽

Information Risk ◽

Critical Information

In this article, the research of information system protection by ana ly zing the risks for identifying threats for information security is considered. Information risk analysis is periodically conducted to identify information security threats and test the information security system. Currently, various information risk analysis techni ques exist and are being used, the main difference being the quantitative or qualitative risk assessment scales. On the basis of the existing methods of testing and evaluation of the vulnerabilities for the automated system, their advantages and disadvantages, for the possibility of further comparison of the spent resources and the security of the information system, the conclusion was made regarding the deter mi nation of the optimal method of testing the information security system in the context of the simulated polygon for the protection of critical information resources. A simula tion ground for the protection of critical information resources based on GNS3 application software has been developed and implemented. Among the considered methods of testing and risk analysis of the automated system, the optimal iRisk methodology was identified for testing the information security system on the basis of the simulated. The quantitative method Risk for security estimation is considered. Generalized iRisk risk assessment is calculated taking into account the following parameters: Vulnerabili ty — vulnerability assessment, Threat — threat assessment, Control — assessment of security measures. The methodology includes a common CVSS vul nerability assessment system, which allows you to use constantly relevant coefficients for the calculation of vulnerabilities, as well as have a list of all major vulnerabilities that are associated with all modern software products that can be used in the automated system. The known software and hardware vulnerabilities of the ground are considered and the resistance of the built network to specific threats by the iRisk method is calculated.

Download Full-text