scholarly journals BASIC ASPECTS OF CONFIDENTIAL INFORMATION SECURITY IN CRITICAL INFORMATION INFRASTRUCTURE OBJECTS

2020 ◽  
Vol 1 (9) ◽  
pp. 170-181
Author(s):  
Sergiy Gnatyuk ◽  
Viktoriia Sydorenko ◽  
Yuliia Sotnichenko
Keyword(s):  
Information Security ◽  
Information And Communication Technologies ◽  
Critical Infrastructure ◽  
Rapid Development ◽  
Information Infrastructure ◽  
Telecommunication Networks ◽  
Security Requirements ◽  
Confidential Information ◽  
Critical Information ◽  
Types Of Information

The rapid development of information and communication technologies has increased the vulnerabilities of various networks, systems and objects as well as made it much more difficult to ensure their reliable protection and security. All these factors have led to the fact that the world's leading countries have begun to pay considerable attention to cybersecurity and critical information infrastructure protection. However, the protection of various types of information with restricted access (in particular, confidential information) at critical infrastructure objects remains unexplored. With this in mind, the paper analyzes the existing approaches of the world's leading countries to the confidential information protection at critical infrastructure. The analysis revealed that today there are no comprehensive, multifunctional methods of protecting confidential information at critical information infrastructure. In addition, the classification of critical information infrastructure objects according to information security requirements is developed. This classification by determining the type of processing information, possible access modes and criticality category, allows to ensure unity of approaches to protection of these objects belonging to different types, including information systems, automated control systems and information-telecommunication networks.

scholarly journals ON THE FORMATION OF LEGAL AND SCIENTIFIC BASES OF ENSURING THE SAFETY OF CRITICAL INFORMATION INFRASTRUCTURE OF THE RUSSIAN FEDERATION

2019 ◽  
Vol 29 (5) ◽  
pp. 644-654
Author(s):  
N.M. Kurbatov
Keyword(s):  
Information Security ◽  
Russian Federation ◽  
Critical Infrastructure ◽  
Information Infrastructure ◽  
Significant Information ◽  
Critical Information ◽  
Foreign Countries ◽  
History Of ◽  
The Russian Federation ◽  
Definition Of

The concept of critical information infrastructure is analyzed. The history of its formation and consolidation in the legal space of Russian legislation is considered. The article studies the experience of foreign countries in the field of ensuring information security in general and protecting critical infrastructure in particular. The relevance of the chosen topic is due to the course taken by the Russian Federation for the development of the information society in the country, as well as the need to protect significant information systems and resources of state authorities. The author of the article reveals the terms included in the definition of critical information infrastructure, enshrined in the legislation of the Russian Federation. In conclusion, the main problems of the considered regulatory legal acts are highlighted, recommendations are given on the further development of the information security system of critical infrastructure.

Ensuring the security of critical information infrastructure: the powers of the federal government bodies of the Russian Federation

2019 ◽  
Author(s):  
Ilia Pavlovich Mikhnev ◽  
Svetlana Vladimirovna Mikhneva
Keyword(s):  
Information Security ◽  
Federal Government ◽  
Russian Federation ◽  
Legal Status ◽  
Information Infrastructure ◽  
Critical Information ◽  
Security Service ◽  
Presidential Decree ◽  
Computer Attacks ◽  
The Russian Federation

The article discusses the competences and powers of the state authorities of the Russian Federation within their legal status in the field of ensuring the security of critical information infrastructure. Some functions and authorities in the field of information security have changed in a number of federal executive bodies. In particular, the Federal Security Service, on the basis of a presidential decree, is authorized to create a state system for detecting, preventing and eliminating the consequences of computer attacks on information resources of the Russian Federation. However, not all rights and obligations are enshrined; a number of powers cause the duality of the legal status of certain federal bodies of state power. The clarity and unambiguity of securing the rights and obligations of state bodies authorized in the field of information security are guarantees for effectively ensuring the security of important information infrastructure facilities.

scholarly journals Information Interference as a Phenomenon of the Contemporary International Policy Subjects Activity

2020 ◽  
pp. 148-160
Author(s):  
Sergey Volodenkov
Keyword(s):  
Information Security ◽  
Information And Communication Technologies ◽  
Rapid Development ◽  
Political Stability ◽  
Collective Responsibility ◽  
External Information ◽  
The Internet ◽  
Information Warfare ◽  
Interference Phenomenon ◽  
Political Processes

Introduction. The author aims to analyze the phenomenon of information interference with national political processes in the conditions of the contemporary information society and the evolution of the Internet as a space of political communications. The article shows that the digital information intervention is relevant and at the same time, a complex multidimensional phenomenon of contemporary politics. In many respects, the potential of the digital interference phenomenon is closely related to the essential features of functioning and the transformation of the contemporary Internet, which has been actively used when changing political regimes in many countries. The problem of information security and sovereignty of the present state on the Internet is becoming one of the most urgent in the conditions of the rapid development of information and communication technologies. Methods and materials. The issues identified in the article are investigated using the methods of comparative, structural-functional and normative analysis, included observation, as well as the case-study method. The method of scientific forecasting and scripting techniques has allowed to form a scenario for the effective settlement of international conflicts in the field of information security. The empirical base of the study is reports of foreign experts, official materials of state authorities of the Russian Federation and foreign countries, reports of Freedom House international organization, official speeches and statements by the heads of state on the issues outlined in the work. Analysis. Countering external information expansion is becoming one of the most critical tasks of effective political governance at the state level to preserve the sovereignty of the national political communication space, including domestic segments of the Internet. The initiatives of states to form the sovereign national segments of the Internet space are, on the one hand, an attempt to protect their political systems from external influence and invasion, to ensure their own political stability, and on the other hand, they create risks for the democratic potential of the Internet. The article substantiates the thesis that the phenomenon of interference in elections in actual practice often becomes not so much an objective process as an instrument of information warfare, mass political propaganda and discrediting political opponents, a manipulative tool that can be actively used not only by authoritarian regimes with a low level of democratic development. Results. The study shows that differences in understanding and defining the essence of the Internet by various countries give rise to a significant potential for political conflicts on a global scale. This circumstance leads the author to the conclusion that it is necessary to form international institutions capable of preventing and regulating information conflicts in the Internet space, as well as reducing global political risks (including risks associated with potential interference in the electoral process of sovereign states). The implementation of this scenario will allow forming a collective responsibility in the functioning of the global Internet.

scholarly journals Conceptual principles for ensuring effective protection of information in the context of economic security of the enterprise

2020 ◽  
pp. 84-92
Author(s):  
A.V. Pecheniuk
Keyword(s):  
Information Security ◽  
Information And Communication Technologies ◽  
Security Policy ◽  
Criminal Responsibility ◽  
Economic Security ◽  
Information Policy ◽  
Security System ◽  
Theory And Practice ◽  
Confidential Information ◽  
Information Security Policy

The necessity of formation of an effective information security system of the enterprise is substantiated. It is emphasized that when designing an information policy, the firm must comply with the requirements of the current legislation, take into account the level of technical support, especially the regulation of employees' access to confidential information, etc. It is stated that the costs of organizing information security measures should be appropriate to its value. The article identifies major threats that could be breached by confidential information. The list of the main normative legal acts aimed at bringing to civil, administrative and criminal responsibility for illegal collection, disclosure and use of information constituting a trade secret. The main stages of building an information security policy are summarized, the most common types of information threats related to the use of modern computer technologies are described. The necessity of developing a domestic original accounting (management) program that could be used in the long term by the vast majority of Ukrainian enterprises is pointed out. There are three groups of tools that are applied in the theory and practice of information security of the enterprise (active, passive and combined), emphasizing the need for planning and continuous monitoring in real time of all important processes and conditions that affect data security. It is noted that even if the information security system is built taking into account all modern methods and means of protection, it does not guarantee one hundred percent protection of the information resources of the enterprise, but a well-designed information security policy allows to minimize the corresponding risks. Key words: information security, information policy, information security, confidential information, information threats, information and communication technologies, software.

Attackers

2012 ◽  
pp. 41-58
Author(s):  
Eduardo Gelbstein
Keyword(s):  
Information Security ◽  
Information Infrastructure ◽  
Critical Information ◽  
Weakest Link ◽  
Terrorist Organization ◽  
Security Expert

Of the three groups of components of information security – tools, processes, and people- the last one should be considered as the weakest link. People range from the tired or unaware employee that clicks on a link that infects a computer or a network, to the security expert working for a criminal, military, or terrorist organization attacking a critical information infrastructure. This chapter examines the various classes of potential attackers and the techniques currently used to perpetrate such attacks.

Governing Critical ICT: Elements that Require Attention

2015 ◽  
Vol 6 (2) ◽  
pp. 263-270 ◽  
Author(s):  
Eric Luiijf ◽  
Marieke Klaver
Keyword(s):  
Information And Communication Technologies ◽  
Critical Infrastructure ◽  
Service Providers ◽  
Communication Technologies ◽  
Internet Service Providers ◽  
Internet Service ◽  
Policy Makers ◽  
Telecommunication Services ◽  
Critical Information ◽  
Information And Communication

With respect to critical information and communication technologies (ICT), nations most often declare their national critical infrastructure to include telecommunication services and in some cases critical services offered by key Internet Service Providers (ISP). This paper debates whether nations, their policy-makers, legislation and regulation largely overlook and fail to properly govern the full set of ICT elements and services critical to the functioning of their nation. The related societal and economical risk, however, needs to be closely mitigated, managed and governed. Legal and regulatory obligations to increase the ICT resilience may sometimes encourage this process.

scholarly journals Network-Centric Monitoring for Cyber Incidents in Sectors of Critical State Infrastructure

2018 ◽  
pp. 80-89
Author(s):  
Sergiy O. Gnatyuk ◽  
Vitaliy V. Kishchenko ◽  
Vitaliy V. Kotelianets ◽  
Madina Bauyrzhan
Keyword(s):  
Information And Communication Technologies ◽  
Communication Systems ◽  
Business Processes ◽  
Human Life ◽  
Information Infrastructure ◽  
The State ◽  
Risk Level ◽  
Incident Management ◽  
Critical Information ◽  
Information And Communication

Information and communication technologies implementation in most areas of human life is aimed at improving the efficiency of business processes, but the emergence of new vulnerabilities and cyberthreats generates cybersecurity incidents. To localize and neutralize incidents effective management techniques are necessary. These processes are very actual for critical information infrastructure of the state, because destructive influences on objects of critical information infrastructure can cause big losses for the state (human life, material and status losses). Known methods for incidents management are not oriented on some special components and parameters of the cyberspace. It complicates implementation of these methods in real information and communication systems. From this viewpoint, in this paper the concept of network-centric incident management was developed. It allows to identify the most important (real) objects of critical information infrastructure protection and cybersecurity incidents to predict the categories that arise as a result of specific cyberattacks and their risk level. Further research study consists in instrumental tools based on mentioned concept. These tools can be useful for incidents prediction (character and level of losses) in information and communication systems of state critical infrastructure objects.

scholarly journals Information Security Of Estonia: Experience For Ukraine

2019 ◽  
pp. 26-38
Author(s):  
L.V. Zinych
Keyword(s):  
Information Security ◽  
Critical Infrastructure ◽  
Personal Data ◽  
Information Infrastructure ◽  
Administrative Services ◽  
Personal Data Protection ◽  
The Creation ◽  
The Republic ◽  
The Individual ◽  
Concept Of Information

The article deals with features of information security in the Republic of Estonia. It is noted that the main factors that have helped to increase the level of information security in Estonia are the developed information infrastructure, effective cybersecurity policy and reliable protection of personal data. Cybersecurity depends on a combination of cybercrime, provision of critical infrastructure and e-services, and national defense. In the area of personal data protection, it is reasonable to create a private data market where companies and researchers propose to submit a date of use and license / lease / sale related to offers or license, lease, sell or withdraw their data from use. Analyzing the experience of the Republic of Estonia in information security, there are several factors that have become the basis for the creation of a secure information environment. First, only a comprehensive information policy enables the security of enterprises, institutions, organizations and the state as a whole. Secondly, Estonia has made every effort to ensure cybersecurity (as a component of information security) and has created favorable conditions for the arrival of foreign IT companies with significant capital and innovation. Third, in the context of information security, considerable attention in Estonia is given to the protection and use of personal data, which is carried out as transparently as possible, using digital signatures and encrypted messages. Practical recommendations for Ukraine’s acquisition of Estonia’s information security experience are provided. We believe that raising the level of information security will help a number of the following activities: 1) Create a working group with the involvement of international experts to develop the concept of information security and regulatory support for its activities 2) Ensure the creation of a single national electronic information resource in the concept of information security. 3) Enter a unique national ID for the individual. 4) Create a single secure web portal for electronic services with the possibility of creating electronic offices of individuals for receiving administrative services. Keywords: information security, cybersecurity, information infrastructure, personal data.

scholarly journals Selection Method of Test Cyber Attacks that Ensure the Rational Completeness of the Penetration Testing of a Critical Information Infrastructure Object

2021 ◽  
pp. 12-25
Author(s):  
Sergey Makarenko ◽  
◽  
Gleb Smirnov ◽  
Keyword(s):  
Critical Infrastructure ◽  
Selection Process ◽  
Information Infrastructure ◽  
Selection Method ◽  
Cyber Attacks ◽  
Cyber Attack ◽  
Security Audit ◽  
Penetration Testing ◽  
Critical Information ◽  
Efficiency Cost

Relevance. Security issues of information systems in critical infrastructure objects become important now. However, current tasks of information security audit of critical infrastructure objects are mainly limited to checking them for compliance with requirements of standards and documents. With this approach to the audit, security of these objects from real attacks by hackers remains unclear. Therefore, objects are subjected to a testing procedure, namely, penetration testing, in order to objectively verify their security. An analysis of publications in this area shows that there is not mathematical approaches to selection of test cyber attacks for penetration testing set. The goals of the paper is to form the selection method of test cyber attacks that ensure the rational completeness of the security audit of a critical information infrastructure object. Research methods. Methods of probability theory and mathematical statistics, methods of graph theory and set theory are used in the paper to achieve the research goals. Results. The Select Method of test cyber attacks for security audit of a critical information infrastructure object with rational completeness is presented in the paper. This method formalizes the selection process in the form of a two-stage procedure. At the first stage, based on the topological model of the object testing, a set of testing paths is formed, and these paths are ordered by the degree of weight increase. The path weight is the efficiency/cost indicator that takes in account the test resource for realized of a test cyber attack, the vulnerability of an object element, and the level of damage caused to the element by this test cyber attack. At the second stage of the method, from an ordered set of test paths are selected of such, which would ensure the maximization of the whole absolute cost of the detected damage, within the limits on the resource making of test cyber attacks. It is using of this method in audit practice will allow us to justify the most effective test cyber attacks according to the “efficiency/cost” criterion, as well as to form test sets that will ensure the rational completeness of the audit of the critical infrastructure object.

Sign in / Sign up

Export Citation Format

Share Document