scholarly journals IMPROVED MODEL OF ESTIMATING ECONOMIC EXPENDITURES ON THE INFORMATION PROTECTION SYSTEM IN SOCIAL NETWORKS

2021 ◽  
Vol 12 (4) ◽  
pp. 19-28
Author(s):  
Oleksandr Laptiev ◽  
Valentyn Sobchuk ◽  
Andrii Sobchuk ◽  
Serhii Laptiev ◽  
Tatiana Laptieva
Keyword(s):  
Social Networks ◽  
Information Security ◽  
Value Of Information ◽  
The State ◽  
Information Resources ◽  
Security System ◽  
Theory And Practice ◽  
Information Protection ◽  
Economic Costs ◽  
Proposed Model

In modern conditions, an important role in ensuring the information security of the enterprise and especially its economic component belongs to the processes of information security of the state as a whole. The key role in building security systems of information resources as components of national information resources of the state is played by theory and practice, in which the scientific and methodological basis is the basis for making sound and effective management decisions of the information security of the state at all levels. The article analyzes the approaches to estimating the assessment of economic costs for the information security system. The base model is selected. Using the basic model of assessing the level of protection of information in the social network from external influences on the information social resource, improvements were made to assess the economic feasibility of implementing a mechanism of technical means of information protection in social networks depending on the value of information. The improvement is based on the assumption that the amount of funds allocated by the attacking party is equal to the value of the information, the value of the information is the same for both parties, and the opposing parties are on equal terms. The main parameters on which the efficiency of the proposed model of estimating economic costs depends. The efficiency of the proposed model of estimating economic costs depends on the accuracy of formulating the probability of success of protection and determining the value of information. The prospect of further research and development may be aimed at taking into account in the model additional factors that affect the estimation of costs for the information security system, which will allow calculations to be performed with greater accuracy.

scholarly journals Improving the stochastic model to identify threats of damage or unauthorized leakage

2020 ◽  
Author(s):  
O. R. Stefurak ◽  
◽  
Yu. O. Tykhonov ◽  
O. A. Laptyev ◽  
S. A. Zozulya
Keyword(s):  
Information Security ◽  
Stochastic Model ◽  
Analytical Data ◽  
The State ◽  
Information Resources ◽  
Theory And Practice ◽  
Security Measures ◽  
Information Activity ◽  
Critical Components ◽  
National Information

The key role in building security systems of information resources as components of national information resources of the state is played by theory and practice, in which the scientific and methodological base is the basis for making sound and effective management decisions by information security of the state at all levels. The article identifies critical components of information space security based on an analytical analysis of threats of damage or unauthorized leakage of information at the objects of information activity. Based on the obtained analytical data, the stochastic model of threats of damage or unauthorized leakage of information at the objects of information activity has been improved. Based on the results of the proposed model, modeling was performed in order to confirm the analytical data and identified priorities for information security. The most critical areas and threats to information security are identified. The obtained results allow to plan the information security system taking into account the most probable threats. Plan and implement priority information security measures. Focus on protecting more likely areas of threat.

ALGORITHM FOR DETERMINING THE DEGREE VALUES OF CONFIDENTIAL DOCUMENTS OF THE ORGANIZATION

2017 ◽  
pp. 80-88
Author(s):  
Sergey Valerevich Belov ◽  
Irina Mikhalovna Kosmacheva ◽  
Irina Vyacheslavovna Sibikina
Keyword(s):  
Information Security ◽  
Russian Federation ◽  
Value Of Information ◽  
Weighting Factor ◽  
State Regulation ◽  
The State ◽  
Information Security Management ◽  
Pair Comparison ◽  
The Russian Federation ◽  
Properties Of Information

To solve the problem of information security management the method was proposed that allows determining the degree of importance of confidential documents of the organization. The urgency of the proposed algorithm was substantiated taking into account the requirements of the legislation of the Russian Federation in the sphere of information security. The stages prior to the formation of the list of confidential documents of the organization were described. A review of the main documents of the legal and regulatory framework was carried out including documents relating to the state regulation of relations in the sphere of information security. The classes of protected information for the accessing categories were considered. The criteria changes of the value of information in the process of time were represented. The algorithm of formation of the list of confidential documents of the organization based on the properties of information was offered. The algorithm is based on an expert method of pair comparison of alternatives. The result of the use of this method is a number of confidential documents, ranked in descending order of importance. For each document the weighting factor of importance can be calculated. The verification stage of the degree of expert consistency was included in the methodology to eliminate the use of erroneous expert data. The application of the methodology is illustrated by a calculated example.

IRISK METHOD FOR SECURITY ESTIMATION OF THE SIMULATION POLYGON FOR THE PROTECTION OF CRITICAL INFORMATION RESOURCES

2019 ◽  
Author(s):  
Bogdan Korniyenko ◽  
Lilia Galata
Keyword(s):  
Risk Assessment ◽  
Information System ◽  
Information Security ◽  
Risk Analysis ◽  
Information Resources ◽  
Security System ◽  
Assessment System ◽  
Automated System ◽  
Information Risk ◽  
Critical Information

In this article, the research of information system protection by ana­ ly­ zing the risks for identifying threats for information security is considered. Information risk analysis is periodically conducted to identify information security threats and test the information security system. Currently, various information risk analysis techni­ ques exist and are being used, the main difference being the quantitative or qualitative risk assessment scales. On the basis of the existing methods of testing and evaluation of the vulnerabilities for the automated system, their advantages and disadvantages, for the possibility of further comparison of the spent resources and the security of the information system, the conclusion was made regarding the deter­ mi­ nation of the optimal method of testing the information security system in the context of the simulated polygon for the protection of critical information resources. A simula­ tion ground for the protection of critical information resources based on GNS3 application software has been developed and implemented. Among the considered methods of testing and risk analysis of the automated system, the optimal iRisk methodology was identified for testing the information security system on the basis of the simulated. The quantitative method Risk for security estimation is considered. Generalized iRisk risk assessment is calculated taking into account the following parameters: Vulnerabili­ ty  — vulnerability assessment, Threat — threat assessment, Control — assessment of security measures. The methodology includes a common CVSS vul­ nerability assessment system, which allows you to use constantly relevant coefficients for the calculation of vulnerabilities, as well as have a list of all major vulnerabilities that are associated with all modern software products that can be used in the automated system. The known software and hardware vulnerabilities of the ground are considered and the resistance of the built network to specific threats by the iRisk method is calculated.

scholarly journals МІЖНАРОДНИЙ ДОСВІД ІНФОРМАЦІЙНОЇ БЕЗПЕКИ

2019 ◽  
pp. 95-109
Author(s):  
К. В. К. В. Захаренко
Keyword(s):  
Civil Society ◽  
Information Security ◽  
National Security ◽  
The State ◽  
Information Space ◽  
Modern World ◽  
Information Protection ◽  
Important Indicator ◽  
External Threats ◽  
National Information

In our state there are a number of complex problems in the field of information security that require urgent and radical solution. That’s why theoretical, methodological and political research of the problem of information security in Ukraine, which is experiencing a crisis phase of its development, is becoming especially relevant today. In order to develop an effective system of national information security, a detailed study of the experience of the leading countries of the world, which carry out effective information protection of their states and citizens, is necessary. Today there are national information security systems that have really proven their effectiveness and structural and functional perfection. Indeed, the successful development of a democratic state and civil society is possible only if the information resources are properly used and the state policy is implemented, which would ensure a high level of national information security. In the modern world, the basic principles and tools for the formation of effective information protection of the national security space have been developed already. At the same time, Ukraine needs to apply adequately the foreign experience of the most successful countries in this regard, correctly transforming it taking into account national specificity and the unique role of Ukraine in modern geopolitics. As an important indicator of the protection of citizens, society and state, information security is an integral part of national security. Therefore, its determination mainly focuses on preventing harmful effects that may result in various information threats, as well as eliminating and overcoming those effects with the least possible harm to society and humans. In this aspect, the study of not only the philosophical and phenomenological and socio-psychological determinants of information security of citizens, but also political and legal resources and mechanisms of protection of the information space of the state in the conditions of the functioning of the global information society acquires a special significance. А content analysis of the notion «information security» as a form of national security aimed at ensuring human rights and freedoms in relation to free information access, creation and implementation of secure information technologies and protection of the property rights of all participants of information activities, includes consideration of possible diversions in this area, especially at the international level. Today there is a situation of incompleteness of formation and fragmentary filling of the information space content of the country and the legislative base in our society. The efficiency of the information weapon itself has increased too quickly due to the rapid information circulation and the spread of information networks. As a result, mass media forms the «mass» person of our time, in turn this fact displaces traditional direct contacts, by dissociating people and replacing them by computers and television. At the same time it gives rise to apathy, uncritical attitude and indifference, it complicates the adequate orientation, causing the social disorientation. Informative safety has the human measuring. Therefore an important role in opposition to destructive external and internal informative influences is played by education of citizens. Her proper level called to provide the state and civil society. An in fact uneducated population easily is under destructive influence of informative threats of the modern global world. Unfortunately, Ukraine, does not have sufficient resources and technologies for adequate opposition to the external threats. Taking into account it strategy of forming of the national system of informative safety of our state can be only the maximal leveling of destructive influences from the side of external informative threats. To the end it is necessary to carry out democratic reforms Ukraine, generate civil society, to provide functioning of the legal state and increase of political and civil culture of population. At the same time it is necessary to bear reformers in a mind, that global nature of informative society predetermines rapid transformation of external threats in internal, converting them into permanent calls which are opened out within the limits of national in a civilized manner-informative and socio-political space. Besides modern global informative systems, mass medias, network facilities do a limit between external and internal threats almost unnoticeable.

scholarly journals Conceptual principles for ensuring effective protection of information in the context of economic security of the enterprise

2020 ◽  
pp. 84-92
Author(s):  
A.V. Pecheniuk
Keyword(s):  
Information Security ◽  
Information And Communication Technologies ◽  
Security Policy ◽  
Criminal Responsibility ◽  
Economic Security ◽  
Information Policy ◽  
Security System ◽  
Theory And Practice ◽  
Confidential Information ◽  
Information Security Policy

The necessity of formation of an effective information security system of the enterprise is substantiated. It is emphasized that when designing an information policy, the firm must comply with the requirements of the current legislation, take into account the level of technical support, especially the regulation of employees' access to confidential information, etc. It is stated that the costs of organizing information security measures should be appropriate to its value. The article identifies major threats that could be breached by confidential information. The list of the main normative legal acts aimed at bringing to civil, administrative and criminal responsibility for illegal collection, disclosure and use of information constituting a trade secret. The main stages of building an information security policy are summarized, the most common types of information threats related to the use of modern computer technologies are described. The necessity of developing a domestic original accounting (management) program that could be used in the long term by the vast majority of Ukrainian enterprises is pointed out. There are three groups of tools that are applied in the theory and practice of information security of the enterprise (active, passive and combined), emphasizing the need for planning and continuous monitoring in real time of all important processes and conditions that affect data security. It is noted that even if the information security system is built taking into account all modern methods and means of protection, it does not guarantee one hundred percent protection of the information resources of the enterprise, but a well-designed information security policy allows to minimize the corresponding risks. Key words: information security, information policy, information security, confidential information, information threats, information and communication technologies, software.

scholarly journals The effectiveness of the Centralized Use of Digital Technologies, Information Resources and Information Protection Tools in Government by the Example of the Republic of Tyva

2020 ◽  
Vol 23 (6) ◽  
pp. 99-114
Author(s):  
B. S. Dongak ◽  
A. S. Shatohin ◽  
R. V. Meshcheryakov
Keyword(s):  
Risk Management ◽  
Information Security ◽  
Management System ◽  
Economic Effect ◽  
Security Management ◽  
Information Resources ◽  
Information Protection ◽  
Information Security Management ◽  
Information Security Management System ◽  
Software And Hardware

Purpose of research. The purpose of this study is to assess the possibility of applying the methodology for centralized management of systems and information risks using the example of informatization of public departments of Republic of Tyva in order to optimize the cost of purchasing technical, software and hardware-software means of protecting information, as well as the payroll of maintenance technical personnel.Methods. One of the main research methods is the creation of an experimental model of the mechanism of a single information and computing network, combining various government departments located within the same administrative building, which allows working simultaneously with distributed or centralized applications, databases and other services, as well as centralized information risk management security. The next research method is the analysis and study of the principle of operation of information resources, information systems, databases, and the increase in the number of domain users if they are combined into a single data transfer network. The interaction and effectiveness of personnel, a specialized unit based on one government agency, ensuring the regular functioning of the network and the necessary level of information security for all government departments.Results. As a result, an economic effect is achieved by eliminating the acquisition of duplicate software and hardware information protection, increasing the efficiency of using unified information services, and creating a centralized structural unit that uses risk management tools and makes information security management decisions based on the principles of system analysis , structuring method and expert survey methods. The results of the study have been used in solving problems of improving the information security management system of the authorities of Republic of Tyva.Conclusion. We have developed the original information technology architecture of the information security management system and centralized use of information technologies for the government of Republic of Tyva. The distinctive features of the structure of software tools for the centralized approach are the multi-agent implementation of the control elements of the decision support system and the integration of various types of security management models into a single complex. 

scholarly journals Information security as an object of regulation in the law of Ukraine

2021 ◽  
pp. 11-22
Author(s):  
Iryna Sopilko
Keyword(s):  
Information Security ◽  
National Security ◽  
Information Society ◽  
Central Element ◽  
Information Policy ◽  
The State ◽  
Information Protection ◽  
State Information ◽  
Depth Analysis ◽  
Problematic Issue

The study gives definitions of information security and related terms, such as cybersecurity, national security, and others, indicates the goals, objects, subjects of the concepts under consideration. The author also considers the features of the foundation and development of the information society in Ukraine, the components of its state information policy for ensuring information security, and identifies the key operations of activity of state bodies in the information sphere. The approaches of scientists who studied certain aspects of national and information security were analyzed, based on their work valuable conclusions were drawn and the conceptual basis of the article was formed. Independently, the definition and characteristics of external and internal threats to the information security of the country are given, methods for solving the problems arising in this connection are introduced, ways of ensuring the information security of the state are indicated. Information security in this study is considered as the central element of the national security of Ukraine, as well as a problematic issue in the field of information protection and ensuring the high-quality functioning of the information space. The author made an in-depth analysis of the existing regulatory and legal instruments for ensuring information security, pointed out their shortcomings, and gave recommendations for their further advancement. Also, recommendations are given to improve the current situation with the regulation of information security in the country, the directions of the state information policy are suggested and ways to ensure the continuity of the functioning of the information security system of Ukraine are indicated.

THE PUBLIC POLICY OF INFORMATION SOCIETY

2016 ◽  
Vol 4 (2) ◽  
pp. 0-0
Author(s):  
Alina Yakymchuk ◽  
Victoria Yaroshchuk
Keyword(s):  
Public Policy ◽  
State Policy ◽  
Information Society ◽  
The State ◽  
Information Resources ◽  
General State ◽  
Information Protection ◽  
The Public ◽  
Entire Complex ◽  
The Creation

The main objectives of the state policy in the field of information, which is the reason for the creation of appropriate conditions for achieving this goal were definited. In particular, coordination of the central executive authorities to address the problems of information, execution of functions of the general state of the customer National Informatization Program projects, the organization of international cooperation in matters of information and the like. The state policy of information covers the entire complex of relations that arise: in the creation, collection, storage, processing, storage, retrieval and dissemination of information; in the preparation and use of information and information resources; while ensuring the sovereignty of information, information security and information protection.

scholarly journals The security system for maintenance of the required information security level

2018 ◽  
Vol 210 ◽  
pp. 04005
Author(s):  
Maciej Kiedrowicz ◽  
Jerzy Stanik
Keyword(s):  
Information System ◽  
Quality Management ◽  
Information Security ◽  
Working Conditions ◽  
Information Resources ◽  
Security System ◽  
Security Level ◽  
Security Feature ◽  
Organizational Configurations ◽  
The Impact

The article outlines the concept of maintaining the required security level of the information system in the organization (SIO) through appropriate control of the security configurations of the security system. The security system (SS) model was proposed and its basic elements characterized to maintain the current security level of the information resources. The desired current security feature of the SIO shall be obtained by generating appropriate security technical and organizational configurations from the set of permissible solutions. The proposed concept, which takes into account the impact of not only basic security elements of the information resources (e.g. types of resources, security attributes, risks, vulnerability), but also changes in the working conditions of the information system and security system as well as the entire security and quality management environment of the organization, constitutes own proposal of the authors.

scholarly journals Theoretical and methodological substantiation of the structure of the state national security system

2021 ◽  
Vol 7 (3B) ◽  
pp. 421-437
Author(s):  
Mikhail Yuryevich Zelenkov ◽  
Sergey Vladimirovich Smulsky ◽  
Larisa Mikhaylovna Herrera ◽  
Diana Borisovna Shalmieva ◽  
Larisa Vyacheslavovna Nefedova
Keyword(s):  
Mathematical Model ◽  
National Security ◽  
21St Century ◽  
Current Situation ◽  
The State ◽  
Security System ◽  
Theory And Practice ◽  
Innovative Approach ◽  
Goals And Objectives

The purpose of the article is the identification, building, and theoretical and methodological justification of the structure of the state national security system. The methodology of the study was a retrospective approach that allowed studying the structure of the elements and links of the state national security system in dynamics, comparing the current situation in the theory and practice of national security with previous periods, starting from 1943. This made it possible not only to trace changes in the structure of the elements, goals, and objectives of the national security system but also to determine what measures were proposed by scholars and politicians to solve the problem under study. The novelty of the work and its results have been determined by the original innovative approach to the theoretical and methodological justification of the elements of the state national security system and its structure in the conditions of the 21st century, the description of the process of its functioning by a mathematical model.

Sign in / Sign up

Export Citation Format

Share Document