POSSIBLE APPROACHES TO CATEGORIZATION OF CRITICAL INFORMATION INFRASTRUCTURE OBJECTS

This chapter is devoted to developing formalization methods for identification and security objects of critical information infrastructure (CII) in civil aviation. The analysis of modern approaches to the CII identification was carried out that gave a possibility to determine weaknesses and to formalize a scientific researches task. As a result, the unified data model was developed for formalizing the process of a list of CII objects forming in certain field and at the state level. Moreover, the specialized technique was developed. Besides, the identification method was proposed, and it gives a possibility to determine elements of CII field, mutual influences, and influence on functional operations of critical aviation information system. Furthermore, special software was developed and implemented that can be useful for CII elements identification and also for determining its influences on functional operations. Also, the basic aspects of cybersecurity ensuring for identified critical aviation information system were described in this chapter.

Download Full-text

Provision of security of the Unified Federal Information Register Containing Data on the Population of the Russian Federation

Национальная безопасность / nota bene ◽

10.7256/2454-0668.2020.6.34670 ◽

2020 ◽

pp. 10-18

Author(s):

Artem Nikolaevich Gulemin

Keyword(s):

Information System ◽

Public Relations ◽

Russian Federation ◽

Personal Data ◽

Information Infrastructure ◽

Legal Regulation ◽

Critical Information ◽

The Russian Federation ◽

The Government ◽

Legal Security

The object of this research is the public relations with regards to processing of information in the Unified Federal Information Register Containing Data on the Population of the Russian Federation n. Besides the Federal Law “On the Unified Federal Information Register Containing Data on the Population of the Russian Federation”, the subject of this research is legislation in the area of personal data and legislation on the critical information infrastructure. Based on the main formal and substantive aspects, the author defines the indicated register as a variety of register-based information; substantiates the relevance of application of the principles of framework regulation of information law in the context of creating the register; raises the question on the need to recognize the information system that processes data contained in the register as a valuable object of critical information infrastructure. The novelty of this research consists in the fact that this article is one of the first works dedicated to provision of legal security of the Unified Federal Information Register Containing Data on the Population of the Russian Federation. The following conclusions and proposals on improvement of legislation are formulated: 1) The principles of legal regulation established by legislation with regards to information as the object of legal regulation should be applied to the created register; any unauthorized actions with a separate register entry should be viewed as violation of integrity of the entire object. 2) Due to critical importance of the data contained in the register, it is essential to set confidentiality restrictions, and recognize the federal nformation system that processes data contained in the register as a valuable object of critical information infrastructure. 3) In the text of the Law “On the Unified Federal Information Register Containing Data on the Population of the Russian Federation”, it is necessary to specify the responsibilities of operator of the federal information system who maintains the federal register and compliance with the requirements of legislation on the security of critical information infrastructure. It is also necessary to clarify the provisions of the Decree of the Government of the Russian Federation that establishes a list of criteria of importance of the objects of critical information infrastructure of the Russian Federation and their value.

Download Full-text

Critical information infrastructure: sustainability assessment

Radio Industry (Russia) ◽

10.21778/2413-9599-2018-28-4-59-67 ◽

2018 ◽

Vol 28 (4) ◽

pp. 59-67

Author(s):

V. A. Minaev ◽

I. D. Korolev ◽

E. V. Zelentzova ◽

R. I. Zakharchenko

Keyword(s):

Information System ◽

Sustainability Assessment ◽

Resistance Index ◽

Information Infrastructure ◽

System Stability ◽

Practical Significance ◽

Critical Information ◽

The Stability ◽

Main Components ◽

Definition Of

The paper considers the approach to the assessment of critical information infrastructure circulating in the information system in terms of confrontation. The novelty of the study is a promising method allowing assessment of complex technical systems with a high degree of criticality and uncertainty of description. The value of the integral criterion is proposed as an assessment of the ability to implement the objective function of critical information infrastructure at each time point. Based on this method, it became possible to improve the quality of substantiation of new ways of confrontation in the information space. The paper addresses the problem of information system stability. Its main components and management properties that determine the stability of the system functioning as a whole are considered. A classification of critical information infrastructure systems is proposed. A formal definition of the cyber resistance index, as well as method and algorithm for its calculation, are given. The practical significance is that the new method of assessment can be used to improve the efficiency of critical information infrastructure management.

Download Full-text

Critical Aviation Information Systems

Research Anthology on Reliability and Safety in Aviation Systems, Spacecraft, and Air Transport ◽

10.4018/978-1-7998-5357-2.ch013 ◽

2021 ◽

pp. 341-366

Author(s):

Sergiy Gnatyuk ◽

Zhengbing Hu ◽

Viktoriia Sydorenko ◽

Marek Aleksander ◽

Yuliia Polishchuk ◽

...

Keyword(s):

Information System ◽

Information Systems ◽

Data Model ◽

State Level ◽

Information Infrastructure ◽

The State ◽

Civil Aviation ◽

Critical Information ◽

Special Software ◽

Specialized Technique

This chapter is devoted to developing formalization methods for identification and security objects of critical information infrastructure (CII) in civil aviation. The analysis of modern approaches to the CII identification was carried out that gave a possibility to determine weaknesses and to formalize a scientific researches task. As a result, the unified data model was developed for formalizing the process of a list of CII objects forming in certain field and at the state level. Moreover, the specialized technique was developed. Besides, the identification method was proposed, and it gives a possibility to determine elements of CII field, mutual influences, and influence on functional operations of critical aviation information system. Furthermore, special software was developed and implemented that can be useful for CII elements identification and also for determining its influences on functional operations. Also, the basic aspects of cybersecurity ensuring for identified critical aviation information system were described in this chapter.

Download Full-text

Ensuring the security of critical information infrastructure: the powers of the federal government bodies of the Russian Federation

Relevant issues of management, economics and economic security ◽

10.31483/r-32617 ◽

2019 ◽

Author(s):

Ilia Pavlovich Mikhnev ◽

Svetlana Vladimirovna Mikhneva

Keyword(s):

Information Security ◽

Federal Government ◽

Russian Federation ◽

Legal Status ◽

Information Infrastructure ◽

Critical Information ◽

Security Service ◽

Presidential Decree ◽

Computer Attacks ◽

The Russian Federation

The article discusses the competences and powers of the state authorities of the Russian Federation within their legal status in the field of ensuring the security of critical information infrastructure. Some functions and authorities in the field of information security have changed in a number of federal executive bodies. In particular, the Federal Security Service, on the basis of a presidential decree, is authorized to create a state system for detecting, preventing and eliminating the consequences of computer attacks on information resources of the Russian Federation. However, not all rights and obligations are enshrined; a number of powers cause the duality of the legal status of certain federal bodies of state power. The clarity and unambiguity of securing the rights and obligations of state bodies authorized in the field of information security are guarantees for effectively ensuring the security of important information infrastructure facilities.

Download Full-text

IRISK METHOD FOR SECURITY ESTIMATION OF THE SIMULATION POLYGON FOR THE PROTECTION OF CRITICAL INFORMATION RESOURCES

Visnyk Universytetu “Ukraina” ◽

10.36994/2707-4110-2019-2-23-27 ◽

2019 ◽

Author(s):

Bogdan Korniyenko ◽

Lilia Galata

Keyword(s):

Risk Assessment ◽

Information System ◽

Information Security ◽

Risk Analysis ◽

Information Resources ◽

Security System ◽

Assessment System ◽

Automated System ◽

Information Risk ◽

Critical Information

In this article, the research of information system protection by ana ly zing the risks for identifying threats for information security is considered. Information risk analysis is periodically conducted to identify information security threats and test the information security system. Currently, various information risk analysis techni ques exist and are being used, the main difference being the quantitative or qualitative risk assessment scales. On the basis of the existing methods of testing and evaluation of the vulnerabilities for the automated system, their advantages and disadvantages, for the possibility of further comparison of the spent resources and the security of the information system, the conclusion was made regarding the deter mi nation of the optimal method of testing the information security system in the context of the simulated polygon for the protection of critical information resources. A simula tion ground for the protection of critical information resources based on GNS3 application software has been developed and implemented. Among the considered methods of testing and risk analysis of the automated system, the optimal iRisk methodology was identified for testing the information security system on the basis of the simulated. The quantitative method Risk for security estimation is considered. Generalized iRisk risk assessment is calculated taking into account the following parameters: Vulnerabili ty — vulnerability assessment, Threat — threat assessment, Control — assessment of security measures. The methodology includes a common CVSS vul nerability assessment system, which allows you to use constantly relevant coefficients for the calculation of vulnerabilities, as well as have a list of all major vulnerabilities that are associated with all modern software products that can be used in the automated system. The known software and hardware vulnerabilities of the ground are considered and the resistance of the built network to specific threats by the iRisk method is calculated.

Download Full-text