ISSUES OF INFORMATION SECURITY OF SOCIETY UNDER THE CONDITIONS OF THE DEVELOPMENT OF DIGITAL ECONOMY

Vestnik NSUEM ◽

10.34020/2073-6495-2021-1-245-253 ◽

2021 ◽

pp. 245-253

Author(s):

N. V. Shcherbakova

Keyword(s):

Information Security ◽

Financial Sector ◽

Protection System ◽

Information Protection ◽

Threat Analysis ◽

Cyber Threats ◽

Speed Of Response ◽

Increased Risk ◽

The World ◽

Major Target

Cybercrime is a growing industry around the world imposing significant costs on firms. Cyber threats have driven companies to build layers of defenses, resorting to a variety of products and services developed by different cybersecurity vendors. The financial sector is a major target for cybercriminals. The pace of cyberattacks is accelerating too quickly for banks to rely on manual threat analysis and response. The financial organizations face a growing threat from malicious cyber activity. In the financial sector, speed of response is critical to identify and block cyber threats. Regulators are taking notice of the increased risk of cyber threats. Paper draws our attention to information protection system of bank.

Download Full-text

COMPUTER SCIENCE, COMPUTER ENGINEERING AND MANAGEMENT METHODICAL APPROACH TO EVALUATING THE PROBABILISTIC TIME PERFORMANCE INDICATOR OF AUTOMATED ADMINISTRATOR OPERATIONS IN INFORMATION PROTECTION SYSTEMS

Herald of Dagestan State Technical University Technical Sciences ◽

10.21822/2073-6185-2019-46-3-87-96 ◽

2019 ◽

Vol 46 (3) ◽

pp. 87-96

Author(s):

A. M. Kadnova

Keyword(s):

Information Security ◽

Performance Indicator ◽

Operation Time ◽

International Standards ◽

Protection System ◽

Information Protection ◽

Security Systems ◽

General Utility ◽

Protection Systems ◽

Truncated Normal

Objectives At present, in accordance with the requirements of the guiding documents of the Federal Service for Technical and Export Control (FSTEC) of Russia, as well as international standards in the development and operation of protected automated systems, it is necessary to evaluate the effectiveness (general utility) of information protection systems. The article is devoted to the development of a method for assessing the ergotechnical characteristics of software information security systems for use the assessment of the general utility of such systems. The aim of the work is to develop a methodology for assessing the probabilistic indicator of the timeliness of typical operations for the administration of information security systems.Method To achieve this goal, user groups were created in order to perform typical administrative operations within the information protection system. The operation time for each group, recorded using the IOGraphV1.0.1 tool, was utilised to calculate the probabilities of timely execution of typical operations by the administrator according to a truncated normal distribution formula.Results An assessment of a probabilistic indicator was carried out in order to evaluate the timeliness of operations performed by the administrator of the information protection system.Conclusion The results can be used in a comprehensive assessment of the effectiveness (reliability) of the automated functioning of information security software systems when modelling and analysing the security of special-purpose informatisation facilities.

Download Full-text

RISK MANAGEMENT IN THE FINANCIAL SECTOR OF UKRAINE IN THE CONTEXT OF CYBER THREATS AND POST-PANDEMIC ECONOMIC RECOVERY

INNOVATIVE ECONOMY ◽

10.37332/2309-1533.2021.3-4.3 ◽

2021 ◽

pp. 19-27

Author(s):

Nazar Demchyshak ◽

Anastasiia Shkyria

Keyword(s):

Risk Management ◽

National Security ◽

Cyber Security ◽

Financial Sector ◽

Cyber Attacks ◽

Cyber Threats ◽

The World ◽

Cyber Threat ◽

Security Index ◽

Cyber Risk

Purpose. The aim of the article is substantiation of approaches of domestic and foreign scientists to risk management in the financial sector of Ukraine in the context of cyber threats and the need to ensure national security and post-pandemic economic recovery. Methodology of research. General scientific and special methods of scientific research are used in the article, in particular: induction, deduction, scientific abstraction - to reveal the essence of the concepts of "cyber threat", “cyber security" and "digitalization"; statistical and graphical methods - to assess the current situation in the field of cyber defence in the world and the national cyber security index; methods of analysis and synthesis - in substantiating the conclusions of the research. Finding. Definitions of cyber risk, approaches to its interpretation and classification were considered. The importance of cyber security in the digitalization of the national economy was argued. The Strategy of Ukrainian Financial Sector Development until 2025 is analysed. The world statistics of frequency and losses due to cyber-attacks are studied and the cyber threats that caused the greatest losses in Ukraine are identified. The analysis of Ukraine’s positions in the National Cyber Security Index 2020 is carried out. The directions of cyber threat prevention that can be useful for Ukrainian companies are substantiated. Originality. The author’s definition of the term "cyber risk" is proposed, in which special attention in focused on the effects of cyber threats. The importance of cyber risk management in the conditions of inevitability of digitalization in the financial sector of Ukraine is substantiated. Approaches to the prevention of cyber-attacks, the implementation of which is necessary for the successful digital transformation of Ukraine, are proposed. Practical value. The results of the research will contribute to the formation of an effective risk management system in the financial sector of Ukraine in terms of digitalization of the financial space and post-pandemic recovery of the national economy. Key words: national security, cyber risk, cyber threat, cyber defence, digitalization, post-pandemic recovery, fintech.

Download Full-text

Stage components of business games when training students in building an integrated information protection system

National Security and Strategic Planning ◽

10.37468/2307-1400-2020-2-43-49 ◽

2020 ◽

Vol 2020 (2) ◽

pp. 43-49

Author(s):

D. Fedorov ◽

A. Verzilova ◽

V. Khoroshenko ◽

M. Buinevich

Keyword(s):

Risk Assessment ◽

Information Security ◽

Initial Data ◽

Objective Assessment ◽

External World ◽

Protection System ◽

Information Protection ◽

Protection Strategy ◽

Economic Entity ◽

Integrated Information

The article discusses issues related to the necessary stage components of designing business games for teaching students to build an integrated information security system at an enterprise: features of the analysis of the initial data of an economic entity, the need to conduct a risk assessment in the context of the dynamics of the external world, ensuring the variability of building a protection strategy, forming an objective assessment the effectiveness of the protection system built by the participants.

Download Full-text

ANALYSIS OF THE INTERDEPENDENCE OF THE INFORMATION PROTECTION SYSTEM AND THE INFORMATION SECURITY MANAGEMENT SYSTEM IN THEIR IMPLEMENTATION IN THE FINANCIAL INSTITUTION

Scientific and Technical Volga region Bulletin ◽

10.24153/2079-5920-2017-7-2-90-92 ◽

2017 ◽

Vol 7 (2) ◽

pp. 90-92

Author(s):

P.A. Vorontsov ◽

◽

A.S. Smolyarchuk ◽

Keyword(s):

Information Security ◽

Management System ◽

Financial Institution ◽

Security Management ◽

Protection System ◽

Information Protection ◽

Information Security Management ◽

Information Security Management System

Download Full-text

METHOD OF SELECTING OPTIMAL LEVEL OF STAFF FORCING INSTITUTIONAL MEASURES FOR INCREASING INFORMATION SECURITY

VESTNIK OF ASTRAKHAN STATE TECHNICAL UNIVERSITY SERIES MANAGEMENT COMPUTER SCIENCE AND INFORMATICS ◽

10.24143/2072-9502-2018-2-101-109 ◽

2018 ◽

pp. 101-109

Author(s):

Kira Aleksandrovna Vrublevskaya ◽

Albert Iscandarovich Azhmukhamedov ◽

Nadezhda Valerievna Daviduk

Keyword(s):

Information Security ◽

Information Leakage ◽

Optimal Level ◽

Protection System ◽

Information Protection ◽

Protection Measures ◽

Management Measures ◽

The Social ◽

Study Results ◽

Staff Behavior

The article considers the problem of the effectiveness of information protection system from the human factor and, in particular, of the influence of management measures on the social subsystem on the overall level of information security. It has been stated that risk of classified information leakage occurs due to primary uncertainty of staff behavior and lack of the staff loyalty to the methods of management. It is claimed that the nature of dependency between the regulation of activities and the effectiveness of the work of personnel and compliance with information protection measures testify that the strengthening institutional measures beyond a certain "mark" leads to a decrease in performance and a decrease of information security. The problem solving is in searching and applying methods and mechanisms aimed at changing the state of a social subsystem in the needed direction for a decision taking person. There has been suggested the method that allows selecting optimal level of institutional measures of impact on personnel, exceeding which adversely affects to the effectiveness of the information protection system. It is based on a method of nonstrict ranging for certain activities that need reglamentation, and calculating average level of the staff loyalty to the introduced measures. The experimental study results and the computational example are given

Download Full-text

Improving information security: criminal-legal means of counteracting digital data leakage

LAPLAGE EM REVISTA ◽

10.24115/s2446-622020206extra-a657p.222-229 ◽

2020 ◽

Vol 6 (Extra-A) ◽

pp. 222-229

Author(s):

Liana Aleksandrovna Kamalieva ◽

Irina Alexandrovna Kazakova ◽

Sergey Leonidovich Nikonovich Nikonovich ◽

Vitaly V. Goncharov ◽

Maya Livson

Keyword(s):

Information Security ◽

Russian Federation ◽

Criminal Law ◽

Digital Data ◽

Digital Information ◽

Information Protection ◽

Effective Protection ◽

The World ◽

The Russian Federation ◽

Criminal Legislation

The purpose of this work is to assess the ability to resist the leakage of digital data using criminal legal means. The authors examine the extent of the phenomenon in question in the world and in particular in the Russian Federation. Thus, the current criminal legislation and legislation on information protection of the Russian Federation does not have effective mechanisms to counteract leaks of digital information, due to the lack of an independent criminal legal qualification of this act. This circumstance, according to the authors, negatively affects the state of information protection in the Russian Federation. The international experience of countering the leakage of protected information by legal means is studied. The authors develop a terminological apparatus that should be introduced into the norms of criminal law for a clear qualification of the act. Proposals are presented to improve the current criminal legislation and legislation on information protection, which allows for more effective protection of secured digital information by legal means.

Download Full-text

METHODOLOGY FOR ASSESSING THE SECURITY OF INFORMATION PASSED THROUGH THE TECHNICAL CHANNELS OF A SPECIAL-PURPOSE INFORMATISATION OBJECT

Herald of Dagestan State Technical University Technical Sciences ◽

10.21822/2073-6185-2019-46-4-123-133 ◽

2020 ◽

Vol 46 (4) ◽

pp. 123-133

Author(s):

E. A. Rogozin ◽

D. G. Silka ◽

O. A. Gulyaev

Keyword(s):

Information Security ◽

Information Leakage ◽

Protection System ◽

Security Assessment ◽

Information Protection ◽

Acoustic Channel ◽

Regulatory Documents ◽

Instrumental Methods ◽

Further Development ◽

Technical Measures

Objectives. In order to determine the security of a special-purpose informatisation object, it is necessary to calculate the effectiveness indicators of information security (IS) measures aimed at preventing unauthorised access (UA) threats associated with information leakage through technical (acoustic) channels. In order to determine the actual channels of information leakage, it is necessary to develop a list of actions to neutralise potential threats, including the development of an information protection system for a special-purpose informatisation object.Method. A security assessment of the special-purpose informatisation object is carried out using expert documentary and instrumental methods.Results. The results of evaluating the indicators of protection against information leakage through the air (acoustic) channel are presented and aspects of improving special measures for protecting information at the special-purpose informatisation object are identified.Conclusion. Due to its relevance, the direction of this study requires further development of organisational and technical measures to implement the requirements of regulatory documents on the protection of information in special-purpose informatisation objects.

Download Full-text

Developing a Model for Managing the Structure of Information Protection Technical Means in State Information Systems

NBI Technologies ◽

10.15688/nbit.jvolsu.2019.2.1 ◽

2019 ◽

pp. 6-11

Author(s):

Alexei Babenko

Keyword(s):

Information Systems ◽

Information Security ◽

Formal Model ◽

Public Information ◽

Protection System ◽

Information Protection ◽

High Demand ◽

State Information ◽

Public Information Systems ◽

The Right

The urgency of the issue of information security in state information systems is justified by the high demand for systems of this class. The effectiveness of public information systems largely depends on the level of their security. Based on this, we formulate the purpose of this study: formalization of the process of managing the composition of the system of information technical protection in state information systems. The paper deals with the problem of managing the composition of the system of information technical protection in state information systems. The author analyzes threats to information security in state information systems. The article defines the criteria of evaluating technical means of information protection in state information systems. The researcher develops a formal model of managing the structure of information technical protection system in state information systems. The developed model of managing the structure of information protection technical means in state information systems allows to determine the most effective structure of the information protection system in state information systems. If the requirements for the analyzed means of information security change, then changing the values in the optimal vector, you can come to the right decision. Consequently, the developed model of managing the structure of information protection technical means in state information systems is universal and effective.

Download Full-text

Threats model of information and technical interac tion in the integrated information protection system

Informatization and communication ◽

10.34219/2078-8320-2021-12-4-66-73 ◽

2021 ◽

Vol 4 ◽

pp. 66-73

Author(s):

M.V. Buinevich ◽

◽

V. V. Pokussov ◽

K.E. Izrailov ◽

◽

...

Keyword(s):

Information Security ◽

Subject Area ◽

Protection System ◽

Information Protection ◽

Internal Information ◽

Basic Concepts ◽

Ontological Model ◽

The Relationship ◽

Integrated Information

The article describes a model of threats arising from information and technical interaction between subsystem modules after their integration into a unified information protection system. The terminological base used in this subject area is defined. An ontological model is given that determines the relationship between the basic concepts. A description of the six main threats of interaction that make up the model is given, indicating the following characteristics: the source of the threat’s vulnerability, the method of its implementation, the object of the attack, the consequences of implementation in terms of violation of internal information security and damage to the performance of the integrated information protection system. The differences of this model from the typical ones used in organizations are given.

Download Full-text

Cybersecurity in healthcare: Comparing cybersecurity maturity and experiences across global healthcare organizations (Preprint)

10.2196/preprints.24203 ◽

2020 ◽

Author(s):

Niki O'Brien ◽

Guy Martin ◽

Emilia Grass ◽

Mike Durkin ◽

Ara Darzi ◽

...

Keyword(s):

Patient Safety ◽

Electronic Health Records ◽

Digital Technology ◽

Data Security ◽

Healthcare Organizations ◽

Health Records ◽

Cyber Threats ◽

Raising Awareness ◽

The World ◽

Service Disruption

BACKGROUND Health systems around the world are increasingly reliant on digital technology. Such reliance requires that healthcare organizations consider effective cybersecurity and digital resilience as a fundamental component of patient safety, with recent cyberattacks highlighting the risks to patients and targeted organizations. OBJECTIVE The purpose of this study was to explore the current global cybersecurity landscape and maturity in healthcare. METHODS We developed and administered a survey to examine the current cybersecurity landscape and preparedness level across global healthcare organizations. RESULTS Cyber threats were a common concern for the 17 healthcare organizations who participated. The principal concerns highlighted were data security, including the manipulation or loss of electronic health records; loss of trust in the organization; and risks of service disruption. Cybersecurity maturity scoring showed that despite the majority of organizations having established cybersecurity practices, levels of awareness and education were universally poor. CONCLUSIONS Policymakers should consider raising awareness and improving education/training on cybersecurity as a fundamental tenet of patient safety.

Download Full-text