IRISK METHOD FOR SECURITY ESTIMATION OF THE SIMULATION POLYGON FOR THE PROTECTION OF CRITICAL INFORMATION RESOURCES

2019 ◽  
Author(s):  
Bogdan Korniyenko ◽  
Lilia Galata
Keyword(s):  
Risk Assessment ◽  
Information System ◽  
Information Security ◽  
Risk Analysis ◽  
Information Resources ◽  
Security System ◽  
Assessment System ◽  
Automated System ◽  
Information Risk ◽  
Critical Information

In this article, the research of information system protection by ana­ ly­ zing the risks for identifying threats for information security is considered. Information risk analysis is periodically conducted to identify information security threats and test the information security system. Currently, various information risk analysis techni­ ques exist and are being used, the main difference being the quantitative or qualitative risk assessment scales. On the basis of the existing methods of testing and evaluation of the vulnerabilities for the automated system, their advantages and disadvantages, for the possibility of further comparison of the spent resources and the security of the information system, the conclusion was made regarding the deter­ mi­ nation of the optimal method of testing the information security system in the context of the simulated polygon for the protection of critical information resources. A simula­ tion ground for the protection of critical information resources based on GNS3 application software has been developed and implemented. Among the considered methods of testing and risk analysis of the automated system, the optimal iRisk methodology was identified for testing the information security system on the basis of the simulated. The quantitative method Risk for security estimation is considered. Generalized iRisk risk assessment is calculated taking into account the following parameters: Vulnerabili­ ty  — vulnerability assessment, Threat — threat assessment, Control — assessment of security measures. The methodology includes a common CVSS vul­ nerability assessment system, which allows you to use constantly relevant coefficients for the calculation of vulnerabilities, as well as have a list of all major vulnerabilities that are associated with all modern software products that can be used in the automated system. The known software and hardware vulnerabilities of the ground are considered and the resistance of the built network to specific threats by the iRisk method is calculated.

scholarly journals The security system for maintenance of the required information security level

2018 ◽  
Vol 210 ◽  
pp. 04005
Author(s):  
Maciej Kiedrowicz ◽  
Jerzy Stanik
Keyword(s):  
Information System ◽  
Quality Management ◽  
Information Security ◽  
Working Conditions ◽  
Information Resources ◽  
Security System ◽  
Security Level ◽  
Security Feature ◽  
Organizational Configurations ◽  
The Impact

The article outlines the concept of maintaining the required security level of the information system in the organization (SIO) through appropriate control of the security configurations of the security system. The security system (SS) model was proposed and its basic elements characterized to maintain the current security level of the information resources. The desired current security feature of the SIO shall be obtained by generating appropriate security technical and organizational configurations from the set of permissible solutions. The proposed concept, which takes into account the impact of not only basic security elements of the information resources (e.g. types of resources, security attributes, risks, vulnerability), but also changes in the working conditions of the information system and security system as well as the entire security and quality management environment of the organization, constitutes own proposal of the authors.

A Weighted Monte Carlo Simulation Approach to Risk Assessment of Information Security Management System

2015 ◽  
Vol 11 (4) ◽  
pp. 63-78 ◽  
Author(s):  
Seyed Mojtaba Hosseini Bamakan ◽  
Mohammad Dehghanimohammadabadi
Keyword(s):  
Risk Assessment ◽  
Monte Carlo Simulation ◽  
Monte Carlo ◽  
Information Security ◽  
Risk Analysis ◽  
Management System ◽  
Security Management ◽  
International Standards ◽  
Information Security Management ◽  
Information Security Management System

In recent decades, information has become a critical asset to various organizations, hence identifying and preventing the loss of information are becoming competitive advantages for firms. Many international standards have been developed to help organizations to maintain their competitiveness by applying risk assessment and information security management system and keep risk level as low as possible. This study aims to propose a new quantitative risk analysis and assessment methodology which is based on AHP and Monte Carlo simulation. In this method, AHP is used to create favorable weights for Confidentiality, Integrity and Availability (CIA) as security characteristic of any information asset. To deal with the uncertain nature of vulnerabilities and threats, Monte Carlo simulation is utilized to handle the stochastic nature of risk assessment by taking into account multiple judges' opinions. The proposed methodology is suitable for organizations that require risk analysis to implement ISO/IEC 27001 standard.

Design of Network System Security System of Digital Library

2014 ◽  
Vol 644-650 ◽  
pp. 3212-3215
Author(s):  
Shuang Liu
Keyword(s):  
Information System ◽  
Information Security ◽  
Digital Library ◽  
Information Resources ◽  
Normal Operation ◽  
Network System ◽  
Digital Information ◽  
Development Direction ◽  
The World ◽  
Core Issues

Digital library is a development direction of library, which has attracted the attention of the countries around the world widely. Digital library is an important part of informationization in university. As an information system, digital library is the backbone of the digital library information resources; the safety of library digital information resources is the key to the normal operation and development of digital library, which is also the guarantee for library to service. How to guarantee the security of information resources and the information system in open network environment has been considered by many people in the industry, the digital library information security has become one of core issues in digital library construction and development.

scholarly journals The integrated risk analysis and risk assessment method of information security

2014 ◽  
Vol 16 (3) ◽  
Author(s):  
Светлана Владимировна Казмирчук ◽  
Андрей Юрьевич Гололобов
Keyword(s):  
Risk Assessment ◽  
Information Security ◽  
Risk Analysis ◽  
Assessment Method ◽  
Risk Assessment Method ◽  
Integrated Risk ◽  
Integrated Risk Analysis

Development of the structure of an automated system for analyzing of sports achievements assessment taking into account aspects of information security

2021 ◽  
pp. 53-57
Author(s):  
N.M. Kuznetsova ◽  
◽  
T.V. Karlova ◽  
Keyword(s):  
Neural Network ◽  
Information System ◽  
Information Security ◽  
Subjective Assessment ◽  
Modular Structure ◽  
Automated System ◽  
Network Approach ◽  
Neural Network Approach ◽  
Rhythmic Gymnastics ◽  
Assessment Systems

The article is devoted to the development of a model for an automated system for assessing sports achievements, taking into account the analysis of a reliable expert examination. On the example of the discipline «rhythmic gymnastics» the article considers the main criteria for assessing the performance of athletes. Based on the identified shortcomings of the existing subjective assessment systems, a method of automated assessment is proposed in the work, a modular structure of an information system for assessing sports achievements using a neural network approach is designed.

Assessment Model and Method Research of Information Security Risk

2014 ◽  
Vol 496-500 ◽  
pp. 2170-2173
Author(s):  
Zhen Lu ◽  
Zhen Xiong ◽  
Ke Qin Tu
Keyword(s):  
Risk Assessment ◽  
Information System ◽  
Information Security ◽  
Risk Model ◽  
System Engineering ◽  
Assessment Model ◽  
Security Risk ◽  
Information Safety ◽  
Information Security Risk ◽  
Security Risk Assessment

Security management of information system is one of the important contents of system engineering management, especially the security risk assessment, which places the core center of system engineering. Through risk assessment of an information system can help analyze system safety and find out the potential risk. Build risk model of information safety can provide necessary guidance for security strategy design and the implementation. This article researches the assessment model and method of information security risk.

scholarly journals About Some Risks Associated with Subjective Factors, and the Methodology for their Assessment

2021 ◽  
Vol 9 (3) ◽  
pp. 94-102
Author(s):  
A. Kozlov ◽  
N. Noga
Keyword(s):  
Risk Assessment ◽  
Fuzzy Logic ◽  
Information Security ◽  
Complex Network ◽  
Negative Consequences ◽  
Management Decisions ◽  
Personnel Policy ◽  
Critical Information ◽  
Implementation Period ◽  
Fuzzy Logic Method

The authors propose a methodology for assessing the risk associated with subjective factors that may affect the achievement of the final goals of business projects, including ensuring information security. Such factors may include the level of salary, the level of professionalism, and others. At the same time, we propose carrying out the risk assessment by using the fuzzy logic method, which allows us to determine the dependence of the risk on various parameters under conditions of their uncertainty. According to the authors, the proposed methodology will help avoid some incorrect management decisions in the formation of author (working) teams, which could lead to negative consequences in the further implementation of the business project. These negative consequences can be expressed in delaying the implementation period, increasing the project’s cost, or even losing business due to critical information and personnel leakage. Also, this method allows you to increase the effectiveness of personnel policy in the organisation or the company. We noted that this method is applicable not only for individual enterprises but also for corporations and associations with complex network structures.

scholarly journals Analysis of Information Threats to Industrial Security

2020 ◽  
pp. 6-10
Author(s):  
Grigory Zharkov ◽  
◽  
Vadim Shevtsov ◽  
Keyword(s):  
Information System ◽  
Information Security ◽  
Security System ◽  
Comprehensive Approach ◽  
Security Threats ◽  
Enterprise Information ◽  
System A ◽  
Industrial Security ◽  
Data Objects ◽  
High Level

Information security of an enterprise (IS of an enterprise) is the state of security of data, objects of informatization of an enterprise and its interests. IS of an enterprise is achieved only when such properties of the basic properties of IS as confidentiality, integrity, availability of information and the technical component of an enterprise involved in technological processes are met. Ensuring IS of an enterprise is effective only with a systematic and comprehensive approach to protection. The information security system should take into account all current information threats and vulnerabilities. Information security threats are analyzed to determine the full set of requirements for the developed security system. A threat is considered relevant if it can be implemented in the information system of the enterprise and poses a threat to information with limited access. It is shown that the list of threats to information security of an industrial enterprise is very wide and is limited not only to those considered in this article. It is very important to maintain a high level of enterprise information security, especially at critical information infrastructure facilities.

Sign in / Sign up

Export Citation Format

Share Document