Stage components of business games when training students in building an integrated information protection system

The article discusses issues related to the necessary stage components of designing business games for teaching students to build an integrated information security system at an enterprise: features of the analysis of the initial data of an economic entity, the need to conduct a risk assessment in the context of the dynamics of the external world, ensuring the variability of building a protection strategy, forming an objective assessment the effectiveness of the protection system built by the participants.

Download Full-text

Threats model of information and technical interac tion in the integrated information protection system

Informatization and communication ◽

10.34219/2078-8320-2021-12-4-66-73 ◽

2021 ◽

Vol 4 ◽

pp. 66-73

Author(s):

M.V. Buinevich ◽

◽

V. V. Pokussov ◽

K.E. Izrailov ◽

◽

...

Keyword(s):

Information Security ◽

Subject Area ◽

Protection System ◽

Information Protection ◽

Internal Information ◽

Basic Concepts ◽

Ontological Model ◽

The Relationship ◽

Integrated Information

The article describes a model of threats arising from information and technical interaction between subsystem modules after their integration into a unified information protection system. The terminological base used in this subject area is defined. An ontological model is given that determines the relationship between the basic concepts. A description of the six main threats of interaction that make up the model is given, indicating the following characteristics: the source of the threat’s vulnerability, the method of its implementation, the object of the attack, the consequences of implementation in terms of violation of internal information security and damage to the performance of the integrated information protection system. The differences of this model from the typical ones used in organizations are given.

Download Full-text

COMPUTER SCIENCE, COMPUTER ENGINEERING AND MANAGEMENT METHODICAL APPROACH TO EVALUATING THE PROBABILISTIC TIME PERFORMANCE INDICATOR OF AUTOMATED ADMINISTRATOR OPERATIONS IN INFORMATION PROTECTION SYSTEMS

Herald of Dagestan State Technical University Technical Sciences ◽

10.21822/2073-6185-2019-46-3-87-96 ◽

2019 ◽

Vol 46 (3) ◽

pp. 87-96

Author(s):

A. M. Kadnova

Keyword(s):

Information Security ◽

Performance Indicator ◽

Operation Time ◽

International Standards ◽

Protection System ◽

Information Protection ◽

Security Systems ◽

General Utility ◽

Protection Systems ◽

Truncated Normal

Objectives At present, in accordance with the requirements of the guiding documents of the Federal Service for Technical and Export Control (FSTEC) of Russia, as well as international standards in the development and operation of protected automated systems, it is necessary to evaluate the effectiveness (general utility) of information protection systems. The article is devoted to the development of a method for assessing the ergotechnical characteristics of software information security systems for use the assessment of the general utility of such systems. The aim of the work is to develop a methodology for assessing the probabilistic indicator of the timeliness of typical operations for the administration of information security systems.Method To achieve this goal, user groups were created in order to perform typical administrative operations within the information protection system. The operation time for each group, recorded using the IOGraphV1.0.1 tool, was utilised to calculate the probabilities of timely execution of typical operations by the administrator according to a truncated normal distribution formula.Results An assessment of a probabilistic indicator was carried out in order to evaluate the timeliness of operations performed by the administrator of the information protection system.Conclusion The results can be used in a comprehensive assessment of the effectiveness (reliability) of the automated functioning of information security software systems when modelling and analysing the security of special-purpose informatisation facilities.

Download Full-text

ANALYSIS OF THE INTERDEPENDENCE OF THE INFORMATION PROTECTION SYSTEM AND THE INFORMATION SECURITY MANAGEMENT SYSTEM IN THEIR IMPLEMENTATION IN THE FINANCIAL INSTITUTION

Scientific and Technical Volga region Bulletin ◽

10.24153/2079-5920-2017-7-2-90-92 ◽

2017 ◽

Vol 7 (2) ◽

pp. 90-92

Author(s):

P.A. Vorontsov ◽

◽

A.S. Smolyarchuk ◽

Keyword(s):

Information Security ◽

Management System ◽

Financial Institution ◽

Security Management ◽

Protection System ◽

Information Protection ◽

Information Security Management ◽

Information Security Management System

Download Full-text

The Systemic Approach to Information Protection in Relation to Risk in an Integrated Information Security System

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.760.689 ◽

2015 ◽

Vol 760 ◽

pp. 689-694

Author(s):

Nicolae Anton ◽

Anișor Nedelcu

Keyword(s):

Information Security ◽

Security System ◽

Systemic Approach ◽

Information Protection ◽

Security Risk ◽

Integrated Information

This paper presents an approach to the risk of information security. By taking into consideration how critical it is for a system, each category of information should be associated with a correspondent level of security risk and each level of security risk must be defined by appropriate measures to control the risks for information security. Equally important is how many levels of security risk are defined for information, or how they are classified. It is critical, however, that the model adopted reflects all the objectives that the system requires.

Download Full-text

Evaluation and Analysis of the Quantitative Computing Model of the Information Security Risk Assessment

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.543-547.3565 ◽

2014 ◽

Vol 543-547 ◽

pp. 3565-3568

Author(s):

Xiao Qiang Peng ◽

Ting Ting Lu

Keyword(s):

Risk Assessment ◽

Information Security ◽

Analytic Hierarchy Process ◽

Objective Assessment ◽

Security Risk ◽

Analytic Hierarchy ◽

Qualitative Risk Assessment ◽

Information Security Risk ◽

Security Risk Assessment ◽

Hierarchy Process

To solve the difficult quantify analysis problem in the process of information security risk assessment, on the basis of the original qualitative risk assessment method, the fuzzy analytic hierarchy process is put forward, in order to realize the organic combination of subjective and objective assessment of risk factors. Based on the improvement of the analytic hierarchy process and fuzzy evaluation method, the two methods are organically combined. On the basis of the analysis and assessment of risk probability and impact of the incident, the risk rank of each risk factor is determined, and the information system risk control suggestions are given

Download Full-text

METHOD OF SELECTING OPTIMAL LEVEL OF STAFF FORCING INSTITUTIONAL MEASURES FOR INCREASING INFORMATION SECURITY

VESTNIK OF ASTRAKHAN STATE TECHNICAL UNIVERSITY SERIES MANAGEMENT COMPUTER SCIENCE AND INFORMATICS ◽

10.24143/2072-9502-2018-2-101-109 ◽

2018 ◽

pp. 101-109

Author(s):

Kira Aleksandrovna Vrublevskaya ◽

Albert Iscandarovich Azhmukhamedov ◽

Nadezhda Valerievna Daviduk

Keyword(s):

Information Security ◽

Information Leakage ◽

Optimal Level ◽

Protection System ◽

Information Protection ◽

Protection Measures ◽

Management Measures ◽

The Social ◽

Study Results ◽

Staff Behavior

The article considers the problem of the effectiveness of information protection system from the human factor and, in particular, of the influence of management measures on the social subsystem on the overall level of information security. It has been stated that risk of classified information leakage occurs due to primary uncertainty of staff behavior and lack of the staff loyalty to the methods of management. It is claimed that the nature of dependency between the regulation of activities and the effectiveness of the work of personnel and compliance with information protection measures testify that the strengthening institutional measures beyond a certain "mark" leads to a decrease in performance and a decrease of information security. The problem solving is in searching and applying methods and mechanisms aimed at changing the state of a social subsystem in the needed direction for a decision taking person. There has been suggested the method that allows selecting optimal level of institutional measures of impact on personnel, exceeding which adversely affects to the effectiveness of the information protection system. It is based on a method of nonstrict ranging for certain activities that need reglamentation, and calculating average level of the staff loyalty to the introduced measures. The experimental study results and the computational example are given

Download Full-text

ISSUES OF INFORMATION SECURITY OF SOCIETY UNDER THE CONDITIONS OF THE DEVELOPMENT OF DIGITAL ECONOMY

Vestnik NSUEM ◽

10.34020/2073-6495-2021-1-245-253 ◽

2021 ◽

pp. 245-253

Author(s):

N. V. Shcherbakova

Keyword(s):

Information Security ◽

Financial Sector ◽

Protection System ◽

Information Protection ◽

Threat Analysis ◽

Cyber Threats ◽

Speed Of Response ◽

Increased Risk ◽

The World ◽

Major Target

Cybercrime is a growing industry around the world imposing significant costs on firms. Cyber threats have driven companies to build layers of defenses, resorting to a variety of products and services developed by different cybersecurity vendors. The financial sector is a major target for cybercriminals. The pace of cyberattacks is accelerating too quickly for banks to rely on manual threat analysis and response. The financial organizations face a growing threat from malicious cyber activity. In the financial sector, speed of response is critical to identify and block cyber threats. Regulators are taking notice of the increased risk of cyber threats. Paper draws our attention to information protection system of bank.

Download Full-text

METHODOLOGY FOR ASSESSING THE SECURITY OF INFORMATION PASSED THROUGH THE TECHNICAL CHANNELS OF A SPECIAL-PURPOSE INFORMATISATION OBJECT

Herald of Dagestan State Technical University Technical Sciences ◽

10.21822/2073-6185-2019-46-4-123-133 ◽

2020 ◽

Vol 46 (4) ◽

pp. 123-133

Author(s):

E. A. Rogozin ◽

D. G. Silka ◽

O. A. Gulyaev

Keyword(s):

Information Security ◽

Information Leakage ◽

Protection System ◽

Security Assessment ◽

Information Protection ◽

Acoustic Channel ◽

Regulatory Documents ◽

Instrumental Methods ◽

Further Development ◽

Technical Measures

Objectives. In order to determine the security of a special-purpose informatisation object, it is necessary to calculate the effectiveness indicators of information security (IS) measures aimed at preventing unauthorised access (UA) threats associated with information leakage through technical (acoustic) channels. In order to determine the actual channels of information leakage, it is necessary to develop a list of actions to neutralise potential threats, including the development of an information protection system for a special-purpose informatisation object.Method. A security assessment of the special-purpose informatisation object is carried out using expert documentary and instrumental methods.Results. The results of evaluating the indicators of protection against information leakage through the air (acoustic) channel are presented and aspects of improving special measures for protecting information at the special-purpose informatisation object are identified.Conclusion. Due to its relevance, the direction of this study requires further development of organisational and technical measures to implement the requirements of regulatory documents on the protection of information in special-purpose informatisation objects.

Download Full-text

Developing a Model for Managing the Structure of Information Protection Technical Means in State Information Systems

NBI Technologies ◽

10.15688/nbit.jvolsu.2019.2.1 ◽

2019 ◽

pp. 6-11

Author(s):

Alexei Babenko

Keyword(s):

Information Systems ◽

Information Security ◽

Formal Model ◽

Public Information ◽

Protection System ◽

Information Protection ◽

High Demand ◽

State Information ◽

Public Information Systems ◽

The Right

The urgency of the issue of information security in state information systems is justified by the high demand for systems of this class. The effectiveness of public information systems largely depends on the level of their security. Based on this, we formulate the purpose of this study: formalization of the process of managing the composition of the system of information technical protection in state information systems. The paper deals with the problem of managing the composition of the system of information technical protection in state information systems. The author analyzes threats to information security in state information systems. The article defines the criteria of evaluating technical means of information protection in state information systems. The researcher develops a formal model of managing the structure of information technical protection system in state information systems. The developed model of managing the structure of information protection technical means in state information systems allows to determine the most effective structure of the information protection system in state information systems. If the requirements for the analyzed means of information security change, then changing the values in the optimal vector, you can come to the right decision. Consequently, the developed model of managing the structure of information protection technical means in state information systems is universal and effective.

Download Full-text

INFORMATION PROTECTION MODEL BASED ON INFORMATION SECURITY RISK ASSESSMENT FOR SMALL AND MEDIUM-SIZED BUSINESS

Cybersecurity Education Science Technique ◽

10.28925/2663-4023.2021.13.158175 ◽

2021 ◽

Vol 2 (14) ◽

pp. 158-175

Author(s):

Svitlana Shevchenko ◽

Yuliia Zhdanovа ◽

Kateryna Kravchuk

Keyword(s):

Risk Assessment ◽

Monte Carlo ◽

Monte Carlo Method ◽

Information Security ◽

Statistical Method ◽

Swot Analysis ◽

Assessment Method ◽

Expert Assessment ◽

Information Protection ◽

Oriented Approach

This study focuses on the protection of information resources on the basis of risk-oriented approach for small and medium-sized businesses with an emphasis on risk assessment of information security (IS). The analysis of scientific sources allowed to characterize the essence of the risk-oriented approach and to formulate the main provisions for creating a model of information protection based on this technology. The content line of the model focuses on conducting qualitative and quantitative IS risk assessment, namely, SWOT-analysis, statistical method, expert assessment method and Monte Carlo method. The step-by-step procedure of carrying out the stages of analysis and implementation of these methods for IS risk assessment is described. In order to obtain a comprehensive map of IS risks at the initial stage, it is proposed to conduct a SWOT analysis, in particular to identify business weaknesses and external and internal threats. Use a statistical method to quantify IS risk if there are sufficient analytical reports. Otherwise, implement the method of expert assessments. The final step is to generate a script using the Monte Carlo method. To effectively describe the context of each information resource, use the technology of forming multiple pairs "threat - vulnerability". The relevance and possibilities of using this model as a methodology of information for small and medium businesses are substantiated.

Download Full-text