APPROACH TO INFORMATION SECURITY RISK ASSESSMENT FOR A CLASS «1» AUTOMATED SYSTEM

Author:

Litvinchuk Iryna1ORCID,Korchomnyi Ruslan1ORCID,Korshun Nataliia2ORCID,Vorokhob Maksym2ORCID

Affiliation:

1. Military base А1906

2. Borys Grinchenko Kyiv University

Abstract

The article is devoted to the assessment of information security risks in automated systems of class "1". An adapted approach to the assessment of information security risks in such automated systems using the Methodology and requirements of the standards of GSTU SUIB 1.0 / ISO / IEC 27001: 2010 and GSTU SUIB 2.0 / ISO / IEC 27002: 2010 is proposed. The efficiency and methods of implementation of the approach are proved on the example of consideration of real threats and vulnerabilities of class 1 automated systems. The main requirement for the creation of information security management system in the organization is risk assessment and identification of threats to information resources that are processed in information and telecommunications systems and speakers. The basic standards on information security in Ukraine are considered, which give general recommendations for the construction and assessment of information security risks within the ISMS. The most common methods and methodologies for assessing information security risks of international standard are analyzed, their advantages and disadvantages are identified. The order of carrying out of works on an estimation of risks of information security of the AS of a class "1" is defined. The vulnerabilities considered by the expert according to the standard ISO/IEC 27002:2005 and the Methodology are given. A conditional scale for determining the impact on the implementation of threats to integrity, accessibility, observation is given. Measures and means of counteracting the emergence of threats are proposed. This approach can be used both for direct information risk assessment and for educational purposes. It allows to get the final result regardless of the experience and qualifications of the specialist who conducts risk assessment, with the subsequent implementation and improvement of the existing risk management system in the organization.

Publisher

Borys Grinchenko Kyiv University

Subject

General Medicine

Reference7 articles.

1. V. Buryachok. Fundamentals of the formation of the state system of cyber security: Monograph. - К .: NAU, 2013. - 432 p.

2. Ya.V. Roy and N.P. Mazur and P.M. Skladannyi, "Information security audit - the basis of effective enterprise protection", Cybersecurity: education, science, technology. № 1 (1). Pp. 86-93, 2018.

3. A. Lagun. Risks of information security of IT-enterprises [Electronic resource] / A. Lagun, N. Kukharska // Information protection and security of information systems: VII International scientific and technical conference, Lviv, May 30-31, 2015. - Available: https://webcache.googleusercontent.com/search?Q=cache:_mlalmxnnaej:https://sci.ldubgd.edu.ua/bitstream/handle/123456789/750/11.doc%3Fsequence%3D1% 26isallowed% 3Dy + & cd = 2 & hl = ru & ct = clnk & gl = ua & client = firefox-bd [10.09.2020].

4. Pastoev A., "Methodologies of IT risk management", Open systems. DBMS. №8. 2006. [Electronic resource] Available: https://www.osp.ru/os/2006/08/3584582 [10.09.2020].

5. В.В. Yermoshin, Ya.V. Nevoit, "Analysis and assessment of information security risks for banking and commercial systems", Modern information security. № 3. Pp. 26-29. 2014

Cited by 2 articles. 订阅此论文施引文献 订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献

同舟云学术

1.学者识别学者识别

2.学术分析学术分析

3.人才评估人才评估

"同舟云学术"是以全球学者为主线,采集、加工和组织学术论文而形成的新型学术文献查询和分析系统,可以对全球学者进行文献检索和人才价值评估。用户可以通过关注某些学科领域的顶尖人物而持续追踪该领域的学科进展和研究前沿。经过近期的数据扩容,当前同舟云学术共收录了国内外主流学术期刊6万余种,收集的期刊论文及会议论文总量共计约1.5亿篇,并以每天添加12000余篇中外论文的速度递增。我们也可以为用户提供个性化、定制化的学者数据。欢迎来电咨询!咨询电话:010-8811{复制后删除}0370

www.globalauthorid.com

TOP

Copyright © 2019-2024 北京同舟云网络信息技术有限公司
京公网安备11010802033243号  京ICP备18003416号-3