Recommendations for using a methodology for assessing the security of an automated control system for critical information infrastructure from DDoS attacks based on Monte Carlo simulation-Reference-Cited by-同舟云学术

Recommendations for using a methodology for assessing the security of an automated control system for critical information infrastructure from DDoS attacks based on Monte Carlo simulation

Published:2023-10-27 Issue:3 Volume:50 Page:57-65
ISSN:2542-095X
Container-title:Herald of Dagestan State Technical University. Technical Sciences
language:
Short-container-title:Vestn. Dagest. gos. teh. univ., Teh. nauki

Author:

Voevodin V. A.¹,Chernyaev V. S.,Vinogradov I. V.¹

Affiliation:

1. National Research University of Electronic Technology

Abstract

Objective. The objective of the research is to develop a methodology for the security of an automated control system of critical information infrastructure from DDoS attacks. The methodology allows the decision-maker to obtain an assessment of the risk of exposure of the computer network (CN) to DDoS attacks and take necessary actions to reduce the risk of this threat.Method. To achieve the stated objective of the research, simulation modeling based on the Monte Carlo method was used, implemented within the framework of a specialized software environment, as well as a method for calculating integral risk.Result. A methodology was proposed for assessing the security of an automated control system for critical information infrastructure from DDoS attacks, taking into account the importance of individual nodes of its CN.Conclusion. Thus, the developed methodology is useful when conducting an information security audit to assess the integral risk of impact implementation of a DDoS attack on a CN and is designed to help an organization achieve global information security goals, as well as to justify the amount of the insurance premium paid when insuring cyber risks.

Publisher

FSB Educational Establishment of Higher Education Daghestan State Technical University

Subject

Polymers and Plastics,General Environmental Science

Reference16 articles.

1. DDoS attacks on banks in Russia. Available at: https://www.tadviser.ru/index.php/Статья:DDoS-атаки_на_банки_в_России (In Russ).

2. GOST R ISO/IEC 27001—2021 Information technology. Methods and means of ensuring safety. Information security management systems. Requirements. Approved and put into effect by Order of the Federal Agency for Technical Regulation and Metrology dated November 30, 2021 No. 1653-st. Moscow Russian Institute of Standardization 2021; 24. (In Russ).

3. Implementing capacity management according to ISO 27001:2013 control A.12.1.3 [Electronic resource]: https://advisera.com/27001academy/blog/2016/02/22/implementing-capacity-management-according-to- iso-270012013-control-a-12-1-3/(In Russ).

4. Standard of the Bank of Russia STO BR IBBS-1.1-2007 “Ensuring information security of organizations of the banking system of the Russian Federation. Information security audit.” Put into effect by order of the Central Bank of Russia dated April 28, 2007;345. (In Russ).

5. GOST R ISO 19011–2021 Guidelines for conducting audits of management systems. Approved and put into effect by Order of the Federal Agency for Technical Regulation and Metrology dated April 21, 2021 N261-Art. M.: Standartinform, 2021; 42. (In Russ).