Modeling Information Security Threats and Determination of Their Relevance for Information Systems of Informatization Objects of Federal Executive Authorities
( Pp. 106-114)
More about authors
Zavodtsev Ilia V.
Cand. Sci. (Eng.), Associate Professor; associate professor
Lomonosov Moscow State University
Moscow, Russian Federation Borisov Mikhail A. associate professor
Lomonosov Moscow State University
Moscow, Russian Federation Bondarenko Nikolai N. PhD student
Lomonosov Moscow State University
Moscow, Russian Federation Meleshko Vladimir A.
Lomonosov Moscow State University
Moscow, Russian Federation
Lomonosov Moscow State University
Moscow, Russian Federation Borisov Mikhail A. associate professor
Lomonosov Moscow State University
Moscow, Russian Federation Bondarenko Nikolai N. PhD student
Lomonosov Moscow State University
Moscow, Russian Federation Meleshko Vladimir A.
Lomonosov Moscow State University
Moscow, Russian Federation
Abstract:
Task. The purpose of writing this article is to improve the security of information in information systems. Model. The article explores methods for modeling information security threats and determining their relevance for information systems of informatization objects of federal executive authorities. Conclusions. The study is based on an assessment method that uses a cluster of outcomes, and the concept of “significance coefficient” is also introduced, as the product of the corresponding values of the priority vectors of outcome clusters. Value. The materials presented in the article will help improve methods for analyzing and evaluating the assets of an informatization object, vulnerabilities, information security threats, possible attacks and security goals.
How to Cite:
Zavodtsev I.V., Borisov M.A., Bondarenko N.N., Meleshko V.A., (2022), MODELING INFORMATION SECURITY THREATS AND DETERMINATION OF THEIR RELEVANCE FOR INFORMATION SYSTEMS OF INFORMATIZATION OBJECTS OF FEDERAL EXECUTIVE AUTHORITIES. Computational Nanotechnology, 1 => 106-114.
Reference list:
Federal Law No. 149-FZ dated July 27, 2006 “On information, information technologies and information protection”. Collection of Legislation of the Russian Federation. 07.31.2006. No. 31 (part 1). Art. 3448. (In Rus.)
Federal Law No. 248-FZ dated July 31, 2020 “On state control (supervision) and municipal control in the Russian Federation”. Collection of Legislation of the Russian Federation. 08.03.2020. No. 31 (part 1). Art. 5007. (In Rus.)
Order of the FSTEC of Russia dated February 11, 2013 No. 17 “On approval of requirements for the protection of information that does not constitute a state secret contained in state information systems”. Rossiyskaya Gazeta. 06.26.2013. No. 136. (In Rus.)
Order of the FSTEC of Russia dated March 14, 2014 No. 31 “On approval of the Requirements for ensuring the protection of information in automated control systems for production and technological processes at critically important facilities, potentially hazardous facilities, as well as facilities that pose an increased danger to human life and health and to the natural environment”. Rossiyskaya Gazeta. 08/06/2014. No. 175. (In Rus.)
IT.SAVZ.B6.PZ. Methodical document. Protection profile of anti-virus protection type “B” of the sixth protection class (approved by the FSTEC of Russia on 14.06.2012). URL: https://fstec.ru
Methodological document. Information protection measures in state information systems (approved by the FSTEC of Russia on February 11, 2014). URL: https://fstec.ru
Methodological document. Methodology for assessing threats to information security (approved by the FSTEC of Russia on February 5, 2021). URL: https://fstec.ru
GOST R ISO/IEC 15408-1-2012. National standard of the Russian Federation. Information technology. Methods and means of ensuring security. Criteria for evaluating information technology security. Part 1: Introduction and general model. Moscow: Standartinform, 2014.
GOST R 58771-2019. National standard of the Russian Federation. Risk management. Risk assessment technologies (approved and put into effect by the Order of Rosstandart dated December 17, 2019 No. 1405-st). Moscow: Standartinform, 2020.
GOST R ISO/IEC 27001-2021. National standard of the Russian Federation. Information technology. Methods and means of ensuring security. Information security management systems. Requirements (approved and put into effect by the Order of Rosstandart dated November 30, 2021 No. 1653-st). Moscow: Standartinform, 2022.
Borisov M.A., Golod V.V., Osadchiy A.I., Trofimov V.V. Model of unauthorized access to information in dynamically changing conditions. Software Products and Systems. 2005. No. 4. Pp. 45-48. (In Rus.)
Borisov M.A., Zavodtsev I.V. Vulnerability assessment tools in automated systems. Scientific Journal Vestnik RGGU. Series Informatics. Data Protection. Maths. 2010. No. 12 (55)/10. Pp. 259-262. (In Rus.)
Doynikova E.V., Kotenko I.V. Methods and software component of risk assessment based on attack graphs for security information and event management systems. Information and Control Systems. 2016. No. 5. Pp. 56-67.
Polyansky D.A. Security assessment: Textbook allowance. Vladimir: Publishing house Vladim. State Univ., 2005. 80 p.
Shcheglov A.Yu. Mathematical models and methods of formal design of information systems protection systems: textbook. allowance. St. Petersburg: ITMO University, 2015. 93 p.
The DFIR report. Real intrusions by real attackers, the truth behind the intrusion. URL: https://thedfirreport.com
Federal Law No. 248-FZ dated July 31, 2020 “On state control (supervision) and municipal control in the Russian Federation”. Collection of Legislation of the Russian Federation. 08.03.2020. No. 31 (part 1). Art. 5007. (In Rus.)
Order of the FSTEC of Russia dated February 11, 2013 No. 17 “On approval of requirements for the protection of information that does not constitute a state secret contained in state information systems”. Rossiyskaya Gazeta. 06.26.2013. No. 136. (In Rus.)
Order of the FSTEC of Russia dated March 14, 2014 No. 31 “On approval of the Requirements for ensuring the protection of information in automated control systems for production and technological processes at critically important facilities, potentially hazardous facilities, as well as facilities that pose an increased danger to human life and health and to the natural environment”. Rossiyskaya Gazeta. 08/06/2014. No. 175. (In Rus.)
IT.SAVZ.B6.PZ. Methodical document. Protection profile of anti-virus protection type “B” of the sixth protection class (approved by the FSTEC of Russia on 14.06.2012). URL: https://fstec.ru
Methodological document. Information protection measures in state information systems (approved by the FSTEC of Russia on February 11, 2014). URL: https://fstec.ru
Methodological document. Methodology for assessing threats to information security (approved by the FSTEC of Russia on February 5, 2021). URL: https://fstec.ru
GOST R ISO/IEC 15408-1-2012. National standard of the Russian Federation. Information technology. Methods and means of ensuring security. Criteria for evaluating information technology security. Part 1: Introduction and general model. Moscow: Standartinform, 2014.
GOST R 58771-2019. National standard of the Russian Federation. Risk management. Risk assessment technologies (approved and put into effect by the Order of Rosstandart dated December 17, 2019 No. 1405-st). Moscow: Standartinform, 2020.
GOST R ISO/IEC 27001-2021. National standard of the Russian Federation. Information technology. Methods and means of ensuring security. Information security management systems. Requirements (approved and put into effect by the Order of Rosstandart dated November 30, 2021 No. 1653-st). Moscow: Standartinform, 2022.
Borisov M.A., Golod V.V., Osadchiy A.I., Trofimov V.V. Model of unauthorized access to information in dynamically changing conditions. Software Products and Systems. 2005. No. 4. Pp. 45-48. (In Rus.)
Borisov M.A., Zavodtsev I.V. Vulnerability assessment tools in automated systems. Scientific Journal Vestnik RGGU. Series Informatics. Data Protection. Maths. 2010. No. 12 (55)/10. Pp. 259-262. (In Rus.)
Doynikova E.V., Kotenko I.V. Methods and software component of risk assessment based on attack graphs for security information and event management systems. Information and Control Systems. 2016. No. 5. Pp. 56-67.
Polyansky D.A. Security assessment: Textbook allowance. Vladimir: Publishing house Vladim. State Univ., 2005. 80 p.
Shcheglov A.Yu. Mathematical models and methods of formal design of information systems protection systems: textbook. allowance. St. Petersburg: ITMO University, 2015. 93 p.
The DFIR report. Real intrusions by real attackers, the truth behind the intrusion. URL: https://thedfirreport.com
Keywords:
Information Security, qualitative and quantitative risk assessment, unauthorized access, Security policy, information security risk.
Related Articles
Multiscale Modeling for Information Control and Processing Pages: 11-20 DOI: 10.33693/2313-223X-2022-9-1-11-20 Issue №20643
A Refined Method for Analytical Modeling of the Processes of Spreading Virus Software to Assess the Security of Informatization Objects
virus software
Information system
Information Security
security threat modeling
information security risk assessment
Show more
Criminal law Pages: 250-255 Issue №24870
Ensuring Information Security as an Object of Criminal Law Protection
information
information security
public relations
object of criminal-legal protection.
Show more
9. Administrative law; Administrative process, Information Law Pages: 116-120 Issue №5518
THE MODEL OF LEGAL REGULATION OF THE ACTIVITY OF MASS MEDIA IN THE СONTEXT OF INFORMATIONAL SECURITY
Legal model
the mechanism of legal regulation
subsystem
system communication
Media
Show more
4. CRIMINAL - LEGAL, CRIMINOLOGICAL, ADMINISTRATIVE AND OTHER MEASURES FOR COUNTERING CRIME IN CONTEMPORARY CONDITIONS Pages: 166-170 Issue №19590
Information Support of Services and Units of the MIA of Russia as an Aspect of Effectiveness of Countering Crime
information resource
data banks
crime prevention
operational environment
categorized machine-readable medium
Show more
2. SCIENTIFIC SCHOOL OF DOCTOR OF SCIENCE, PROFESSOR ShHAGAPSOEV Z.L. Pages: 139-141 Issue №7907
INFORMATIONAL TERRORISM AS THE RUSSIAN FEDERATION NATIONAL SECURITY THREAT
information terrorism
the threat of information
national security
information security
the global information space
Show more
12. CRIME IN THE FIELD OF INFORMATION TECHNOLOGY AND CYBER CRIME Pages: 146-148 Issue №10327
ABOUT SOME METHODS OF INFORMATION SECURITY IN THE WORLD WIDE WEB
information security
the threat of information
national security
the global information space
the Internet
Show more
8. INFORMATION LAW (12.00.13) Pages: 197-201 Issue №17728
Information terrorism is a threat to national security in the context of digitalization
information terrorism
national security
information security
cybercrime
government regulation
Show more
11. Criminal law and criminology; Criminal enforcement law Pages: 187-189 Issue №14823
CHILD CONSERVATION AND INFORMATION SECURITY OF CHILDREN
child saving
threats
information security
child
legal basis
Show more
9. CORRUPTION, TERRORISM, CRIMINAL PROCESS Pages: 139-142 Issue №5143
ILLEGAL ACCESS TO INFORMATION (ARTICLE 272 OF THE CRIMINAL CODE): CRIMINAL LAW CHARACTERISTICS AND SOME FEATURES OF THE INVESTIGATION
The investigator
investigation
Bank Deposit
unauthorized access
computer information
Show more
8. Judicial, prosecutorial, human rights and law enforcement activities Pages: 158-162 Issue №6252
INFORMATION SECURITY OF ADVOCATE’S ACTIVITY: THE MAIN NOTIONS
lawyer
advocacy
information
information security
information security activities of a lawyer
Show more
