Developing a model of information security risk assessment based on colored Petri net
DOI:
https://doi.org/10.18372/2225-5036.20.7558Keywords:
information security, information security risks, risk assessment, threat, vulnerability, attack, colored Petri nets, probability, consequencesAbstract
The article analyzes the existing models of information security risk assessment as a result of which it is determined that the existing risk assessment models do not sufficiently reflects the structure of the organization, which makes it impossible to obtain a complete information about the risks. Developed a model of information security risk assessment based on colored Petri nets and hypergraphs, which allows you to track the potential harm caused by offenders as a result of threats through the vulnerability of assets and prevented the consequences of threats by used security measures and tools in the specified time. Structured partition of assets to improve the accuracy of their identification is proposed. The results of risk modeling using the proposed model can be used in practice in the phase of information security risks evaluation.References
Inventory of Risk Management / Risk Assessment Tools. — Режим доступу: http://rm-inv.enisa.europa.eu/tools
Полещук Н.А. Анализ и планирование затрат предприятия на основе моделирования бизнес-процессов / Н.А. Полещук // Вестник
Белорусского государственного экономического университета. — 2011. — N 1. — С. 60-65/
Арьков П.А. Разработка комплекса моделей для выбора оптимальной системы защиты информации в информационной системе организации [Текст] : дис. … канд. техн. наук / П.А. Арьков. — Волгоград, 2009. — 185 с.
Мельник Г.В. Моделювання системи управління інформаційними ризиками в корпоративній системі / Г.В. Мельник // Бізнес-інформ. — 2013. — № 9. — С. 95-99.
Peter R. Stephenson A Formal Model for Information Risk Analysis Using Colored Petri Nets [Електронний ресурс]. — Режим доступу: URL: http://www.researchgate.net/publication/228909435_A_formal_model_for_information_risk_analysis_using_colored_petri_nets.
Matt Henry Coupled Petri Nets for Computer Network Risk Analysis (Application to Process Control Networks) [Електронний ресурс] / Matt Henry, Ryan Layer, David Zaret. — Режим доступу: URL: http:// www.sys.virginia.edu/risk/PDF%5CHENRY.pdf
Яхонтов И.В. Анализ моделей систем защиты информации на основе модифицированных сетей Петри / И.В. Яхонтов // Методы и системы защиты информации, информационная безопасность. — 2012. — №3. — С. 57-65.
Зайцев Д.А. Исследование эффективности технологии MPLS с помощью раскрашенных сетей Петри [Електронний ресурс] / Зайцев Д.А., Сакун А.Л. — Режим доступу: URL: http://teka. rulitm. ni/docs/2/1025/conv_l/filel.pdf
Downloads
Published
How to Cite
Issue
Section
License
The scientific journal "Information Security" adheres to the principles of open science and provides free, free and permanent access to all published materials. The goal of the policy is to increase the visibility, citation and impact of the results of scientific research in the field of information security. The journal works according to the principles of Open Access and does not charge a fee for access to published articles.
All articles are published in Open Access under the Creative Commons Attribution 4.0 International (CC BY 4.0) license.
Copyright
Authors who publish their works in the journal “Information Security”:
-
retain the copyright to their publications;
-
grant the journal the right of first publication of the article;
-
agree to the distribution of their materials under the CC BY 4.0 license;
-
have the right to reuse, archive, and distribute their works (including in institutional and subject repositories), provided that proper reference is made to the original publication in the journal.
