Analysis of corporate information systems vulnerability

Authors

  • Дмитро Борисович Мехед Chernihiv National University of Technology
  • Юлія Миколаївна Ткач Chernihiv National University of Technology
  • Володимир Маркович Базилевич Chernihiv National University of Technology
  • Володимир Іванович Гур’єв Chernihiv National University of Technology
  • Ярослав Юрійович Усов Chernihiv National University of Technology

DOI:

https://doi.org/10.18372/2410-7840.20.12453

Keywords:

corporate information systems, computer networks, threats of information security, information protection

Abstract

For today, wireless corporate information systems are an integral part of the competitive functioning of a modern enterprise. Ease of use, almost unlimited functionality, not high cost system scan - these are the main advantages of this type of systems. Corporate information systems of large companies regularly undergo changes - the hardware configuration is updated, the network topology changes, new nodes and system targets are emerging. For most cor-porations with distributed infrastructure, the process of continuous provision of comprehensive protection of in-formation assets becomes a daunting task due to the high complexity of architecture and a large number of intercon-nections within individual subsystems. According to the re-sults of analytical studies of leading companies that deal with information security of enterprises in recent years, the tendency to increase the overall level of security of the net-work perimeter of corporate information systems. On av-erage, in 27% of cases, professionals can not overcome the network perimeter and access the resources of the internal local area network. Since enterprise confidential infor-mation (e-mail, account passwords, server access details, hash data user accounts, and other information that is not publicly accessible) is the goal for many cybercriminals, these technologies are often become a subject of attacks. Thus, the problem of identifying and analyzing vulnerabil-ities in information security in corporate information sys-tems is relevant to date. In conducting the analysis we re-lied on the study of foreign scientists and practitioners en-gaged in the study of threats and the development of their prevention systems. The study of this issue enables to iden-tify and classify possible threats and modernize existing or develop new effective methods and measures of infor-mation security

Author Biographies

Дмитро Борисович Мехед, Chernihiv National University of Technology

PhD, associate professor of the department of cybersecurity and mathematical simulation, Chernihiv National University of Technology

Юлія Миколаївна Ткач, Chernihiv National University of Technology

PhD, associate professor, head of the department of cybersecurity and mathematical simulation, Chernihiv National University of Technology

Володимир Маркович Базилевич, Chernihiv National University of Technology

PhD, associate professor of the department of cybersecurity and mathematical simulation, Chernihiv National University of Technology

Володимир Іванович Гур’єв, Chernihiv National University of Technology

PhD, professor of the department of cybersecurity and mathematical simulation, Chernihiv National University of Technology

Ярослав Юрійович Усов, Chernihiv National University of Technology

assistant of the Department of Information and Computer Systems, Chernihiv National University of Technology

References

Е. Фролов, "Современные концепции управления в производственной логистике, MES для дискре-тного производства — метод вычисляемых прио-ритетов", САПР и графика, № 1, С. 71-75, 2011.

В. Базилевич, "Аналіз методів захисту від кіберза-гроз в бездротових мережах стандарту IEEE 802.11", Захист інформації, №3, С. 222-227, 2017.

Концепція технічного захисту інформації в галузі зв’язку України. [Електронний ресурс]. Режим доступу: http://zakon5.rada.gov.ua/laws/show/1126-97-%D0%BF

А. Корченко, Е. Иванченко, С. Казмирчук, "Ана-лиз и определение понятия риска для его интер-претации в области информационной безопас-ности", Защита информации, №3, 2010.

О. Корченко, Системи захисту інформації , моногра-фія, К.: НАУ, 2004, 264 с.

Практическая атака на беспроводную сеть с WEP шифрованием [Електронний ресурс]. Режим дос-тупу: http://habrahabr.ru/post/92681/

IBM 2015 Cyber Security Intelligence Index [Елект-ронний ресурс]. Режим доступу: http://public.dhe. ibm.com/common/ssi/ecm/se/en/sew03073usen/SEW03073USEN.PDF

Актуальные киберугрозы: III квартал 2017 года [Електронний ресурс]. Режим доступу до ресурсу: https://www.ptsecurity.com/ru-ru/research/analytics/

Downloads

Published

2018-03-27

Issue

Vol. 20 No. 1 (2018)

Section

Articles

License

Authors who publish with this journal agree to the following terms:

  1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.

  2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.

  3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).