MODELS FOR ASSESSMENT OF RESIDUAL RISK IN INFORMATION SYSTEM
DOI:
https://doi.org/10.18372/2410-7840.24.16932Keywords:
cyber security, information systems, cyber-attacks, security of resources, ensuring cyber securityAbstract
To ensure the basic characteristics of the security of information system resources by preventing unauthorized users from accessing information and disclosing its content, it is necessary to use the means (hardware or software) of access administration, physical access control, protection against information leaks through technical channels, cryptographic means transformation (for encryption and decryption of closed information, as well as means of generation and distribution of keys), means of security signaling and organizational access restriction, etc. In the work, models of the process of interaction of means of cyber-attacks with means of cyber protection were developed to ensure the basic characteristics of the security of resources of information systems in which, due to the amount of residual risk and variation in the mode of operation or unauthorized use of means of storage of information carriers ration and thereby violating its integrity, accessibility and confidentiality, allows to provide a quantitative and qualitative assessment of the state of cyber security. A model of the process of the interaction of protection means is also presented, in which, due to the use of the model of the process of the interaction of means of cyber-attacks with means of cyber protection and the decomposition of the basic security characteristics of information system resources and taking into account the relevant indicators of the basic security characteristics in the process of cyber protection of information system resources, it is possible to increase the accuracy of the dynamic assessment of efficiency dependence from the intensity of the effects of cyberattacks. The proposed cyber protection models make it possible to block cyber-attacks in information systems even before they start to act on the system. In this way, cyber defense can use its resources more effectively, which does not need to respond to every warning, since there can also be false warnings. The considered models make it possible to propose expressions for assessing the residual risk when protecting resources of basic safety characteristics in the form of probabilities of their violation and form the conditions for the transition of the protected resource to the mode of artificial failure.
Downloads
Published
Issue
Section
License
Authors who publish with this journal agree to the following terms:- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
