Radiotekhnika
Publishing house Radiotekhnika

"Publishing house Radiotekhnika":
scientific and technical literature.
Books and journals of publishing houses: IPRZHR, RS-PRESS, SCIENCE-PRESS


Тел.: +7 (495) 625-9241

 

Approach to the assessment of information system security, based on the analysis of incidents

DOI 10.18127/j20729472-201804-08

Keywords:

A.Yu. Ermakova – Senior Lecturer, RTU MIREA (Moscow)
E-mail: a.alla1105@mail.ru


The paper considers an approach to assessing the level of security of the information system (IS) based on the analysis of the incidents, the construction of a predictive model of their further behavior and the subsequent evaluation of the time of safe operation of the infor-mation system. Previously, the author proposed a method for constructing a predictive model of changing the States of a dynamic sys-tem, the States of which are set in the form of table values – node points. The method is based on constructing a continuous «approxi-mation» of the function that is most distant from the nodal points and the subsequent calculation on the basis of the forecast values of the system state. In this paper, this method is used to build a predictive model of the occurrence of incidents from, leading to a violation of its security. The following shows how based on the constructed predictive function can be calculated safe operation time IS. Examples of this approach are given on the basis of data on Kaspersky Lab's incidents. The directions of further development of this approach are noted.

References:
  1. GOST R ISO/MEK 27000-2012 Informacionnaya tekhnologiya (IT). Metodi i sredstva obespecheniya bezopasnosti. Sistemi menedgmenta informacionnoy bezopasnosti.
  2. Federal’niy zakon ot 26 iulya 2017 g. № 187 – FZ «O bezopasnosti kriticheskoy informacionnoy infrastruktyri Rossiyskoy Federacii».
  3. Ekspertiza i audit informacionnoy bezopasnosti. [Elektronniy resurs]. URL = sudexpa.ru/expertises/ekspertiza-i-audit-informatcionnoi-bezopasnosti/ (Data obrasheniya 17.02.2018).
  4. Audit informacionnikh sistem. Regola-monitoring. [Elektronniy resurs]. URL = spb.systematic.ru/about/news/regola-monitoring.htm (Data obrasheniya 20.02.2018).
  5. Obzor rinka SIEM-sistem. [Elektronniy resurs]. URL = www.antimal ware.ru/node/11 637 (Data obrasheniya 15.03.2018).
  6. Shelukhin O.I., Sakalema D.G., Filinova A.S. Obnarugenie vtorgeniy v komp’uternie seti. M.: Goryachaya liniya – Telekom. 2013. 220 s.
  7. Lukackiy A.V. Obnarugenie atak. SPb.: BKhV-Peterburg. 2003. 596 s.
  8. Vaidya J., Clifton C. Privacy-preserving outlier detection // Proc. of the 4th IEEE International Conference on Data Mining. 2004. P. 233−240.
  9. Zimmermann J., Mohay G. Distributed intrusion detection in clusters based on non-interference // Proc. of the Australasian Workshops on Grid Computing and E-Research (ACSW Frontiers). Australian Computer Society, Inc. 2006. P. 89−95.
  10. Kabanov A.S., Los A.B., Trunev V.I. Vremennaya model ocenki riska narusheniya informacionnoy bezopasnosti // Dokladi TUSUR. Tomsk. 2012. № 1. Ch. 2. S. −91.
  11. Ermakova A.Y. Razrabotka metodov prognozirovaniya na primere analiza sredstv vichislitelnoy tekhniki // Promishlennie ASU i kontrolleri. 2017. № 1. S. 28−34.
  12. Sait Laboratorii Kasperskogo. [Elektronniy resurs]. URL = https://securelist.ru/ statistics/ (Data obrasheniya 27.03.2018).

© Издательство «РАДИОТЕХНИКА», 2004-2017            Тел.: (495) 625-9241                   Designed by [SWAP]Studio