Radiotekhnika
Publishing house Radiotekhnika

"Publishing house Radiotekhnika":
scientific and technical literature.
Books and journals of publishing houses: IPRZHR, RS-PRESS, SCIENCE-PRESS


Тел.: +7 (495) 625-9241

 

Justification and selection of the universal and normalized indicator of the cybersecurity

DOI 10.18127/j19998465-201811-02

Keywords:

E.A. Voronin – Dr.Sc.(Eng.), Professor, Leading Research Scientist, FRC «Computer Science and Control» of RAS (Moscow)
E-mail: e.voronin1@gmail.com
D.N. Zakharov – Ph.D.(Eng.), Associate Professor, Moscow University of the Ministry of Interior of Russian Federation named after V.Y. Kikot
E-mail: zaharov.dmitrii@gmail.com
Nguyen Quang Thuong – Dr.Sc.(Eng.), Professor, State University of Management (Moscow)
E-mail: tikhonovrus@gmail.com


The paper proposes a universal, normalized criterion for assessing the cybersecurity of measures and systems for various purposes and a method of its calculation based on probabilistic parameters obtained by analyzing vulnerabilities using known tools and the results of statistical analysis of observations of types and probabilities of attacks.
The paper describes the external effects of cyber-attacks with the corresponding probabilities of observing different types of attacks on the digital system.
The problem of risk and vulnerability scoring for software is considered.
The significance of the vulnerability is assessed using standard metrics and probabilistic assessment of the implementation of this vulnerability for a typical software configuration of the protected system.
The modeling of the applicability of this criterion to the situation of «Attack on the web server» and the calculation of the security cri-terion.
The conditions of the experiment and the experiment on four attack vectors are determined.
According to the obtained data, the degree of protection of the experimental system from the given attack vectors is estimated.

References:
  1. http://xn--b1amnebsh.ru-an.info/ Kiberbezopasnosch (Vystuplenye Putina V.V.).
  2. https://www.cisco.com/c/ru_ru/products/security/what-is-cybersecurity.html (Cisco).
  3. https://www.securitylab.ru/analytics/.
  4. https://ru.wikipedia.org/wiki/ Kompyuternaya bezopasnosch.
  5. https://postnauka.ru/tests/84548.
  6. Melnikov V.P., Kleimenov S.A., Petrakov А.М. Informatsionnaya bezopasnosch I zacshita informatsii: Ucheb. posobie dlia stud. vuzov. Izd. 3-е. 2008. 336 s.
  7. Маlyuk А.А. Teoriya zacshity informatsii. М.: Goryachaya linya – Telekom. 2012. 184 s.
  8. Rodichev Yu. Informatsionnaya bezopasnosch: Normativno-pravovye aspekty. SPb.: Piter. 2008. 272 s.
  9. Severtsev N.A., Betskov А.V. Vvedenye v bezopasnosch. М.: ТЕIS. 2008.
  10. Severtsev N.A. Bezopasnosch i otkazoustoichivosch dinamicheskikh system: Ucheb. posobie. М.: Kultura i tekhnika. 2013.
  11. Severtsev N.A., Betskov А.V. Modelirovanye bezopasnosty funktsionirovanya dinamicheskikh system. М.: ТЕIS. 2015.
  12. Baranov N.А., Severtsev N.A. Osnovy teorii bezopasnosty dinamicheskikh system. М.: VTs RAN im. А.А. Dorodnitsina. 2008
  13. Voronin Е.А., Nguyen К.Т. Vybor i obosnovanye kriterya otsenky i normirovanya bezopasnosty meropryatii i system raznichnogo naznachenya // Naukoyemkoe tekhnologii. 2018. № 4. S. 17−19.
  14. http://www.grandars.ru/shkola/bezopasnost-zhiznedeyatelnosti/bezopasnost-turistov.html.
  15. GOST R 56545-2015. Zacshita informatsii. Uyazvimosty informatsionnykh system. Pravila opisanya uyazvimostei (2016) // Natsional’nye standarty zacshity informatsii. М.: Standartinform.
  16. Reglament vkluychenya informatsii ob uyazvimostyakh programmnogo obespechenya i programmno-apparatnykh sredstv v bank dannykh ugroz bezopasnosty informatsii FSTEK Rossii (2018) // Federalnaya sluzhba po tekhnicheskomu i eksportnomu kontrokyu. М.: FSTEK.

© Издательство «РАДИОТЕХНИКА», 2004-2017            Тел.: (495) 625-9241                   Designed by [SWAP]Studio