350 rub
Journal Science Intensive Technologies №3 for 2017 г.
Article in number:
Disclosure risk model in information networks
Authors:
V.V. Knyazev - Post-graduate Student, Expert on the Interaction with the Structures of the ETC, JSC «Concern «Morinsys-Agat» (Moscow) E-mail: bosfor15@ya.ru A.A. Borisov - Ph. D. (Eng.), Leading Specialist, JSC «Concern «Morinsys-Agat» (Moscow) E-mail: alexanderxxx@inbox.ru
Abstract:
Ensuring the confidentiality in the information and telecommunication networks is a complex task, that requires keeping in mind a whole variety of factors. The classical way, based on the differentiation of channels of information and restricted access rights, does not provide an adequate protection against attacks caused by human factor, including those, made by using social engineering techniques, or by negligence. Particular attention is usually paid to protection against internal attacks at military-industrial enterprises, that need to be provided by all the modern tools of communication, including intranetworks, e-mail, mobile media - and all of these has to be done while following the strict requirements to ensure both commercial and state secrets. Modern means of information leaks protection do not provide effective tools of detecting attacks, and even more their forecasting ca-pabilities, providing only the basic functions of collection, storage and search for keywords and signatures. The algorithms providing analysis of the accumulated information, do not meet the required level of assessment of the attack cir-cumstances, which in practice leads to multiple false positives and inefficient use of security resources. The proposed risk assessment methodology is designed to provide privacy violations, multivariate analysis of the attack circumstances, as well as on the basis of re-trospective statistical risk assessment changes the dynamics of their forecasting.
Pages: 51-56
References

 

  1. SHangin V.F. Zashhita informacii v kompjuternykh sistemakh i setjakh. M: DMK Press. 2012. 592 s.
  2. Brehgg R., Rods-Ousli M., Strassberg K. Bezopasnost setejj. Polnoe rukovodstvo. M: EHkom. 2006. 912 s.
  3. Rick Dove Self-Organizing Resilient Network Sensing (SornS) with Very Large Scale Anomaly Detection // IEEE International Conference «Technologies for Homeland Security» (HST). 2011. P. 287−294.
  4. Brian M. Bowen, Ramaswamy Devarajan, Salvatore Stolfo Mesuring the Human Factor of Cyber Security // IEEE International Conference «Technologies for Homeland Security» (HST). 2011. P. 230−235.
  5. Snou D. PSYCHO: Socialnyjj inzhener - vsem khakeram primer! Praktikum po socialnojj inzhenerii // KHaker. 2010. № 7. S. 134−139.
  6. Kovalenko A.P., Belov E.B. Koncepcija podgotovki kadrov v oblasti obespechenija informacionnojj bezopasnosti (problemy, analiz, podkhody) // Sb. statejj «Nauchnye i metodologicheskie problemy informacionnojj bezopasnosti» / Pod red. V.P. SHerstjuka. M: MCNMO. 2004. S. 117−131.
  7. Karlov D.N. Intellektualnaja mnogokonturnaja sistema podderzhki prinjatija reshenijj analitika. Dis. - kand. tekhn. nauk. Krasnodar: KubGTU. 2011. 131 s.