Development of a methodology for building an information security system in the corporate research and education system in the context of university autonomy

Authors

DOI:

https://doi.org/10.15587/1729-4061.2019.169527

Keywords:

corporate research and education system, security threat classifier, information security system.

Abstract

The development of computing tools and technologies of corporate networks has expanded the range of educational and information services in corporate research and education networks (CRES). CRES belong to critical cybernetic information systems (CCIS) built on the basis of open network models. In the early 80s of the 20th century, this approach did not consider the need to build a security system, which does not allow it to provide the required level of protection against modern hybrid threats. The transition to autonomy in decision-making, education and university management all over the world places requirements to ensuring the required quality of service (QoS) of CRES clients. CRES users include university administration, faculty, students and support personnel of educational services in higher education institutions. One of the main criteria for QoS is information security. However, there is no general approach to building integrated information security in CRES, which would provide the required level of security.

The methodology is based on the concept of synthesizing a synergistic model of threats to CCIS, improved models of CRES infrastructure, an intruder, assessing the current state of information security (IS) and improved method of investment in the CRES IS. It is shown that the basis of the synergistic model is a three-level model of strategic security management, which provides a synergistic effect in the context of simultaneous threats to information security, cybersecurity and security of information. In contrast to the known, such an approach provides for the determination of qualitatively new and previously unknown emergent properties of the information security system, taking into account the means used to create it. The application of the methodology in practice through the development and implementation of new solutions to provide security services allows for the required level of information security in CRES. The proposed information security service mechanisms are built on hybrid cryptosystems based on crypto-code structures with  flawed codes.

Author Biographies

Serhii Yevseiev, Simon Kuznets Kharkiv National University of Economics Nauky ave., 9-А, Kharkiv, Ukraine, 61166

Doctor of Technical Sciences, Senior Researcher

Department of Cyber Security and Information Technology

Volodymyr Aleksiyev, Simon Kuznets Kharkiv National University of Economics Nauky ave., 9-А, Kharkiv, Ukraine, 61166

Doctor of Technical Sciences, Professor

Department of Cyber Security and Information Technology

Svitlana Balakireva, Ivan Kozhedub Kharkiv National Air Force University Sumska str., 77/79, Kharkiv, Ukraine, 61023

PhD

Air Force Science Center

Yevhen Peleshok, Institute of Special Communication and Information Protection National Technical University of Ukraine "Igor Sikorsky Kiev Polytechnic Institute" Verkhnokliuchova str., 4, Kyiv, Ukraine, 03056

PhD, Deputy Head of the Research Center

Oleksandr Milov, Simon Kuznets Kharkiv National University of Economics Nauky ave., 9-А, Kharkiv, Ukraine, 61166

PhD, Associate Professor

Department of Cyber Security and Information Technology

Oleksii Petrov, Ivan Kozhedub Kharkiv National Air Force University Sumska str., 77/79, Kharkiv, Ukraine, 61023

PhD

Department of ACS Mathematical and Software Support

Olena Rayevnyeva, Simon Kuznets Kharkiv National University of Economics Nauky ave., 9-А, Kharkiv, Ukraine, 61166

Doctor of Economic Sciences, Professor

Department of Economy Theory, Statistics and Forecasting

Bogdan Tomashevsky, Ternopil Ivan Puluj National Technical University Ruska str., 56, Ternopil, Ukraine, 46001

PhD, Associate Professor

Department of Cyber Security

Ivan Tyshyk, Lviv Polytechnic National University S. Bandery str., 12, Lviv, Ukraine, 79013

PhD

Department of Information Security

Olexander Shmatko, National Technical University “Kharkiv Polytechnic Institute” Kyrpychova str., 2, Kharkiv, Ukraine, 61002

PhD, Associate Professor

Department of Software Engineering and Information Technology Management

References

  1. Androshchuk, H. O. (2017). Kiberbezpeka: tendentsiyi v sviti ta Ukraini. Kiberbezpeka ta intelektualna vlasnist: problemy pravovoho zabezpechennia: materialy Mizhnarodnoi naukovo-praktychnoi konferentsiyi. Kyiv: Vyd-vo “Politekhnika”, 30–36.
  2. Grischuk, R. V., Danik, Yu. G.; Danik, Yu. G. (Ed.) (2016). Osnovy kiberbezopasnosti. Zihtomir: ZHNAЕU, 636.
  3. Yevseiev, S., Ponomarenko, V., Ponomarenko, V., Rayevnyeva, O., Rayevnyeva, O. (2017). Assessment of functional efficiency of a corporate scientific-educational network based on the comprehensive indicators of quality of service. Eastern-European Journal of Enterprise Technologies, 6 (2 (90)), 4–15. doi: https://doi.org/10.15587/1729-4061.2017.118329
  4. Hryshchuk, R. V., Korchenko, O. H. (2012). Metodolohiya syntezu ta analizu dyferentsialno-ihrovykh modelei ta metodiv modeliuvannia protsesiv kibernapadu na derzhavni informatsiyni resursy. Ukrainian Information Security Research Journal, 14 (3), 115–122. doi: https://doi.org/10.18372/2410-7840.14.3418
  5. Baranov, H., Zakharova, M., Hornitska, D. (2012). Methodology for the synthesis of systems security level evaluation of public information resources from social engineering attacks. Ukrainian Information Security Research Journal, 14 (3), 98–104. doi: https://doi.org/10.18372/2410-7840.14.3396
  6. Korchenko, A., Luttskyy, M., Zaharova, M., Dreys, Y. (2013). Synthesis methodology and software implementation system evaluation harm to national security in protection of state secrets. Ukrainian Information Security Research Journal, 15 (1), 14–20. doi: https://doi.org/10.18372/2410-7840.15.4210
  7. Rajba, S., Karpinski, M., Korchenko, O. (2014). Generalized models, construction methodology and the application of secure wireless sensor networks with random network parameters. Ukrainian Scientific Journal of Information Security, 20 (2), 120–125. doi: https://doi.org/10.18372/2225-5036.20.7296
  8. Yudin, A., Buchyk, S. (2015). Methodology of defence of state informative resources. Comparative analysis of basic terms and determinations. Ukrainian Information Security Research Journal, 17 (3), 218–225. doi: https://doi.org/10.18372/2410-7840.17.9518
  9. Zhurilenko, B. (2015). Construction and analysis methodology of complex technical information security with probabilistic reliability and counting of temporal breaking attempts. Ukrainian Information Security Research Journal, 17 (3), 196–204. doi: https://doi.org/10.18372/2410-7840.17.9515
  10. Buchyk, S. (2016). The methodology of analysis of risks of tree that identifiers the state informative resources. Ukrainian Information Security Research Journal, 18 (1), 81–89. doi: https://doi.org/10.18372/2410-7840.18.10116
  11. Korchenko, A., Shcherbyna, V., Vyshnevska, N. (2016). A methodology for building cyberattack-generated anomaly detection systems. Ukrainian Information Security Research Journal, 18 (1), 30–38. doi: https://doi.org/10.18372/2410-7840.18.10110
  12. Ivanchenko, Е., Kazmirchuk, S., Gololobov, A. (2012). Metodologiya sinteza sistem analiza i otsenki riskov poter' informatsionnyh resursov. Ukrainian Information Security Research Journal, 14 (2), 5–9. doi: https://doi.org/10.18372/2410-7840.14.2178
  13. Shiyan, A. (2016). Methodology of complex security for the person and social groups against the negative information-psychological influence. Ukrainian Scientific Journal of Information Security, 22 (1), 94–98. doi: https://doi.org/10.18372/2225-5036.22.10460
  14. Korchenko, O., Kazmirchuk, S., Ivanchenko, E. (2017). The methodology for the synthesis of adaptive risk assessment systems of security information system resources. Ukrainian Information Security Research Journal, 19 (3), 198–204. doi: https://doi.org/10.18372/2410-7840.19.11898
  15. Boyarov, Е. N. (2016). Klyuchevye problemy informatsionnoy bezopasnosti sfery obrazovaniya. Pedagogika vysshey shkoly, 3.1, 42–45. Available at: https://moluch.ru/th/3/archive/43/1500/
  16. Dorozhkin, A. V., Yasenev, V. N., Yasenev, O. V. (2016). Metodologicheskie aspekty obespecheniya informatsionnoy bezopasnosti v VUZe. Innovatsionnye metody obucheniya v vysshey shkole, 77–83.
  17. Hryshchuk, R., Yevseiev, S. Shmatko, A. (2018). Construction methodology of information security system of banking information in automated banking systems. Vienna: Premier Publishing s. r. o., 284. doi: https://doi.org/10.29013/r.hryshchuk_s.yevseiev_a.shmatko.cmissbiabs.284.2018
  18. Ansari, M. T. J., Pandey, D., Alenezi, M. (2018). STORE: Security Threat Oriented Requirements Engineering Methodology. Journal of King Saud University - Computer and Information Sciences. doi: https://doi.org/10.1016/j.jksuci.2018.12.005
  19. Timpson, D., Moradian, E. (2018). A Methodology to Enhance Industrial Control System Security. Procedia Computer Science, 126, 2117–2126. doi: https://doi.org/10.1016/j.procs.2018.07.240
  20. Misuri, A., Khakzad, N., Reniers, G., Cozzani, V. (2018). A Bayesian network methodology for optimal security management of critical infrastructures. Reliability Engineering & System Safety. doi: https://doi.org/10.1016/j.ress.2018.03.028
  21. Mukhtar, N., Mehrabi, M., Kong, Y., Anjum, A. (2018). Machine-Learning-Based Side-Channel Evaluation of Elliptic-Curve Cryptographic FPGA Processor. Applied Sciences, 9 (1), 64. doi: https://doi.org/10.3390/app9010064
  22. Rehman, S., Gruhn, V. (2018). An Effective Security Requirements Engineering Framework for Cyber-Physical Systems. Technologies, 6 (3), 65. doi: https://doi.org/10.3390/technologies6030065
  23. Bodei, C., Chessa, S., Galletta, L. (2019). Measuring security in IoT communications. Theoretical Computer Science, 764, 100–124. doi: https://doi.org/10.1016/j.tcs.2018.12.002
  24. Hudic, A., Smith, P., Weippl, E. R. (2017). Security assurance assessment methodology for hybrid clouds. Computers & Security, 70, 723–743. doi: https://doi.org/10.1016/j.cose.2017.03.009
  25. Alguliyev, R., Imamverdiyev, Y., Sukhostat, L. (2018). Cyber-physical systems and their security issues. Computers in Industry, 100, 212–223. doi: https://doi.org/10.1016/j.compind.2018.04.017
  26. Rezgui, Y., Marks, A. (2008). Information security awareness in higher education: An exploratory study. Computers & Security, 27 (7-8), 241–253. doi: https://doi.org/10.1016/j.cose.2008.07.008
  27. Schneider, F. B. (2013). Cybersecurity Education in Universities. IEEE Security & Privacy, 11 (4), 3–4. doi: https://doi.org/10.1109/msp.2013.84
  28. Conklin, A. (2006). Cyber Defense Competitions and Information Security Education: An Active Learning Solution for a Capstone Course. Proceedings of the 39th Annual Hawaii International Conference on System Sciences (HICSS'06). doi: https://doi.org/10.1109/hicss.2006.110
  29. Lakhno, V. A., Kasatkin, D. Y., Blozva, A. I., Gusev, B. S. (2020). Method and Model of Analysis of Possible Threats in User Authentication in Electronic Information Educational Environment of the University. Advances in Computer Science for Engineering and Education II, 600–609. doi: https://doi.org/10.1007/978-3-030-16621-2_56
  30. Akhmetov, B., Lakhno, V., Akhmetov, B., Myakuhin, Y., Adranova, A., Kydyralina, L. (2019). Models and Algorithms of Vector Optimization in Selecting Security Measures for Higher Education Institution’s Information Learning Environment. Intelligent Systems in Cybernetics and Automation Control Theory, 135–142. doi: https://doi.org/10.1007/978-3-030-00184-1_13
  31. Kolgatin, A. G. (2014). Informatsionnaya bezopasnost' v sistemah otkrytogo obrazovaniya. Obrazovatel'nye tekhnologii i obschestvo, 417–425.
  32. Anikin, V., Emaletdinova, L. Yu., Kirpichnikov, A. P. (2015). Metody otsenki i upravleniya riskami informatsionnoy bezopasnosti v korporativnyh informatsionnyh setyah. Vestnik Kazanskogo tekhnologicheskogo universiteta, 18 (6), 195–197.
  33. Litvinov, V. A., Lypko, Е. V., Yakovleva, A. A. Informatsionnaya bezopasnost' vysshego uchebnogo zavedeniya v ramkah sovremennoy globalizatsii. Available at: http://conference.osu.ru/assets/files/conf_reports/conf13/132.doc
  34. Vahonin, S. (2014). Udalennyy dostup i utechka dannyh. Informatsionnaya bezopasnost', 5. Available at: http://www.itsec.ru/articles2/Inf_security/udalennyy-dostup-i-utechka-dannyh/
  35. Zamaraeva, O. A., Titov, V. A., Kuzin, D. O. (2014). Development of policy of information security for economic higher education institution: definition of information which is subject to protection, and creation of model of the malefactor. Modern problems of science and education, 3. Available at: https://www.science-education.ru/ru/article/view?id=13106
  36. Stepanova, I. V., Mohammed Omar, A. A. (2017). Use of advanced technologies for development distributed corporate communication networks. T-Comm, 11 (6), 10–15.
  37. Yevseiev, S., Tsyhanenko, O., Ivanchenko, S., Aleksiyev, V., Verheles, D., Volkov, S. et. al. (2018). Practical implementation of the Niederreiter modified crypto­code system on truncated elliptic codes. Eastern-European Journal of Enterprise Technologies, 6 (4 (96)), 24–31. doi: https://doi.org/10.15587/1729-4061.2018.150903
  38. Yevseiev, S. (2017). The use of damaged codes in crypto code systems. Systemy obrobky informatsiyi, 5 (151), 109–121. doi: https://doi.org/10.30748/soi.2017.151.15

Downloads

Published

2019-06-05

How to Cite

Yevseiev, S., Aleksiyev, V., Balakireva, S., Peleshok, Y., Milov, O., Petrov, O., Rayevnyeva, O., Tomashevsky, B., Tyshyk, I., & Shmatko, O. (2019). Development of a methodology for building an information security system in the corporate research and education system in the context of university autonomy. Eastern-European Journal of Enterprise Technologies, 3(9 (99), 49–63. https://doi.org/10.15587/1729-4061.2019.169527

Issue

Vol. 3 No. 9 (99) (2019): Information and controlling system

Section

Information and controlling system

License

Copyright (c) 2019 Serhii Yevseiev, Volodymyr Aleksiyev, Svitlana Balakireva, Yevhen Peleshok, Oleksandr Milov, Oleksii Petrov, Olena Rayevnyeva, Bogdan Tomashevsky, Ivan Tyshyk, Olexander Shmatko

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

The consolidation and conditions for the transfer of copyright (identification of authorship) is carried out in the License Agreement. In particular, the authors reserve the right to the authorship of their manuscript and transfer the first publication of this work to the journal under the terms of the Creative Commons CC BY license. At the same time, they have the right to conclude on their own additional agreements concerning the non-exclusive distribution of the work in the form in which it was published by this journal, but provided that the link to the first publication of the article in this journal is preserved.

A license agreement is a document in which the author warrants that he/she owns all copyright for the work (manuscript, article, etc.).
The authors, signing the License Agreement with TECHNOLOGY CENTER PC, have all rights to the further use of their work, provided that they link to our edition in which the work was published.
According to the terms of the License Agreement, the Publisher TECHNOLOGY CENTER PC does not take away your copyrights and receives permission from the authors to use and dissemination of the publication through the world's scientific resources (own electronic resources, scientometric databases, repositories, libraries, etc.).
In the absence of a signed License Agreement or in the absence of this agreement of identifiers allowing to identify the identity of the author, the editors have no right to work with the manuscript.
It is important to remember that there is another type of agreement between authors and publishers – when copyright is transferred from the authors to the publisher. In this case, the authors lose ownership of their work and may not use it in any way.