Development of models of information security threats for evaluation of damage to assets

Authors

DOI:

https://doi.org/10.15587/2312-8372.2015.47183

Keywords:

asset, threat, Coras methodology, fuzzy knowledge base, linguistic variables

Abstract

Analysis of information security risks is an important part in design of information security systems. To date, the process of analysis of information security risks is reduced to the actions of the developers, based on personal experience. The analysis tools that are based on building assessments and conclusions in terms of the theory of probability are existed.

The work is dedicated to the development of systems that will formalize and use the experience of professional designers and managers, and apply when assessing assets and risks of the qualitative assessment, a closer system participants and asset owners. To achieve this goal it is required a multi-step process by which it is constructed the formalized model of risk analysis using the Coras methodology.

The models describing the behavior of the information system in the implementation of the scenarios of threats to information security are proposed. To describe the values of the parameters is used fuzzy linguistic assessment.

For descriptions of the scenarios is used the tools of Petri-Markov nets. To describe the entire process of asset valuation methodology is used the Coras. Collectively it is obtained the model describing the effect of the threat scenarios to assess the system's assets.

Using the developed model, it is possible to use natural assessment of the risks and threats that could reduce the value of the assets of the information system. The basis for this approach is the use of fuzzy linguistic terms as parameters describing the features of the system.

Author Biographies

Владимир Олегович Шапорин, Odessa National Polytechnic University, Av. Shevchenko, 1, Odessa, Ukraine, 65044

Senior Lecturer

Department of computer intellectual systems and networks

Ольга Евгеньевна Плачинда, Odessa National Polytechnic University, Av. Shevchenko, 1, Odessa, Ukraine, 65044

Candidate of Technical Sciences, Associate Professor

Department of oil and gas and chemical engineering

References

  1. Petrenko, S. (2003). Metodika postroeniya korporativnoy sistemy zashity informatsii. CIT forum. Available: http://citforum.ru/security/articles/metodika_zashity/
  2. Pastoev, А. (2006). Metodologii upravleniya IT-riskami. Otkrytye sistemy, 8. Available: http://www.osp.ru/os/2006/08/3584582/
  3. Lund, S., Solhaug, B., Stolen, K. (2011). Model-Driven Risk Analysis. Berlin: Springer-Verlag, 476. doi: 10.1007/978-3-642-12323-8
  4. Ryzhov, А. P. (2013). Elementy teorii nechetkih mnozhestv i ee prilozheniy. М., 81.
  5. Тishyn, P. М., Gayvoronskaya, G. S., Botnar, К. V. (2008). Nechetkaya mnogokriterialnaya otsenka proektnyh resheniy v mnogourovnevyh ierarhicheskih sistemah. Vіsnyk SNU im. V. Dalya, 8, 210–214.
  6. Shaporin, V. О., Тishyn, P. М., Кopytchuk, N. B., Shaporin, R. О. (2008). Оtsenka veroyatnosti provedeniya ataki na setevye resursy s ispolzovaniem apparata nechetkoy logiki. Elektrotehnicheskie i kompjuternye sistemy, 12, 95–101.
  7. Shaporin, V. О., Тishyn, P. М., Shaporin, R. О. (2015). Lingvisticheskaya otsenka aktivov slozhnoy kompjuternoy sistemy dlya analiza riskov informatsionnoy bezopasnosti. Elektrotehnicheskie i kompjuternye sistemy, 18, 28–32.
  8. Larkin, Е. V., Sokolov, V. А., Kotov, V. V., Коtоvа, N. А. (2008). Formaty dannyh dlya strukturno-parametricheskogo opisaniya setey Petri-Markova. Uspehi sovremennogo estestvoznaniya, 1, 43–47.
  9. Nikitina, G. N. (2011). Analiz setej Petri Markova v koncepcii paboty informatsionnoj sistemy. Izvestiya Tulskogo universiteta, 53, 29–34.
  10. Radko, N. М., Skobelev, I. О. (2010). Risk-modeli informatsionno-tеlекоmmunikatsionnyh system pri realizatsii ugroz udalennogo i neposredstvennogo dostupa. Моskva: RadioSoft, 232.

Downloads

Published

2015-07-23

How to Cite

Шапорин, В. О., & Плачинда, О. Е. (2015). Development of models of information security threats for evaluation of damage to assets. Technology Audit and Production Reserves, 4(2(24), 10–15. https://doi.org/10.15587/2312-8372.2015.47183

Issue

Vol. 4 No. 2(24) (2015): Information technologies. Information and control systems

Section

Information Technologies: Original Research

License

Copyright (c) 2016 Владимир Олегович Шапорин, Ольга Евгеньевна Плачинда

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

The consolidation and conditions for the transfer of copyright (identification of authorship) is carried out in the License Agreement. In particular, the authors reserve the right to the authorship of their manuscript and transfer the first publication of this work to the journal under the terms of the Creative Commons CC BY license. At the same time, they have the right to conclude on their own additional agreements concerning the non-exclusive distribution of the work in the form in which it was published by this journal, but provided that the link to the first publication of the article in this journal is preserved.