Risk analysis of the impact of malicious software on data security in modern cyberspace

Authors

  • Юрій Вікторович Копитін Regional information-analytical center of the Odessa Regional Council 4 Shevchenko avenue, Odessa, Ukraine, 65032, Ukraine

DOI:

https://doi.org/10.15587/1729-4061.2013.12356

Keywords:

Risk, data security, cyberspace, scumware, vulnerability, threat, protection means

Abstract

Despite the considerable amount of works dedicated to the issue of distribution of scumware, there is no risk-oriented research on the harmful effects of the scumware on the cyberspace. The article demonstrates the process of construction of a system of protection against the scumware, based on the mechanisms of information security risks control. The suggested variant of protection from the scumware will improve the level of data protection at the global level by coordinating the efforts of government and private sector. The conducted analysis of risks of impact of scumware on data security in the modern cyberspace showed that this threat is one of the most dangerous and can easily paralyze the work of all computers that have access to the Internet. Usage of the developed graphical model and the implementation of measures against the scumware will allow organizations to understand the scale of the problem and choose the best solution to ensure the protection of confidentiality, integrity and availability of electronic information

Author Biography

Юрій Вікторович Копитін, Regional information-analytical center of the Odessa Regional Council 4 Shevchenko avenue, Odessa, Ukraine, 65032

Deputy chief of information security department

References

  1. ITU-T X.1055. Risk management and risk profile guidelines for telecommunication organizations [Текст]. – Введ. 2008-11-13. – Женева, 2008 . – 22 с.
  2. McAfee Threats Report: Second Quarter 2011 [Електронний ресурс]. – Режим доступу: www/ URL: http://www.mcafee.com/au/resources/reports/rp-quarterly-threat-q2-2011.pdf - 2011 р.
  3. NIST Special Publication 800-83. Guide to Malware Incident Prevention and Handling [Текст]. – Gaithersburg, 2005 . – 101 с.
  4. G-Data Malware Report. Half-yearly report January [Електронний ресурс]. – Режим доступу: www/ URL:
  5. http://www.gdatasoftware.com/uploads/media/G_Data_MalwareReport_H1_2011_EN.pdf - 2011 р.
  6. Сделать онлайновый мир безопаснее [Електронний ресурс]. – Режим доступу: www/ URL: https://itunews.itu.int/Ru/Note.aspx?Note=1484 – 2011 . – Загол. з екрану.
  7. Современная антивирусная индустрия и её проблемы [Електронний ресурс]. – Режим доступу: www/ URL: http://www.securelist.com/ru/analysis?pubid=174261388– 2011 . – Загол. з екрану.
  8. Malware risks and mitigation report [Електронний ресурс]. – Режим доступу: www/ URL: http://www.nist.gov/itl/upload/BITS-Malware-Report-Jun2011.pdf - 2011 р.
  9. Убытки от киберпреступности в мире ежегодно составляют 114 миллиардов долларов [Електронний ресурс]. – Режим доступу: www/ URL: http://www.e-moneynews.ru/ubytki-ot-kiberprestupnosti-114-milliardov - 23.09.2011 р. – Загол. з екрану.
  10. Zero-day эксплойт [Електронний ресурс]. – Режим доступу: www/ URL: http://www.securelist.com/ru/glossary?glossid=152528354. – Загол. з екрану.
  11. Классификация детектируемых объектов [Електронний ресурс]. – Режим доступу: www/ URL: http://www.securelist.com/ru/threats/detect?chapter=32 . – Загол. з екрану.
  12. Монахов, Ю.М. Вредоносные программы в компьютерных сетях : учеб. пособие / Ю.М. Монахов, Л.М. Груздева, М.Ю. Монахов ; Владим. гос. ун-т. – Владимир : Изд-во Владим. гос. ун-та, 2010. – 72 с. (Комплексная защита объектов информатизации. Кн. 19). – ISBN 978-5-9984-0087-2.
  13. The 2011 (ISC)2 Global Information Security Workforce Study [Електронний ресурс]. – Режим доступу: www/ URL: https://www.isc2.org/uploadedFiles/Landing_Pages/NO_form/2011GISWS.pdf - 2011 р.
  14. QUESTION 22/1: Securing information and communication networks: best practices for developing a culture of cybersecurity [Електронний ресурс] / International Telecommunication Union. – Режим доступу: www/ URL: http://www.itu.int/dms_pub/itu-d/opb/stg/D-STG-SG01.22-2010-PDF-E.pdf - 2010 р.
  15. ISO/IEC 27005:2011. Information technology - Security techniques - Information security risk management (second edition) [Текст]. – Введ. 2011-05-19. – Женева, 2011. – 68 с.
  16. ITU-T X.1207. Guidelines for telecommunication service providers for addressing the risk of spyware and potentially unwanted software [Текст]. – Введ. 2008-04-18. – Женева, 2008 . – 20 с.
  17. Cameron H. Malin Malware Forensics: Investigating and Analyzing Malicious Code [Текст]:/ Cameron H. Malin, Eoghan Casey, James M. Aquilina. – 1 edition. – Waltham: Syngress, 2008. – 592 с.
  18. ITU-T. (2008) ITU-T X.1055. Risk management and risk profile guidelines for telecommunication organizations. Geneva.
  19. McAfee. (2011) McAfee Threats Report: Second Quarter 2011. Retrieved from http://www.mcafee.com/au/resources/reports/rp-quarterly-threat-q2-2011.pdf.
  20. Peter Mell (2005) NIST Special Publication 800-83. Guide to Malware Incident Prevention and Handling. Retrieved from http://csrc.nist.gov/publications/
  21. nistpubs/800-83/SP800-83.pdf.
  22. G-Data. (2011) G-Data Malware Report. Half-yearly report January. Retrieved from http://www.gdatasoftware.com/uploads/media/G_Data_MalwareReport_H1_
  23. _EN.pdf
  24. ITUNews. (2011) Make the online world safer. ITUNews. Retrieved from https://itunews.itu.int/Ru/Note.aspx?Note=1484
  25. E. Kaspersky (2011, November 21) Existing antivirus industry and its problems. Retrieved from http://www.securelist.com/ru/analysis?pubid=174261388.
  26. BITS. (2011) Malware risks and mitigation report. Retrieved from http://www.nist.gov/itl/upload/BITS-Malware-Report-Jun2011.pdf - 2011 р.
  27. E-Money News (2011, September 23) Losses from cybercrime in the world each year is 114 billion dollars. E-Money News. Retrieved from http://www.e-moneynews.ru/ubytki-ot-kiberprestupnosti-114-milliardov.
  28. Zero-day exploit (n.d.) Retrieved February 20, 2013, from http://www.securelist.com/ru/glossary?glossid=152528354.
  29. Securelist (n.d.) Classification of detected objects. Retrieved February 20, 2013, from http://www.securelist.com/ru/threats/detect?chapter=32.
  30. Monakhov Y.M. (2010) Malware in computer networks: A guide. Vladimir.
  31. (ISC)2. (2011) The 2011 (ISC)2 Global Information Security Workforce Study. Retrieved from https://www.isc2.org/uploadedFiles/Landing_Pages/NO_form/
  32. GISWS.pdf
  33. ITU. (2010) QUESTION 22/1: Securing information and communication networks: best practices for developing a culture of cybersecurity. Retrieved from http://www.itu.int/dms_pub/itu-d/opb/stg/D-STG-SG01.22-2010-PDF-E.pdf.
  34. ISO/IEC. (2011) ISO/IEC 27005:2011. Information technology - Security techniques - Information security risk management (second edition). Geneva, 1-68.
  35. ITU. (2008) ITU-T X.1207. Guidelines for telecommunication service providers for addressing the risk of spyware and potentially unwanted software. Geneva, 1-20.
  36. Cameron H. Malin (2008) Malware Forensics: Investigating and Analyzing Malicious Code. Waltham: Syngress.

Downloads

Published

2013-04-25

How to Cite

Копитін, Ю. В. (2013). Risk analysis of the impact of malicious software on data security in modern cyberspace. Eastern-European Journal of Enterprise Technologies, 2(2(62), 45–51. https://doi.org/10.15587/1729-4061.2013.12356

Issue

Vol. 2 No. 2(62) (2013): Information technology

Section

Information technology

License

Copyright (c) 2014 Юрій Вікторович Копитін

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

The consolidation and conditions for the transfer of copyright (identification of authorship) is carried out in the License Agreement. In particular, the authors reserve the right to the authorship of their manuscript and transfer the first publication of this work to the journal under the terms of the Creative Commons CC BY license. At the same time, they have the right to conclude on their own additional agreements concerning the non-exclusive distribution of the work in the form in which it was published by this journal, but provided that the link to the first publication of the article in this journal is preserved.

A license agreement is a document in which the author warrants that he/she owns all copyright for the work (manuscript, article, etc.).
The authors, signing the License Agreement with TECHNOLOGY CENTER PC, have all rights to the further use of their work, provided that they link to our edition in which the work was published.
According to the terms of the License Agreement, the Publisher TECHNOLOGY CENTER PC does not take away your copyrights and receives permission from the authors to use and dissemination of the publication through the world's scientific resources (own electronic resources, scientometric databases, repositories, libraries, etc.).
In the absence of a signed License Agreement or in the absence of this agreement of identifiers allowing to identify the identity of the author, the editors have no right to work with the manuscript.
It is important to remember that there is another type of agreement between authors and publishers – when copyright is transferred from the authors to the publisher. In this case, the authors lose ownership of their work and may not use it in any way.