Article

Article title THE SOFTWARE TOOL FOR THE ESTIMATION OF INFORMATION SECURITY RISK OPERATIONAL VALUE IN THE CLOUD COMPUTING SYSTEM
Authors A.U. Sentsova, I.V. Mashkina
Section SECTION I. INFORMATION SECURITY RISKS MANAGEMENT
Month, Year 08, 2014 @en
Index UDC 004.056.5
DOI
Abstract In this article a description of the software tool for the estimation of information security risk operational value in the cloud computing system on the based of artificial neural network (ANN) is developed. Cloud computing system is the information system of client and vendor interaction. The algorithm block diagram of software tool is proposed, the training sample data set input module for an artificial neural network, the module of training for ANN and the module to obtain an assessment of information risk level are developed. The results of testing software tool are shown. The offered decisions allow to enable the analysis of real identified threats and to obtain an assessment of information security risk level in cloud computing system for the worst case, when all possible threat sources become active simultaneously. An assessment of the operational information security risk level, obtained on the based of software tools, may be used during the information security expert audit on the based of obtaining objective data from events sensors on the current state of cloud computing system security.

Download PDF

Keywords Information security risk operational value; cloud computing system; assessment of information security risk; expert audit; artificial neural network; multilayered perceptron; backpropagation algorithm.
References 1. Shan'gin V.F. Zashchita informatsii v komp'yuternykh sistemakh i setyakh [Protection of information in computer systems and networks]. Moscow: DMK Press, 2012, 592 p.
2. Demurchev N.G., Ishchenko S.O. Problemy obespecheniya informatsionnoy bezopasnosti pri perekhode na oblachnye vychisleniya [Problems of information security in the transition to cloud computing], Materialy XI Mezhdunarodnoy nauchno-prakticheskoy konferentsii «Informatsionnaya bezopasnost'» [Proceedings of the XI International scientific-practical conference "Information security"]. Part. 1. Taganrog: Izd-vo TTI YuFU, 2010, 265 p.
3. GOST R ISO/MEK 12207-10. Informatsionnaya tekhnologiya. Sistemnaya i programmnaya inzheneriya. Protsessy zhiznennogo tsikla programmnykh sredstv [State Standard R ISO/MEK 12207-10. Information technology. System and software engineering. The life cycle processes softwareъ. Moscow: Standartinform, 2010.
4. Mashkina I.V., Sentsova A.Yu. Metodologiya ekspertnogo audita v sisteme oblachnykh vychisleniy [The methodology of the expert audit in the system of cloud computing], Bezopasnost' informatsionnykh tekhnologiy [Information Technology Security], 2013, No. 4, pp. 63-70.
5. Stepanova E.S., Khabibullin R.M., Mashkina I.V. Programmnaya sistema otsenki riskov narusheniya informatsionnoy bezopasnosti na osnove postroeniya nechetkikh kognitivnykh kart [A software system for the evaluation of risks to information security based on the construction of fuzzy cognitive maps], Materialy XII Mezhdunarodnoy nauchno-prakticheskoy konferentsii «Informatsionnaya bezopasnost'» [Proceedings of the XII International scientific-
practical conference "Information security"]. Part 2. – Taganrog: Izd-vo TTI YuFU, 2012, pp. 185-191.
6. Guzairov M.B., Mashkina I.V., Stepanova E.S. Postroenie modeli ugroz s pomoshch'yu nechetkikh kognitivnykh kart na osnove setevoy politiki bezopasnosti [Building a threat model using fuzzy cognitive maps based on the network security policy], Bezopasnost' informatsionnykh tekhnologiy [Information Technology Security]. 2011, No. 2, pp. 37-49.
7. Mashkina I.V., Sentsova A.Yu. Avtomatizatsiya ekspertnogo audita informatsionnoy bezopasnosti na osnove ispol'zovaniya iskusstvennoy neyronnoy seti [Automation expert information security audit based on the use of artificial neural networks], Bezopasnost' informatsionnykh tekhnologiy [Information Technology Security]. 2014, No. 2, pp. 65-70.
8. Mashkina I.V., Sentsova A.Yu., Stepanova E.S. Razrabotka nechetkikh kognitivnykh kart i iskusstvennoy neyronnoy seti dlya operativnoy otsenki informatsionnykh riskov v sisteme oblachnykh vychisleniy [Development of fuzzy cognitive maps and artificial neural network for rapid assessment of information risks in the cloud computing system], Neyrokomp'yutery razrabotka i primenenie [Neurocomputers development and application], 2013, pp. 26-30.
9. Osovski S. Sieci neuronowe dla przetwarzania informacji. Oficyna wydawnicza Politechnili Warszawskiej. Warszawa, 2000 [Russ. ed.: Osovskiy S. Neyronnye seti dlya obrabotki informatsii. Moscow: Finansy i statistika Publ, 2002, 344 p.
10. GOST R ISO/MEK 27005-2010. Informatsionnaya tekhnologiya. Metody i sredstva obespecheniya bezopasnosti. Menedzhment riska informatsionnoy bezopasnosti [State Standard R ISO/MEK 27005-2010. Information technology. Methods and means of security. The risk management information security]. Available at: http://docs.cntd.ru/document/gost-r-iso-mek-27005-2010 (accessed 6 August 2014).
11. GOST R ISO/MEK 31010-2011. Menedzhment riska. Metody otsenki riska [State Standard R ISO/MEK 31010-2011. The management of risk. Risk assessment methods]. Moscow: Standartinform, 2012.
12. Sentsova A.Yu., Mashkina I.V., Chayka V.Yu. Sredstvo provedeniya ekspertnogo audita informatsionnoy bezopasnosti [Tool expert information security audit], Svidetel'stvo o gosudarstvennoy registratsii programmy dlya EVM № 2014616279. 2014 [The certificate of state registration of the computer program No. 2014616279. 2014].

Comments are closed.