Article

Article title MATHEMATICAL MODEL OF EVALUATION OF INFORMATION PROTECTION FROM UNAUTHORIZED ACCESS WHEN DESIGNING AUTOMATED SYSTEMS IN THE PROTECTED IMPLEMENTATION
Authors F. G. Khisamov, A. S. Zhuck, R. S. Sherstobitov
Section SECTION II. DESIGNING MANAGEMENT INFORMATION AND AUTOMATED SYSTEMS
Month, Year 09, 2017 @en
Index UDC 004.056
DOI
Abstract Thanks to modern achievements in computer and information technologies, automated systems, built on the basis of modern computer facilities in secure implementation, began to play an essential role in ensuring the country"s defense capability, production, scientific research and comprehensive development of the state. The research conducted by the authors shows that a number of contradictions have arisen during the design of automated system in secure implementation due to the lack of a scientific and methodical apparatus and a unified methodology for assessing the security of information in conditions of increasing information and technical impact. The purpose of the research is to increase the security of information in the design of automated system in secure implementation in the conditions of development of digital economy, global information space and growth of threats to information security. The task of the research is to develop quantitative indicators of information security that will allow us to assess and optimize the probability of damage from unauthorized access. As a result of the conducted researches, the authors obtained the probabilistic type security indicators that allow to calculate the upper and lower bounds of the probability of unauthorized access to the information and optimize the probability of damage with respect to the time of operation of the automated system, number and step implementation of threats to information security, information protection means used, given information security class. Within the framework of the solution of the task, the provisions of the theory of information protection, system analysis, methods of mathematical logic, probability theory and mathematical statistics have been used.

Download PDF

Keywords Automated system in secure execution; unauthorized access; information security threats.
References 1. Yazov Yu.K. Proektirovanie zashchishchennykh informatsionno-telekommunikatsionnykh sistem: ucheb. Posobie [The design of the protected information and telecommunication systems: a tutorial]. Voronezh: FGBOU VPO «Voronezhskiy gosudarstvennyy tekhnicheskiy universitet», 2014, 636 p.
2. Gerasimenko V.A. Zashchita informatsii v avtomatizirovannykh sistemakh obrabotki dan-nykh [. V 2-kh kn. – M.: Energoizdat, 1994. – 302 s.
3. Gerasimenko V.A. Zashchita informatsii v avtomatizirovannykh sistemakh obrabotki dannykh [Protection of information in automated data processing systems]. In 2 book. Moscow: Energoizdat, 1994, 302 p.
4. Zavgorodniy V.I. Kompleksnaya zashchita informatsii v komp'yuternykh sistemakh [Comprehensive protection of information in computer systems]. Moscow: Logos, PBOYuL Egorov N.A., 2001, 264 p.
5. Rossiyskaya gazeta. 02.06.2017 g. O chem rasskazal Vladimir Putin na plenarnom zasedanii PMEF. Elektronnyy document [Russian newspaper. 02.06.2017 what said Vladimir Putin at the plenary session of SPIEF. Electronic document]. Available at: https://rg.ru/2017/06/02/reg-szfo/o-chem-rasskazal-vladimir-putin-na-plenarnom-zasedanii-pmef.html.
6. Rossiyskaya gazeta. 15.02.2017 g. Sovbez: Chislo kiberatak na RF za 2016 god vyroslo vtroe. Elektronnyy dokument [Russian newspaper. 15.02.2017 g. security Council: Number of cyber attacks on Russia for 2016 has tripled. Electronic document]. Available at: https://rg.ru/2017/02/15/sovbez-chislo-kiberatak-na-rf-za-2016-god-vyroslo-vtroe.html.
7. GOST R 50922-2006. Natsional'nyy standart Rossiyskoy Federatsii. Zashchita informatsii. Osnovnye terminy i opredeleniya [National standard of the Russian Federation. Basic terms and definitions]. Moscow: Standartinform, 2008, 8 p.
8. Saati T. Prinyatie resheniy. Metod analiz ierarkhiy [Decision-making. Method the analysis of hierarchies]: translation from English. Moscow: Radio i svyaz', 1993, 278 c.
9. Eddous M., Stensfild R. Metody prinyatiya resheniya [The methods of decision making]: transl. from english. Moscow: Audit, YuNITI, 1997.
10. Korobov V.B. Sravnitel'nyy analiz metodov opredeleniya vesovykh koeffitsientov «vliyayushchikh faktorov» [Comparative analysis of methods for the determination of the weighting factors "influencing factors"], Sotsiologiya [Sociology], 2005, No. 20, pp. 12-20.
11. Larichev O.I. Teoriya i metody prinyatiya resheniy, a takzhe Khronika sobytiy v Volshebnykh stranakh: uchebnik [Theory and methods of decision-making, and also Chronicle of events in Magic countries: textbook]. 2nd ed. Moscow: Logos, 2002, 392 p.
12. Strategiya natsional'noy bezopasnosti, utverzhdena Ukazom Prezidenta Rossiyskoy Federatsii ot 31.12.2015 g. № 683 [National security strategy, approved by the decree of the President of the Russian Federation dated 31.12.2015, No. 683].
13. Doktrina informatsionnoy bezopasnosti RF, utverzhdena Ukazom Prezidenta Rossiyskoy Federatsii ot 05.12.2016 g. № 646 [The information security doctrine of the Russian Federation, approved by decree of the President of the Russian Federation from 05.12.2016, No. 646].
14. Gribunin V.G., Chudovskiy V.V. Kompleksnaya sistema zashchity informatsii na predpriyatii: ucheb. posobie [A complex system of information protection at the enterprise: textbook]. Moscow: ITs Akademiya, 2009, 416 p.
15. Problemy zashchity ot informatsionnogo oruzhiya v usloviyakh global'noy informatizatsii obshchestvennykh formatsiy [Problems of protection from information weapons in conditions of global Informatization of the social formations], Spetsial'naya svyaz' i bezopasnost' informatsii (SSBI-2012): Cb. trudov mezhdunarodnogo simpoziuma. NChOU VPO «Kubanskiy institut informzashchity» [Special communications and information security (SSBI-2012): proceedings of the international Symposium. NCHOU VPO "Kuban Institute InfoSec"]. Krasnodar: Ekoinvest, 2012, pp. 296.
16. Malyuk A.A., Pazizin S.V., Pogozhiy N.S. Vvedenie v zashchitu informatsii v avtomatizi-rovannykh sistemakh [Introduction to the protection of information in automated systems]. Moscow: Goryachaya liniya – Telekom, 2004, 147 p.
17. Novikov A.A., Ustinov G.N. Uyazvimost' i informatsionnaya bezopasnost' telekommunikatsionnykh tekhnologiy: ucheb. posobie dlya vuzov [Vulnerability and information security of telecommunication technologies: textbook for universities]. Moscow: Radio i svyaz', 2003, No. 6, pp. 46-48.
18. Positive Research 2016. Sbornik issledovaniy po prakticheskoy bezopasnosti. Elektronnyy document [Positive Research 2016. A collection of studies on practical security. Electronic documen]. Available at: www.ptsecurity.com/upload/ptru/analytics/Positive-Research-2016-rus.pdf/.
19. Domarev V.V. Bezopasnost' informatsionnykh tekhnologiy. Metodologiya sozdaniya sistem zashchity [Security of information technologies. Methodology of creation of systems of protection]. Kiev: DiaSoft, 2002, 688 p.
20. Shcheglov A.Yu. Zashchita komp'yuternoy informatsii ot nesanktsionirovannogo dostupa [Protection of computer information from unauthorized access]. Moscow: Nauka i tekhnika, 2004, 384 p.

Comments are closed.