Advertisement

Complex Evaluation of Information Security of an Object with the Application of a Mathematical Model for Calculation of Risk Indicators

  • A. L. Marukhlenko
  • A. V. PlugatarevEmail author
  • D. O. Bobyntsev
Conference paper
  • 66 Downloads
Part of the Lecture Notes in Electrical Engineering book series (LNEE, volume 641)

Abstract

In modern information systems designing, great attention is paid to information security issues, and therefore minimizing the risk of unauthorized access and failure of individual elements of the computer network, which characterizes the possible danger of an unfavorable outcome, a combination of the likelihood and consequences of an event, both from the attacker and the work of the information system elements. In this regard, the problem of building an appropriate mathematical model for calculating risk is relevant. The need to evaluate indicators is dictated by the statistics of cases of unauthorized access, failure of system elements and the consequences of reducing the level of information security. Thus, the problem of a calculation option search, which takes into account a complex of factors that are not tied to a specific subject area and allows considering the frequency of occurrence of abnormal situations and the relative probabilities of adverse events is considered. A version of the risk calculation indicators of the information system is considered, shortcomings in the design of the computing environment and the allocation of information environment vulnerabilities are highlighted, a mathematical model is developed for a comprehensive assessment of the object’s information security. The main idea is to analyze vulnerabilities, the degree of performance indicators variability in relation to the variation of environmental input parameters.

Keywords

Information security Risk analysis Unauthorized access Comprehensive evaluation 

References

  1. 1.
    Marukhlenko, A.L., Mirzakhanov, P.S.: Program complex for modeling of the process of transferring and processing of network flows of data. News of the Southwest State University. Series: management, computer equipment, informatics. Med. Instrum. 2–3, 175–180 (2012)Google Scholar
  2. 2.
    Tanygin, M.O., Marukhlenko, A.L., Marukhlenko, L.O., et al.: Technology and software implementation of a software module for localizing potentially dangerous objects on a graphic substrate using neural networks. In: Infocommunications and Space Technologies: Status, Problems and Solutions. The Collection of Scientific Articles Based on the Materials of the II All-Russian Scientific and Practical Conference, pp. 23–28 (2018)Google Scholar
  3. 3.
    Efremov, M.A., Kalutskii, I.V., Tanygin, M.O., et al.: Personal data security, social networks and commercials in the Internet. News of the Southwest State University. Series: management, computer equipment, informatics. Med. Instrum. 7(1), 27–33 (2017)Google Scholar
  4. 4.
    Tanygin, M.O., Marukhlenko, A.L., Marukhlenko, L.O., et al.: Analysis of potential vulnerabilities and modern methods of protecting multi-user resources. In: Infocommunications and Space Technologies: State, Problems and Solutions. The Collection of Scientific Articles Based on the Materials of the II All-Russian Scientific and Practical Conference, pp. 136–140 (2018)Google Scholar
  5. 5.
    Lepina, N.V., Tanygin, M.O., Kalutskii, I.V.: About features of providing of information security of information computing systems of universities compilation: Infocommunications and information security: state, problems and solutions. In: Materials of the II International Scientific Conference, pp. 246–249 (2015)Google Scholar
  6. 6.
    Dobritsa, V.P., Lipunov, A.A., Savenkova, E.S.: System of access control and management in complex of information security systems. News of SWSU. Series: management, computer equipment, informatics. Med. Instrum. 2(2), 87–90 (2012)Google Scholar
  7. 7.
    Agapov, A.A., Khlobystova, I.O., Marukhlenko, S.L., et al.: Hardware and software system “toxi + meteo” for assessing the consequences of possible accidents taking into account data on current weather conditions. Labor safety in industry, pp. 22–25 (2011)Google Scholar
  8. 8.
    Degtyarev, S.V., Marukhlenko, A.L., Marukhlenko, S.L.: Program model for automation of calculation of the risk of technological accidents. Inf.-Measur. Manag. Syst. 8(11), 35–39 (2010)Google Scholar
  9. 9.
    Potapenko, A.M., Marukhlenko, A.L., Konarev, D.I., et al.: Personalized system of information search with the function of topic definition and meaning values analysis. In: Compilation: Infocommunications and Information Security: State, Problems and Solutions. Materials of the II International Scientific Conference, pp. 181–187 (2015)Google Scholar
  10. 10.
    Harper, A., Regalado, D., Linn, R., et al.: Gray Hat Hacking: The Ethical Hacker’s Handbook. McGraw-Hill Education, New York (2018)Google Scholar
  11. 11.
    Lisanov, M.V.: Errors of rationing of quantitative criteria of a tolerable risk. Methods Conform. Assess 9, 41–43 (2009)Google Scholar
  12. 12.
    Tanygin, M.O.: A proposal for forming of threat model for telecommunication systems. In: Compilation: Optoelectronic Equipment and Devices in the Systems of Image Recognition, Image Processing and Symbol Information, pp. 341–343 (2017)Google Scholar
  13. 13.
    Marukhlenko, A.L., Marukhlenko, S.L.: Mathematical model of a system approach for evaluation of risk of technological accidents. News of SWSU. Series: management, computer equipment, informatics. Med. Instrum. 2, 60–64 (2013)Google Scholar
  14. 14.
    Marukhlenko, S.L., Degtaryov, S.V.: System analysis in solving the tasks of risk analysis. News of SWSU. Series: management, computer equipment, informatics. Med. Instrum. 2, 33–37 (2012)Google Scholar
  15. 15.
    Khalin, Yu.A., Marukhlenko, A.L., Marukhlenko, L.O.: Development of secure corporate systems based on client-server technology. SWSU, Kursk (2018)Google Scholar
  16. 16.
    Marukhlenko, L.O., Marukhlenko, A.L., Kerimbaeva, K.M., et al.: Variant of ensuring information security by increasing the fault tolerance of the hardware firewall. In: Infocommunications and Space Technologies: State, Problems and Solutions. The Collection of Scientific Articles Based on the Materials of the II All-Russian Scientific and Practical Conference, pp. 10–14 (2018)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  • A. L. Marukhlenko
    • 1
  • A. V. Plugatarev
    • 1
    Email author
  • D. O. Bobyntsev
    • 1
  1. 1.Southwest State UniversityKurskRussian Federation

Personalised recommendations