Using graphs to identify asset security compromises

Cover Page

Cite item

Full Text

Open Access Open Access
Restricted Access Access granted
Restricted Access Subscription or Fee Access

Abstract

Due to the ever-expanding threat landscape, the problem of timely identification of information security risks, their assessment, and, as a result, management of these risks remains urgent. The main components of all quantitative risk assessments are the frequency, or probability, of the realization of a risky event, and the amount of losses from the realization of the threat. The purpose of the work is to increase the accuracy in quantifying information security risks, develop a theoretical model that takes into account all the relationships between assets in the company’s information environment, and compile an effective set of risk management measures. To formalize the company’s information security risk assessment model, a set of security breach conditions for the company’s information environment was identified, consisting of elements characterizing the possible results of threat implementation for each asset. As a result of the development of the model, the relationship of assets and the versatility of threat scenarios are shown.

Full Text

Restricted Access

About the authors

Natalia V. Grineva

Financial University under the Government of the Russian Federation

Author for correspondence.
Email: ngrineva@fa.ru
ORCID iD: 0000-0001-7647-5967

Cand. Sci. (Econ.), Associate Professor; associate professor, Department of Information Technology

Russian Federation, Moscow

References

  1. Ageev S.A., Saenko I.B. Method of intelligent multi-agent information security risk management in secure multiservice networks for special purposes. T-Comm: Telecommunications and Transport. 2015. Vol. 9. No. 1. Pp. 5–10. (In Rus.). EDN: TILBWN.
  2. Volkov Yu.V., Samokhin D.S. Method for determining the type and parameters of distributions of random variablesrank according to operational data from nuclear power facilities. Izvestiya vuzov. Nuclear Energy. 2007. No. 4. Pp. 15–23. (In Rus.). EDN: JUEFIN.
  3. Vorontsov K.V., Sukhareva A.V. Construction of a complete set of topics of probabilistic thematic models. Intelligent Systems. Theory and Applications. 2019. Vol. 23. No. 4. Pp. 7–23. (In Rus.). EDN: CWOGHS.
  4. Goncharenko V.A. Modeling and evaluation of the characteristics of random streams of events in computer networks with parametric uncertainty. Proceedings of the A.F. Mozhaisky VKA. 2015. Issue 649. Pp. 16–22. (In Rus.). EDN: VLCXNJ.
  5. Grineva N.V., Mikhailova S.S., Vilkul A.A. Comparative analysis of clustering methods for graph data. Neurocomputers: Development, Application. 2023. Vol. 25. No. 4. Pp. 32–44. (In Rus.). doi: 10.18127/j19998554-202304-05. EDN: IDYWPI.
  6. Grineva N.V., Semenova P.A. Application of spectral methods for recognizing the structure of communities in complex networks. Bulletin of the Voronezh State University. Series: System Analysis and Information Technology. 2023. No. 3. Pp. 75–83. (In Rus.). doi: 10.17308/sait/1995-5499/2023/3/75-83. EDN: HFLBXC.

Supplementary files

Supplementary Files
Action
1. JATS XML
Download
2. Fig. 1. The relationship between assets in the information environment of the company

Download (158KB)
Indexing metadata
3. Fig. 2. An example of a retailer’s infrastructure model

Download (240KB)
Indexing metadata
4. Fig. 3. The main scenarios for the development of attacks and the implementation of threats to information security

Download (145KB)
Indexing metadata
5. Fig. 4. The graph of the logistic function

Download (175KB)
Indexing metadata
6. Fig. 5. Scenarios for the implementation of natural and man-made threats

Download (86KB)
Indexing metadata
7. Fig. 6. Scenarios for the implementation of threats related to intruders leading to data leakage

Download (82KB)
Indexing metadata