Using graphs to identify asset security compromises

Мұқаба

Дәйексөз келтіру

Толық мәтін

Ашық рұқсат Ашық рұқсат
Рұқсат жабық Рұқсат берілді
Рұқсат жабық Рұқсат ақылы немесе тек жазылушылар үшін

Аннотация

Due to the ever-expanding threat landscape, the problem of timely identification of information security risks, their assessment, and, as a result, management of these risks remains urgent. The main components of all quantitative risk assessments are the frequency, or probability, of the realization of a risky event, and the amount of losses from the realization of the threat. The purpose of the work is to increase the accuracy in quantifying information security risks, develop a theoretical model that takes into account all the relationships between assets in the company’s information environment, and compile an effective set of risk management measures. To formalize the company’s information security risk assessment model, a set of security breach conditions for the company’s information environment was identified, consisting of elements characterizing the possible results of threat implementation for each asset. As a result of the development of the model, the relationship of assets and the versatility of threat scenarios are shown.

Толық мәтін

Рұқсат жабық

Авторлар туралы

Natalia Grineva

Financial University under the Government of the Russian Federation

Хат алмасуға жауапты Автор.
Email: ngrineva@fa.ru
ORCID iD: 0000-0001-7647-5967

Cand. Sci. (Econ.), Associate Professor; associate professor, Department of Information Technology

Ресей, Moscow

Әдебиет тізімі

  1. Ageev S.A., Saenko I.B. Method of intelligent multi-agent information security risk management in secure multiservice networks for special purposes. T-Comm: Telecommunications and Transport. 2015. Vol. 9. No. 1. Pp. 5–10. (In Rus.). EDN: TILBWN.
  2. Volkov Yu.V., Samokhin D.S. Method for determining the type and parameters of distributions of random variablesrank according to operational data from nuclear power facilities. Izvestiya vuzov. Nuclear Energy. 2007. No. 4. Pp. 15–23. (In Rus.). EDN: JUEFIN.
  3. Vorontsov K.V., Sukhareva A.V. Construction of a complete set of topics of probabilistic thematic models. Intelligent Systems. Theory and Applications. 2019. Vol. 23. No. 4. Pp. 7–23. (In Rus.). EDN: CWOGHS.
  4. Goncharenko V.A. Modeling and evaluation of the characteristics of random streams of events in computer networks with parametric uncertainty. Proceedings of the A.F. Mozhaisky VKA. 2015. Issue 649. Pp. 16–22. (In Rus.). EDN: VLCXNJ.
  5. Grineva N.V., Mikhailova S.S., Vilkul A.A. Comparative analysis of clustering methods for graph data. Neurocomputers: Development, Application. 2023. Vol. 25. No. 4. Pp. 32–44. (In Rus.). doi: 10.18127/j19998554-202304-05. EDN: IDYWPI.
  6. Grineva N.V., Semenova P.A. Application of spectral methods for recognizing the structure of communities in complex networks. Bulletin of the Voronezh State University. Series: System Analysis and Information Technology. 2023. No. 3. Pp. 75–83. (In Rus.). doi: 10.17308/sait/1995-5499/2023/3/75-83. EDN: HFLBXC.

Қосымша файлдар

Қосымша файлдар
Әрекет
1. JATS XML
Жүктеу
2. Fig. 1. The relationship between assets in the information environment of the company

Жүктеу (158KB)
Метадеректер
3. Fig. 2. An example of a retailer’s infrastructure model

Жүктеу (240KB)
Метадеректер
4. Fig. 3. The main scenarios for the development of attacks and the implementation of threats to information security

Жүктеу (145KB)
Метадеректер
5. Fig. 4. The graph of the logistic function

Жүктеу (175KB)
Метадеректер
6. Fig. 5. Scenarios for the implementation of natural and man-made threats

Жүктеу (86KB)
Метадеректер
7. Fig. 6. Scenarios for the implementation of threats related to intruders leading to data leakage

Жүктеу (82KB)
Метадеректер