Using graphs to identify asset security compromises

Capa

Citar

Texto integral

Acesso aberto Acesso aberto
Acesso é fechado Acesso está concedido
Acesso é fechado Acesso é pago ou somente para assinantes

Resumo

Due to the ever-expanding threat landscape, the problem of timely identification of information security risks, their assessment, and, as a result, management of these risks remains urgent. The main components of all quantitative risk assessments are the frequency, or probability, of the realization of a risky event, and the amount of losses from the realization of the threat. The purpose of the work is to increase the accuracy in quantifying information security risks, develop a theoretical model that takes into account all the relationships between assets in the company’s information environment, and compile an effective set of risk management measures. To formalize the company’s information security risk assessment model, a set of security breach conditions for the company’s information environment was identified, consisting of elements characterizing the possible results of threat implementation for each asset. As a result of the development of the model, the relationship of assets and the versatility of threat scenarios are shown.

Texto integral

Acesso é fechado

Sobre autores

Natalia Grineva

Financial University under the Government of the Russian Federation

Autor responsável pela correspondência
Email: ngrineva@fa.ru
ORCID ID: 0000-0001-7647-5967

Cand. Sci. (Econ.), Associate Professor; associate professor, Department of Information Technology

Rússia, Moscow

Bibliografia

  1. Ageev S.A., Saenko I.B. Method of intelligent multi-agent information security risk management in secure multiservice networks for special purposes. T-Comm: Telecommunications and Transport. 2015. Vol. 9. No. 1. Pp. 5–10. (In Rus.). EDN: TILBWN.
  2. Volkov Yu.V., Samokhin D.S. Method for determining the type and parameters of distributions of random variablesrank according to operational data from nuclear power facilities. Izvestiya vuzov. Nuclear Energy. 2007. No. 4. Pp. 15–23. (In Rus.). EDN: JUEFIN.
  3. Vorontsov K.V., Sukhareva A.V. Construction of a complete set of topics of probabilistic thematic models. Intelligent Systems. Theory and Applications. 2019. Vol. 23. No. 4. Pp. 7–23. (In Rus.). EDN: CWOGHS.
  4. Goncharenko V.A. Modeling and evaluation of the characteristics of random streams of events in computer networks with parametric uncertainty. Proceedings of the A.F. Mozhaisky VKA. 2015. Issue 649. Pp. 16–22. (In Rus.). EDN: VLCXNJ.
  5. Grineva N.V., Mikhailova S.S., Vilkul A.A. Comparative analysis of clustering methods for graph data. Neurocomputers: Development, Application. 2023. Vol. 25. No. 4. Pp. 32–44. (In Rus.). doi: 10.18127/j19998554-202304-05. EDN: IDYWPI.
  6. Grineva N.V., Semenova P.A. Application of spectral methods for recognizing the structure of communities in complex networks. Bulletin of the Voronezh State University. Series: System Analysis and Information Technology. 2023. No. 3. Pp. 75–83. (In Rus.). doi: 10.17308/sait/1995-5499/2023/3/75-83. EDN: HFLBXC.

Arquivos suplementares

Arquivos suplementares
Ação
1. JATS XML
Baixar
2. Fig. 1. The relationship between assets in the information environment of the company

Baixar (158KB)
Metadados
3. Fig. 2. An example of a retailer’s infrastructure model

Baixar (240KB)
Metadados
4. Fig. 3. The main scenarios for the development of attacks and the implementation of threats to information security

Baixar (145KB)
Metadados
5. Fig. 4. The graph of the logistic function

Baixar (175KB)
Metadados
6. Fig. 5. Scenarios for the implementation of natural and man-made threats

Baixar (86KB)
Metadados
7. Fig. 6. Scenarios for the implementation of threats related to intruders leading to data leakage

Baixar (82KB)
Metadados