scholarly journals Analysis and classification of the main threats to information security of automated systems at the objects of informatization of internal affairs bodies

2020 ◽  
Vol 27 (1) ◽  
pp. 40-50
Author(s):  
Anna V. Batskih ◽  
Irina G. Drovnikova ◽  
Elena S. Ovchinnikova ◽  
Evgeni A. Rogozin
Keyword(s):  
Information Security ◽  
Automated Systems ◽  
Internal Affairs

AUTOMATED SEARCH OF SOFTWARE ERRORS BY FAZZING METHOD

2019 ◽  
pp. 67-70
Author(s):  
V. A. Minaev ◽  
A. V. Mazin ◽  
G. S. Baidin
Keyword(s):  
Information Security ◽  
Open Source ◽  
Test Data ◽  
Error Detection ◽  
Data Input ◽  
Automated Systems ◽  
It Effectiveness ◽  
Cyclic Operation ◽  
Incorrect Data

The paper considers fuzzing as a promising method of testing and error detection in software using the input of incorrect data to programs. Classification of the automated systems of errors search in the software with indication of their shortcomings is made. The substantiation of errors search advantages under the name Driller is given. The stages of Driller cyclic operation are considered including test data input, actual fuzzing, mixed execution and fuzzing repetition. It is emphasized that the Driller is an open source project. In addition, attention is drawn to the possibility of the specified program to eliminate the «exponential explosion» of considered execution paths number, and it effectiveness at a multiplicity of crossings between the paths of the program under test. It was shown that the Driller allows to effectively solve the problems of information security.

scholarly journals Methods for assessing the efficiency of access control subsystems at informatization facilities of internal affairs bodies and aspects of their improvement

2021 ◽  
Vol 48 (2) ◽  
pp. 29-39
Author(s):  
A. V. Batskikh ◽  
V. V. Konobeevskikh ◽  
S. V. Efimov
Keyword(s):  
Information Security ◽  
Access Control ◽  
Information And Communication Technologies ◽  
System Analysis ◽  
Security Level ◽  
Automated Systems ◽  
Security Systems ◽  
Advantages And Disadvantages ◽  
Industry Standards ◽  
Internal Affairs

Objective. The purpose of the article is to analyse the existing methodology used to assess the efficiency of automated information security systems by studying open literature sources, international and industry standards of the Russian Federation on information security of automated systems, guidelines and orders of the Federal Service for Technical and Expert Control of Russia, as well as departmental orders, instructions and regulations on information security at informatization facilities of internal affairs bodies. The analysis results in identifying the advantages and disadvantages of the specified methodology, as well as the possibilities of its use when conducting a quantitative assessment of the efficiency of access control subsystems of information security systems at the informatization facilities of internal affairs bodies. Methods. To achieve this goal, the method for system analysis of approaches used to assess the efficiency of information security tools and systems has been applied. Results. The paper presents results of analysing the main approaches used to assess the efficiency of tools and systems for information security of automated systems. The paper determines the relationship between the efficiency indicator of access control subsystems of information security systems and the main disadvantage of their use in protected automated systems of internal affairs bodies. The paper substantiates main directions of improving the existing methodology, proposes methods and indicators for quantifying the efficiency of access control subsystems (including those modified on the basis of using new information and communication technologies) of information security systems in protected automated systems of internal affairs bodies. Conclusion. The results obtained can be used to quantify the security level of existing automated systems and those being developed at informatization facilities of internal affairs bodies.

scholarly journals Information security - its essence and threats

2018 ◽  
Vol 188 (2) ◽  
Author(s):  
Estera Pietras
Keyword(s):  
Information Security ◽  
Information Flow ◽  
Data Protection ◽  
Security Systems ◽  
Exchange Of Information ◽  
Starting Point ◽  
Effective System ◽  
Business Entities ◽  
Technical Solutions

Due to the exchange of information, organizations are encouraged to create an effective system of information flow that should be monitored on a regular basis in order to minimize the risk of emergence of threats. Due to modern technical solutions of security systems, it is much more possible and accessible than a few years ago. For this purpose, proper identification and classification of threats is necessary. This constitutes the starting point for considering the role and the essence of risk. The article highlights the aspects related to ensuring information security as a whole and data protection- the most important assets of business entities.

scholarly journals WAYS AND METHODS OF IMPROVING FORENSIC ACTIVITIES

2020 ◽  
pp. 108-120
Author(s):  
О. Zherebko
Keyword(s):  
Law Enforcement ◽  
Best Practices ◽  
Comprehensive Analysis ◽  
Automated Systems ◽  
Law Enforcement Agencies ◽  
Legal Proceedings ◽  
Research Activities ◽  
Organizational Work ◽  
Internal Affairs ◽  
Forensic Tools

The article analyzes forensic activity as one of the forms of activity in the field of legal proceedings. A comprehensive analysis of forensic activity has allowed formulating a number of proposals regarding ways and means of improving it. Ways of improving forensic activities have been identified and proposed: increasing the level of technical and forensic support for the disclosure, investigation and prevention of crimes; implementation of measures to increase the effectiveness of the participation of specialists of expert services in conducting investigative actions and operational-search measures. There is also indicated on improving research activities and introducing into practice new technical and forensic tools, forensic methods and techniques. Conducting forensic records, analytical and organizational work based on the introduction of modern automated systems and technologies; synthesis and dissemination of best practices and analysis of expert practice; improving the selection, training and placement of employees of expert units, strengthening official and executive discipline. Intensification of interaction between the expert services of the Ministry of Internal Affairs with other departments of the internal affairs bodies, as well as with other law enforcement agencies, including at the interstate level is described.

The use of virtual reality interfaces in the field of information security

2021 ◽  
pp. 118-127
Author(s):  
K.N. Zhernova
Keyword(s):  
Virtual Reality ◽  
Augmented Reality ◽  
Information Security ◽  
Computer Security ◽  
Virtual And Augmented Reality

Technologies of virtual and augmented reality are gaining popularity. Virtual reality is used in many areas, including beginning to be used in the field of information and computer security. In addition, virtual reality interfaces are also susceptible to attacks. However, there are still few works on research in this area. This article provides an overview of existing solutions to computer security problems using virtual and augmented reality interfaces, as well as an overview and classification of the identified threats for these interfaces themselves.

An analysis and classification of public information security data sources used in research and practice

2019 ◽  
Vol 82 ◽  
pp. 140-155 ◽  
Author(s):  
Clemens Sauerwein ◽  
Irdin Pekaric ◽  
Michael Felderer ◽  
Ruth Breu
Keyword(s):  
Information Security ◽  
Public Information ◽  
Data Sources ◽  
Research And Practice

scholarly journals DEFINING REQUIREMENTS TO DEVELOP INFORMATION SECURITY CONCEPT N HYBRID THREATS CONDITIONS. PART 1

2019 ◽  
pp. 61-72 ◽  
Author(s):  
Yurii Borsukovskyi
Keyword(s):  
Information Security ◽  
Cyber Security ◽  
General Strategy ◽  
Automated Systems ◽  
It Systems ◽  
Preventive Actions ◽  
Hybrid Threats ◽  
Hybrid War ◽  
Basic Approaches ◽  
Concept Of Information

Current article provides the analysis of recent trends in realization of cyber threats and collects the basic requirements for development of information security concept in hybrid threats conditions. It covers the key tendencies of realization at cyber space of principles of hybrid war. Envisages that preconditions for occurrence of such hybrid wars constitute the interest of governmental agencies in information that might be used by opposing parties in world`s competition and political battles, as well the possibility of effective monetization of harmful impact at information and automated systems of companies. The article defines the necessity in adaptive development of directions in application of preventive actions at information and cyber security. It underlines the absence, at most cases, of strategy to ensure security of the key information systems considering the existing risks. Article emphasize that the information security concept in hybrid threats conditions shall consider the possibility of complete compromising of systems of information and cyber security in case of targeted attack at information resources of structural units of state, banking and private organizations. It considers the model structure of information security concept in hybrid threats conditions to ensure the effectiveness of functioning of information and automated systems of information and cyber security in conditions of limited financing. It provides structure and content of the concept of information security in hybrid threats conditions. Article defines that the information security concept at hybrid threats conditions shall cover the main tasks and objectives, and the general strategy for development of IT and system for managing of information security within the company. It formulates the requirements and basic approaches to its implementation. The article defines that the possible way to optimize the financial resources assigned for IT systems and information and cyber security systems according to the risks defined, might be the use of the best world practices, as well the strict coordination of requirements to ensure the informatization and digital transformation from business and development of coordinated regulatory requirements to the certain businesses from information and cyber security perspective.

Sign in / Sign up

Export Citation Format

Share Document