scholarly journals Assessing the resilience of critical information infrastructures to information security threats

2021 ◽  
Vol 28 (1) ◽  
pp. 106-120
Author(s):  
Andrey E. Krasnov ◽  
Alexander S. Mosolov ◽  
Nataliya A. Feoktistova
Keyword(s):  
Information Security ◽  
Security Threats ◽  
Critical Information ◽  
Information Infrastructures

scholarly journals ASSESSMENT OF COMPLIANCE OF INFORMATION SECURITY MEANS ON SIGNIFICANT OBJECTS OF CRITICAL INFORMATION INFRASTRUCTURES OF THE RUSSIAN FEDERATION

2020 ◽  
Vol 6 (1) ◽  
pp. 155-160
Author(s):  
Julia A. Isaeva ◽  
Anastasiya S. Goldobina ◽  
Dmitry M. Nikulin
Keyword(s):  
Information Security ◽  
Russian Federation ◽  
Assessment Process ◽  
Functional Requirements ◽  
Critical Information ◽  
Compliance Assessment ◽  
Information Infrastructures ◽  
Important Means ◽  
The Russian Federation ◽  
Assessment Of Compliance

The need to assess the compliance of information security means depends on the importance of the information, processed at the enterprise. The lack of specific requirements and criteria for conducting an assessment will cause the protection tools to function incorrectly this, in turn, will lead to unpredictable consequences, as well as to the disruption of the functioning of significant objects. Even with the changes made to the legislation of the Russian Federation, there is no specific algorithm for assessment the compliance of certain classes of security tools, such as DLP systems. This article describes the changes made to the legislation and how they will affect the compliance assessment process. The selected security profile, along with GOST 15408-2012, reveals such concepts as functional requirements of trust and security functions. Taking these regulations into account, it is possible to develop a method for conducting compliance assessment for DLP systems, which are an extremely important means of protecting against leaks of confidential information on significant objects of critical information infrastructures.

scholarly journals CONFORMITY ASSESSMENT OF INFORMATION PROTECTION TOOLS IN CRITICAL INFORMATION INFRASTRUCTURES OF THE RUSSIAN FEDERATION

2019 ◽  
Vol 6 (1) ◽  
pp. 203-208
Author(s):  
Julia Isaeva ◽  
Valentin Selifanov
Keyword(s):  
Information Systems ◽  
Information Security ◽  
Russian Federation ◽  
Conformity Assessment ◽  
Information Protection ◽  
Critical Information ◽  
Information Infrastructures ◽  
The Russian Federation

The need for conformity assessment of information security tools at significant objects of critical information infrastructures is demonstrated. In the absence of necessary criteria description for information systems, a possibility of threats implementation appears, which will lead to disruption of functioning of significant objects.

scholarly journals Information Security Responsibilities of Critical (Information) Infrastructures in the Aspect of Human Risk Factors

2020 ◽  
Vol 13 (3) ◽  
pp. 71-86
Author(s):  
Balázs Kárász ◽  
Imre Négyesi
Keyword(s):  
Risk Factors ◽  
Information Security ◽  
Asset Management ◽  
Critical Infrastructure ◽  
Critical Information ◽  
Human Risk ◽  
Related Information ◽  
Information Infrastructures ◽  
Digital Asset

With regard to the threats of information society  nowadays, the digital asset management and the safety of the related information systems as well as critical infrastructure elements became highly important. The defence of cyberspace itself evolved as a social necessity. This paper aims to provide an overview of how each of the occurring human risk factors influence the effectuation of information security purposes of firms and/or organisations operating critical infrastructure or critical information infrastructure, as well as the engineering of their data processing and data analytics procedures. Moreover, the helpful role of the possible methodological toolset (connected to HR, management and risk management) is also assessed in the context of managing and improving information security awareness.

scholarly journals About the Comparison of Information Security Systems for Asymptotic Information Security Management of Critical Information Infrastructures

2020 ◽  
Vol 6 (3) ◽  
pp. 66-74
Author(s):  
S. Erokhin ◽  
A. Petukhov ◽  
P. Pilyugin
Keyword(s):  
Information Security ◽  
Security Management ◽  
Order Relation ◽  
Security Systems ◽  
Information Security Management ◽  
Critical Information ◽  
Information Infrastructures ◽  
Building Information ◽  
Management Capabilities ◽  
Control Implementation

The article discusses the security management capabilities of critical information infrastructures. It discusses approaches to developing security policies that don’t lean on assessing residual risks and identifying a fixed list of threats. We examine the possibility of building information security management systems based on monitoring of security events. A formal description of security events as well as relevant protection methods is proposed. The paper introduces an order relation for information security systems comparison and asymptotic CII security control implementation.

Application of Fractal Methods to Ensure the Cyber-Resilience of Self-Organizing Networks

2019 ◽  
Vol 22 (4) ◽  
pp. 336-341
Author(s):  
D. V. Ivanov ◽  
D. A. Moskvin
Keyword(s):  
Information Security ◽  
Network Structure ◽  
Self Regulation ◽  
Security Threats ◽  
Self Organizing Networks ◽  
Self Organizing ◽  
Fractal Methods

In the article the approach and methods of ensuring the security of VANET-networks based on automated counteraction to information security threats through self-regulation of the network structure using the theory of fractal graphs is provided.

Ensuring the security of critical information infrastructure: the powers of the federal government bodies of the Russian Federation

2019 ◽  
Author(s):  
Ilia Pavlovich Mikhnev ◽  
Svetlana Vladimirovna Mikhneva
Keyword(s):  
Information Security ◽  
Federal Government ◽  
Russian Federation ◽  
Legal Status ◽  
Information Infrastructure ◽  
Critical Information ◽  
Security Service ◽  
Presidential Decree ◽  
Computer Attacks ◽  
The Russian Federation

The article discusses the competences and powers of the state authorities of the Russian Federation within their legal status in the field of ensuring the security of critical information infrastructure. Some functions and authorities in the field of information security have changed in a number of federal executive bodies. In particular, the Federal Security Service, on the basis of a presidential decree, is authorized to create a state system for detecting, preventing and eliminating the consequences of computer attacks on information resources of the Russian Federation. However, not all rights and obligations are enshrined; a number of powers cause the duality of the legal status of certain federal bodies of state power. The clarity and unambiguity of securing the rights and obligations of state bodies authorized in the field of information security are guarantees for effectively ensuring the security of important information infrastructure facilities.

IRISK METHOD FOR SECURITY ESTIMATION OF THE SIMULATION POLYGON FOR THE PROTECTION OF CRITICAL INFORMATION RESOURCES

2019 ◽  
Author(s):  
Bogdan Korniyenko ◽  
Lilia Galata
Keyword(s):  
Risk Assessment ◽  
Information System ◽  
Information Security ◽  
Risk Analysis ◽  
Information Resources ◽  
Security System ◽  
Assessment System ◽  
Automated System ◽  
Information Risk ◽  
Critical Information

In this article, the research of information system protection by ana­ ly­ zing the risks for identifying threats for information security is considered. Information risk analysis is periodically conducted to identify information security threats and test the information security system. Currently, various information risk analysis techni­ ques exist and are being used, the main difference being the quantitative or qualitative risk assessment scales. On the basis of the existing methods of testing and evaluation of the vulnerabilities for the automated system, their advantages and disadvantages, for the possibility of further comparison of the spent resources and the security of the information system, the conclusion was made regarding the deter­ mi­ nation of the optimal method of testing the information security system in the context of the simulated polygon for the protection of critical information resources. A simula­ tion ground for the protection of critical information resources based on GNS3 application software has been developed and implemented. Among the considered methods of testing and risk analysis of the automated system, the optimal iRisk methodology was identified for testing the information security system on the basis of the simulated. The quantitative method Risk for security estimation is considered. Generalized iRisk risk assessment is calculated taking into account the following parameters: Vulnerabili­ ty  — vulnerability assessment, Threat — threat assessment, Control — assessment of security measures. The methodology includes a common CVSS vul­ nerability assessment system, which allows you to use constantly relevant coefficients for the calculation of vulnerabilities, as well as have a list of all major vulnerabilities that are associated with all modern software products that can be used in the automated system. The known software and hardware vulnerabilities of the ground are considered and the resistance of the built network to specific threats by the iRisk method is calculated.

Information security in the South Australian real estate industry

2014 ◽  
Vol 22 (1) ◽  
pp. 24-41 ◽  
Author(s):  
Deepa Mani ◽  
Kim-Kwang Raymond Choo ◽  
Sameera Mubarak
Keyword(s):  
Risk Management ◽  
Information Security ◽  
Real Estate ◽  
South Australia ◽  
Security Threats ◽  
The South ◽  
Content Type ◽  
The Real ◽  
The Real Estate ◽  
Real Estate Sector

Purpose – Opportunities for malicious cyber activities have expanded with the globalisation and advancements in information and communication technology. Such activities will increasingly affect the security of businesses with online presence and/or connected to the internet. Although the real estate sector is a potential attack vector for and target of malicious cyber activities, it is an understudied industry. This paper aims to contribute to a better understanding of the information security threats, awareness, and risk management standards currently employed by the real estate sector in South Australia. Design/methodology/approach – The current study comprises both quantitative and qualitative methodologies, which include 20 survey questionnaires and 20 face-to-face interviews conducted in South Australia. Findings – There is a lack of understanding about the true magnitude of malicious cyber activities and its impact on the real estate sector, as illustrated in the findings of 40 real estate organisations in South Australia. The findings and the escalating complexities of the online environment underscore the need for regular ongoing training programs for basic online security (including new cybercrime trends) and the promotion of a culture of information security (e.g. when using smart mobile devices to store and access sensitive data) among staff. Such initiatives will enable staff employed in the (South Australian) real estate sector to maintain the current knowledge of the latest cybercrime activities and the best cyber security protection measures available. Originality/value – This is the first academic study focusing on the real estate organisations in South Australia. The findings will contribute to the evidence on the information security threats faced by the sector as well as in develop sector-specific information security risk management guidelines.

Sign in / Sign up

Export Citation Format

Share Document