scholarly journals Information Security Responsibilities of Critical (Information) Infrastructures in the Aspect of Human Risk Factors

2020 ◽  
Vol 13 (3) ◽  
pp. 71-86
Author(s):  
Balázs Kárász ◽  
Imre Négyesi
Keyword(s):  
Risk Factors ◽  
Information Security ◽  
Asset Management ◽  
Critical Infrastructure ◽  
Critical Information ◽  
Human Risk ◽  
Related Information ◽  
Information Infrastructures ◽  
Digital Asset

With regard to the threats of information society  nowadays, the digital asset management and the safety of the related information systems as well as critical infrastructure elements became highly important. The defence of cyberspace itself evolved as a social necessity. This paper aims to provide an overview of how each of the occurring human risk factors influence the effectuation of information security purposes of firms and/or organisations operating critical infrastructure or critical information infrastructure, as well as the engineering of their data processing and data analytics procedures. Moreover, the helpful role of the possible methodological toolset (connected to HR, management and risk management) is also assessed in the context of managing and improving information security awareness.

scholarly journals ON THE FORMATION OF LEGAL AND SCIENTIFIC BASES OF ENSURING THE SAFETY OF CRITICAL INFORMATION INFRASTRUCTURE OF THE RUSSIAN FEDERATION

2019 ◽  
Vol 29 (5) ◽  
pp. 644-654
Author(s):  
N.M. Kurbatov
Keyword(s):  
Information Security ◽  
Russian Federation ◽  
Critical Infrastructure ◽  
Information Infrastructure ◽  
Significant Information ◽  
Critical Information ◽  
Foreign Countries ◽  
History Of ◽  
The Russian Federation ◽  
Definition Of

The concept of critical information infrastructure is analyzed. The history of its formation and consolidation in the legal space of Russian legislation is considered. The article studies the experience of foreign countries in the field of ensuring information security in general and protecting critical infrastructure in particular. The relevance of the chosen topic is due to the course taken by the Russian Federation for the development of the information society in the country, as well as the need to protect significant information systems and resources of state authorities. The author of the article reveals the terms included in the definition of critical information infrastructure, enshrined in the legislation of the Russian Federation. In conclusion, the main problems of the considered regulatory legal acts are highlighted, recommendations are given on the further development of the information security system of critical infrastructure.

scholarly journals Ecology of Francisella tularensis

2020 ◽  
Vol 65 (1) ◽  
pp. 351-372 ◽  
Author(s):  
Sam R. Telford ◽  
Heidi K. Goethert
Keyword(s):  
Risk Factors ◽  
Francisella Tularensis ◽  
Vector Borne Disease ◽  
Human Risk ◽  
Vector Borne ◽  
Enzootic Cycle

Tularemia is a Holarctic zoonosis caused by the gamma proteobacterium Francisella tularensis and is considered to be a vector-borne disease. In many regions, human risk is associated with the bites of flies, mosquitoes, or ticks. But the biology of the agent is such that risk may be fomite related, and large outbreaks can occur due to inhalation or ingestion of contaminated materials. Such well-documented human risk factors suggest a role for these risk factors in the enzootic cycle as well. Many arthropods support the growth or survival of the agent, but whether arthropods (ticks in particular) are obligately required for the perpetuation of F. tularensis remains to be demonstrated. As with most zoonoses, our knowledge of the ecology of F. tularensis has been driven with the objective of understanding human risk. In this review, we focus on the role of the arthropod in maintaining F. tularensis, particularly with respect to long-term enzootic persistence.

scholarly journals ASSESSMENT OF COMPLIANCE OF INFORMATION SECURITY MEANS ON SIGNIFICANT OBJECTS OF CRITICAL INFORMATION INFRASTRUCTURES OF THE RUSSIAN FEDERATION

2020 ◽  
Vol 6 (1) ◽  
pp. 155-160
Author(s):  
Julia A. Isaeva ◽  
Anastasiya S. Goldobina ◽  
Dmitry M. Nikulin
Keyword(s):  
Information Security ◽  
Russian Federation ◽  
Assessment Process ◽  
Functional Requirements ◽  
Critical Information ◽  
Compliance Assessment ◽  
Information Infrastructures ◽  
Important Means ◽  
The Russian Federation ◽  
Assessment Of Compliance

The need to assess the compliance of information security means depends on the importance of the information, processed at the enterprise. The lack of specific requirements and criteria for conducting an assessment will cause the protection tools to function incorrectly this, in turn, will lead to unpredictable consequences, as well as to the disruption of the functioning of significant objects. Even with the changes made to the legislation of the Russian Federation, there is no specific algorithm for assessment the compliance of certain classes of security tools, such as DLP systems. This article describes the changes made to the legislation and how they will affect the compliance assessment process. The selected security profile, along with GOST 15408-2012, reveals such concepts as functional requirements of trust and security functions. Taking these regulations into account, it is possible to develop a method for conducting compliance assessment for DLP systems, which are an extremely important means of protecting against leaks of confidential information on significant objects of critical information infrastructures.

scholarly journals Digital Postal Operator as an Important Element of the National Energy Security System

Energies ◽  
2021 ◽  
Vol 15 (1) ◽  
pp. 231
Author(s):  
Anna Drab-Kurowska ◽  
Wojciech Drożdż
Keyword(s):  
Information Flow ◽  
Energy Security ◽  
Critical Infrastructure ◽  
The State ◽  
Related Information ◽  
Security Infrastructure ◽  
National Energy Security ◽  
Cati Survey ◽  
Purposeful Selection

This article presents a solution that strengthens information security in critical infrastructure entities. Critical infrastructure plays a key role in the functioning of the state and the life of its citizens. Therefore, the protection of critical infrastructure is one of priorities in Poland. The aim of this article is to show that designated postal operators may become an important link in the process of information flow and cybersecurity. Based on their multiple-year experience and expended competences, the operators may provide digital services for entities responsible for the energy security infrastructure. Verification of this goal is necessary, since critical infrastructure is exposed to growing threats, both in the area of energy and other sensitive sectors of the economy. Research results presented in the article were obtained by conducting a CATI survey. The study used the purposeful selection method, which allows to influence the structure of a sample in the context of goals set by the authors. The method solicited key information from experts on postal and energy markets. The results constitute a new approach to the role of the designated postal operator. The authors analysed possibilities to support entities that secure critical infrastructure, including those from the energy sector. It shows that the role of the designated postal operator may significantly change. Taking into account the security of information and cybersecurity, the postal operator could expand its competences, secure infrastructure-related information flow, and thus become a key pillar of the state.

scholarly journals CONFORMITY ASSESSMENT OF INFORMATION PROTECTION TOOLS IN CRITICAL INFORMATION INFRASTRUCTURES OF THE RUSSIAN FEDERATION

2019 ◽  
Vol 6 (1) ◽  
pp. 203-208
Author(s):  
Julia Isaeva ◽  
Valentin Selifanov
Keyword(s):  
Information Systems ◽  
Information Security ◽  
Russian Federation ◽  
Conformity Assessment ◽  
Information Protection ◽  
Critical Information ◽  
Information Infrastructures ◽  
The Russian Federation

The need for conformity assessment of information security tools at significant objects of critical information infrastructures is demonstrated. In the absence of necessary criteria description for information systems, a possibility of threats implementation appears, which will lead to disruption of functioning of significant objects.

scholarly journals BASIC ASPECTS OF CONFIDENTIAL INFORMATION SECURITY IN CRITICAL INFORMATION INFRASTRUCTURE OBJECTS

2020 ◽  
Vol 1 (9) ◽  
pp. 170-181
Author(s):  
Sergiy Gnatyuk ◽  
Viktoriia Sydorenko ◽  
Yuliia Sotnichenko
Keyword(s):  
Information Security ◽  
Information And Communication Technologies ◽  
Critical Infrastructure ◽  
Rapid Development ◽  
Information Infrastructure ◽  
Telecommunication Networks ◽  
Security Requirements ◽  
Confidential Information ◽  
Critical Information ◽  
Types Of Information

The rapid development of information and communication technologies has increased the vulnerabilities of various networks, systems and objects as well as made it much more difficult to ensure their reliable protection and security. All these factors have led to the fact that the world's leading countries have begun to pay considerable attention to cybersecurity and critical information infrastructure protection. However, the protection of various types of information with restricted access (in particular, confidential information) at critical infrastructure objects remains unexplored. With this in mind, the paper analyzes the existing approaches of the world's leading countries to the confidential information protection at critical infrastructure. The analysis revealed that today there are no comprehensive, multifunctional methods of protecting confidential information at critical information infrastructure. In addition, the classification of critical information infrastructure objects according to information security requirements is developed. This classification by determining the type of processing information, possible access modes and criticality category, allows to ensure unity of approaches to protection of these objects belonging to different types, including information systems, automated control systems and information-telecommunication networks.

scholarly journals About the Comparison of Information Security Systems for Asymptotic Information Security Management of Critical Information Infrastructures

2020 ◽  
Vol 6 (3) ◽  
pp. 66-74
Author(s):  
S. Erokhin ◽  
A. Petukhov ◽  
P. Pilyugin
Keyword(s):  
Information Security ◽  
Security Management ◽  
Order Relation ◽  
Security Systems ◽  
Information Security Management ◽  
Critical Information ◽  
Information Infrastructures ◽  
Building Information ◽  
Management Capabilities ◽  
Control Implementation

The article discusses the security management capabilities of critical information infrastructures. It discusses approaches to developing security policies that don’t lean on assessing residual risks and identifying a fixed list of threats. We examine the possibility of building information security management systems based on monitoring of security events. A formal description of security events as well as relevant protection methods is proposed. The paper introduces an order relation for information security systems comparison and asymptotic CII security control implementation.

scholarly journals МЕТОДОЛОГІЧНІ ЗАСАДИ ОЦІНЮВАННЯ ТА ЗАБЕЗПЕЧЕННЯ БЕЗПЕКИ КРИТИЧНИХ ІНФОРМАЦІЙНИХ ІНФРАСТРУКТУР

2018 ◽  
pp. 78-85
Author(s):  
Євген Віталійович Брежнєв ◽  
Герман Вікторович Фесенко ◽  
Вячеслав Сергійович Харченко
Keyword(s):  
Information Technologies ◽  
Critical Infrastructure ◽  
Fundamental Problem ◽  
Information Infrastructure ◽  
Protection System ◽  
Critical Infrastructure Protection ◽  
Infrastructure Protection ◽  
Critical Information ◽  
Information Infrastructures ◽  
Safety Protection

The world trends in increasing of threats of natural and man-made nature, a level of terrorist threats, the number and complexity of cyberattacks have caused the actualization of needs for critical information infrastructure protection and improvement it's informational security and functional safety. A critical information infrastructure is considered as a set of information and telecommunication systems, improper operation of which may lead to the occurrence of an accident of critical infrastructure (energy, transport, etc.), as well as to decrease in quality of its services. The subject of paper’s study is the mechanisms for ensuring the safety (protection) of critical information infrastructures. The purpose of the paper is to substantiate the approach to the development of methodological foundations and technologies for assessing and ensuring the safety (protection) of critical information infrastructures taking into account the state and capabilities of modern information technologies. The methods used are: systems analysis methods, mathematical optimization methods, safety, and risk theory methods. The following results were obtained. The main tasks of the critical infrastructure protection system are formulated. The necessity of using the system of protection of critical information infrastructure as part of the system of protection of critical infrastructure is substantiated. The concept and principles of the methodology for assessing and ensuring the safety (protection) of critical information infrastructures are developed, working hypotheses, methods and models necessary for their implementation are suggested. The way of interaction of the elements of the proposed methodology, tasks and elements of the critical infrastructure protection system is shown. The results obtained are aimed at solving of one fundamental problem such as the existence of a contradiction between the intensive development of critical information infrastructures, negative influences and threats of various nature and the lack of methodological foundations, models, methods and information technologies for assessment and assurance of critical information infrastructure security and safety. The results obtained should be used to create elements of informational and analytical support for the decision maker in solving tasks related to the assessment and security (protection) of critical infrastructure

Sign in / Sign up

Export Citation Format

Share Document