Language of the Program Code Uniform Presentation for Searching Medium and High-Level Vulnerabilities: the Basic Provisions of Paradigm

Purpose of the study: increasing the efficiency of an expert in searching for medium-level (in algorithms) and high-level (in architecture) vulnerabilities in the program code due to the innovative paradigm of the language for its presentation. Method: consists in the analysis of relevant works on the subject of approaches, methods and notations for representing algorithms and software architecture with highlighting the strengths and weaknesses of solutions, synthesizing the paradigm for the presentation of the program code and qualitatively assessing the effectiveness of each of the provisions of the paradigm (by contradiction method); efficiency is understood as a combination of its three indicators: the number of type I and II errors, the search time and the cognitive stress of the expert. The results obtained: description of the idea and 7 main provisions of the paradigm of the pseudocode language for a unified description of algorithms and architecture with the maximum necessary and minimum sufficient degree of formalization; the main practical significance of the representations of the program code obtained in this way is their intended use for analysis by an information security expert for the presence of medium and high-level vulnerabilities; also, for each position, their qualitative influence on the performance indicators of vulnerability search by an expert was established.

Security governance as a service on the cloud

Small companies need help to detect and to respond to increasing security related threats. This paper presents a cloud service that automates processes that make checks for such threats, implement mitigating procedures, and generally instructs client companies on the steps to take. For instance, a process that automates the search for leaked credentials on the Dark Web will, in the event of a leak, trigger processes that instruct the client on how to change passwords and perhaps a micro-learning process on credential management. The security governance service runs on the cloud as it needs to be managed by a security expert and because it should run on an infrastructure separated from clients. It also runs as a cloud service for economy of scale: the processes it runs can service many clients simultaneously, since many threats are common to all. We also examine how the service may be used to prove to independent auditors (e.g., cyber-insurance agents) that a company is taking the necessary steps to implement its security obligations.

METHODOLOGICAL SUPPORT OF DIAGNOSTICS ORGANIZATIONAL AND LEGAL SECURITY FOR AGRARIAN BUSINESS ENTITIES

Introduction. Effective and stable functioning of agrarian business entities in today's economic environment requires consideration of external threats and risks, which actualizes the need for security management as a multifaceted phenomenon, some aspects of which have not been sufficiently studied. That is why the study of organizational and legal security, and especially the development of methodology for its evaluation is considered urgent and timely. The purpose of the study is to develop a methodological approach to assess the level of organizational and legal security of agrarian business entities. Results. Existing approaches in determining economic security have been investigated in order to substantiate the methodology for evaluating organizational and legal security: functional, indicator, expert, matrix, system, resource and functional. Their advantages and disadvantages are identified. The models of methodological approaches to assessing economic security in terms of types of indicators have been generalized. The author's methodical approach to the assessment of organizational and legal security is proposed as a qualimetric model, which covers 2 components, each of which is decomposed into spheres. The organizational component includes the following: the organizational structure effectiveness, the power hierarchy, the system of powers delegation and the motivation system. The legal component combines: product quality control, sales process, payroll and annual leave, introduction of all forms of reporting, financial discipline, control of environmental standards. The essence of the methodological approach involves peer review on the scale developed. The description of the four ranges is provided for the resulting values (safe state, sufficiently stable, presence of tangible problems, unsatisfactory state) for enterprises with two integral values for organizational and legal components. Keywords: agrarian business entities, organizational and legal security, qualimetric model, economic security, expert evaluation.