In the context of increasing informatization of various production areas, when most technological processes and information flows are automated and controlled by computer technology, the choice of measures to ensure the security of information (SI) of critical information infrastructure objects (CIIO) becomes a pressing issue. The article discusses existing methods and approaches to assessing the risk of implementing SI threats to CIIO, which include automated process control systems, information systems, and information and telecommunication networks. These approaches help SI specialists assess the risks associated with possible cyberattacks and data leaks. A method is proposed for quantitatively assessing the degree of danger of implementing SI threats based on the intelligent analysis of data stored in the CIIO logging subsystem. The method allows for a quantitative assessment of the degree of danger of implementing SI threats by potential violators with respect to a specific CIIO. The developed method complements the available assessments of SI specialists by forming expert assessments from additionally involved specialists - professionals in the field of technological processes and information flows of CIIO. The results of the study are recommended for use in modeling SI threats and developing requirements for information security tools in the CIIO.
1. Pavlikhina A.N. Prostoe reshenie dlya slozhnykh infrastruktur Ot chego i kak zashchishchat' predpriyatiya neftegazovogo sektora Rossii? Delovoi zhurnal Neftegaz.RU. 2024;(8):20–25. (In Russ.).
2. Pashkov N.N., Drozd V.G. Analiz riskov informatsionnoi bezopasnosti i otsenka effektivnosti sistem zashchity informatsii na predpriyatii. Modern Scientific Researches and Innovations. 2020;(1). (In Russ.). URL: https://web.snauka.ru/issues/2020/01/90380
3. Odakhovskaya D.A., Pyatkov S.V., Chernykh M.A. Information Risk: Analysis and Calculations. The Applied Economic Researches Journal. 2024;(2):242–247. (In Russ.).
4. Chernov D., Sychugov A., Sovgir A. Applying a System of Automatic Threat Modeling for APCs at Information Infrastructure Facilities. In: Advances in Automation IV: Proceedings of the International Russian Automation Conference, RusAutoCon2022, 04–10 September 2022, Sochi, Russia. Cham: Springer; 2023. P. 374–385. https://doi.org/10.1007/978-3-031-22311-2_36
5. Doynikova E.V., Chechulin A.A., Kotenko I.V. Computer Network Security Evaluation Based on CVSS Metrics. Information and Control Systems. 2017;(6):76–87. (In Russ.). https://doi.org/10.15217/issn1684-8853.2017.6.76
6. Makarenko S. Penetration Testing in Accordance with NIST SP 800–115 Standard. Voprosy kiberbezopasnosti. 2022;(3):44–57. (In Russ.).
7. Chernov D.V. Methods for Assessing Information Security Threats of Automated Process Control Systems. Modern Science: Actual Problems of Theory and Practice. Series: Natural and Technical Sciences. 2021;(9):81–87. (In Russ.). https://doi.org/10.37882/2223-2966.2021.09.25
8. Kostogryzov A. On Models and Methods of Probabilistic Analysis of Information Security in Standardized Processes of System Engineering. Voprosy kiberbezopasnosti. 2022;(6):71–82. (In Russ.).
9. Suhanov A.V. Fuzzy Assessment of Information System Security. Information and Space. 2013;(1):107–110. (In Russ.).
10. Babeshko E., Kharchenko V., Gorbenko A. Applying F(I)MEA-technique for SCADA-Based Industrial Control Systems Dependability Assessment and Ensuring. In: 2008 Third International Conference on Dependability of Computer Systems DepCoS-RELCOMEX, 26–28 June 2008, Szklarska Poreba, Poland. IEEE; 2008. P. 309–315. https://doi.org/10.1109/DepCoS-RELCOMEX.2008.233
Chernov Denis Vladimirovich
Email: cherncib@gmail.com
Scopus | ORCID | eLibrary |
Tula State University
Tula, Russian Federation
