МЕТОД АУДИТА ЗАЩИЩЕННОСТИ АВТОМАТИЗИРОВАННЫХ СИСТЕМ
Работая с нашим сайтом, вы даете свое согласие на использование файлов cookie. Это необходимо для нормального функционирования сайта, показа целевой рекламы и анализа трафика. Статистика использования сайта отправляется в «Яндекс» и «Google»
Научный журнал Моделирование, оптимизация и информационные технологииThe scientific journal Modeling, Optimization and Information Technology
Online media
issn 2310-6018

METHOD OF AUDITING THE PROTECTION OF AUTOMATED SYSTEMS

Tokarev V.L.,  Sychugov A.A. 

UDC 004.56
DOI: 10.26102/2310-6018/2019.24.1.036

  • Abstract
  • List of references
  • About authors

The analysis of the currently existing regulatory framework and methods for analyzing the protection of information resources was carried out. It is noted that the basis of the methods is the use of technical methods of analysis, which involve the use of both active and passive testing of the information protection system. Another existing solution to this problem is the use of expert assessments. However, both approaches are laborious and often subjective. On the basis of the theory of fuzzy sets, a mathematical model is proposed for auditing the security of automated systems on the basis of which an appropriate method has been proposed. Fuzzy models are considered as a tool for auditing automated systems that process confidential information. As an example of the use of the proposed method, an assessment of one of the information security aspects is considered - the security of access to confidential information in an automated system. The proposed method will make it possible to effectively use the obtained estimates for solving the problem of ensuring the security of information in automated systems. The main advantage of the method is that it does not require complex testing procedures, calculating probabilities, attracting and selecting experts, etc., and can be used to evaluate most various aspects of information security.

1. Astakhov, A. Analysis of corporate systems security / A. Astakhov // Open systems, 2002. - № 7 - 8

2. International standard ISO/IEC 15408:1999, “Information technology – Security techniques –Evaluation criteria for IT security – Part 1- Part 3”.

3. International standard ISO/IEC 17799:1999, “Information technology – Code of practice for information security management”.

4. S. Lydyn. Penetration testing with Rapid7 Metasploit:- https://www.antimalware.ru/practice/methods/penetration-testing-using-rapid7-metasploit

5. Zakharov, A. P. Methodology for assessing information security of a protection profile / A. P. Zakharov. – http://beda.stup.ac.ru/rv-conf/.

6. Dimov E.M. Information security management of a corporation using risk and expected utility criteria, Maslov ON, Rakov A.S .; Information Technology. 2016. Vol. 22. No. 8. P. 620-627.

7. Development of methods and algorithms for testing the operation of an enterprise from the point of view of information security of its operation. Ostroukh E.N., Chernyshev Yu.O., Mukhtarov S.A., Bogdanova N.Y .; Engineering herald Don. 2016. V. 41. No. 2 (41). S. 31.

8. Borisov V.V. Fuzzy models and networks. / V.V. Borisov, V.V. Kruglov, A.S. Fedulov. - M: Hotline - Telecom, 2007. - 284 p

Tokarev Vyacheslav Leonidovich
Doctor of Technical Sciences, Professor
Email: tokarev22@yandex.ru

Tula State University

Tula, Russian Federation

Sychugov Aleksey Alekseevich
Candidate of Technical Sciences, Associate Professor
Email: xru2003@list.ru

Tula State University

Tula, Russian Federation

Keywords: information security, access security, estimation, fuzzy sets

For citation: Tokarev V.L., Sychugov A.A. METHOD OF AUDITING THE PROTECTION OF AUTOMATED SYSTEMS. Modeling, Optimization and Information Technology. 2019;7(1). URL: https://moit.vivt.ru/wp-content/uploads/2019/01/TokarevSychugov_1_19_1.pdf DOI: 10.26102/2310-6018/2019.24.1.036 (In Russ).

758

Full text in PDF

Published 31.03.2019