St. Petersburg, Russian Federation
Russian Federation
Russian Federation
UDK 004.056 Безопасность, защищённость данных
The work is devoted to the study of interrelations between the characteristics of an information system, threats to its information security and consequences of their realization. For this purpose, the author's approach in textual and analytical form is proposed, which consists in the allocation of a unified terminological base of the subject area and consists of the following steps: analysis of the textual names of threats from the database; their division into words; their normalization and selection of keywords (i.e. reflecting the essence); identification of keywords with the properties of the information system; collection of statistics on the occurrence of keywords in the names of threats leading to violations (separately) of confidentiality, integrity and availability of information. The developed software prototype is described, which automates this approach for the «Information Security Threats Database» of Federal service for technical and expert control of Russia and produces the result in the form of three lists of consequences according to information security violations, ranked by the number of words in the corresponding threats. The top 10 most «dangerous» properties of the information system for each of the lists are analyzed and the corresponding conclusions are drawn. The main scientific result is an approach to the study of interrelations between entities of the subject area on the example of information security threats and the realization of their consequences for individual properties of an abstract information system. The novelty of the result consists in the complete absence of subjective expert opinion at the stage of analyzing the description of information security threats and obtaining interrelations. The theoretical significance consists in translating the approach to a formalized level and establishing the possibility of its application to other entities, and the practical significance consists in obtaining a prototype that allows to formally identify the most «dangerous» properties of an information system from the position of various consequences of information security threats associated with them, thus indicating its most critical parts.
information security, information system, threat, Information Security Threat Data Bank of Federal service for technical and expert control of Russia, statistics, software prototype
1. Taran A.A.V. Prichiny poyavleniya i rasprostraneniya novyh form informacionnyh ugroz v obshchestve // Voprosy gumanitarnyh nauk. 2009. № 3 (41). S. 273-276.
2. Informacionnye ugrozy kommunikativnogo haraktera / E.A. Eremina [i dr.] // Psihologo-pedagogicheskij zhurnal Gaudeamus. 2012. T. 2. № 20. S. 124-125.
3. Karatunova N.G. Informacionnye ugrozy v programmnom obespechenii // Ekonomika. Pravo. Pechat'. Vestnik KSEI. 2016. № 2-3 (70-71). S. 155-159.
4. Petrov S.N., Pulko T.A. Analiz baz obshcheizvestnyh uyazvimostej informacionnoj bezopasnosti // Upravlenie informacionnymi resursami: materialy XIX Mezhdunar. nauch.-prakt. konf. Minsk, 2023. S. 251-252.
5. Akinshin A.A., Lyapicheva N.G., Il'menskij M.D. Analiz bazy ugroz v sfere informacionnoj bezopasnosti na primere Banka ugroz FSTEK Rossii // Vestnik CEMI. 2022. T. 5. № 4. DOI:https://doi.org/10.33276/S265838870022995-7.
6. Tret'yakov O.P. Konceptual'naya model' adaptivnoj zashchity informacii ot nesankcionirovannogo dostupa // Programmnye produkty i sistemy. 2009. № 3. S. 45.
7. Izrailov K.E., Pokusov V.V. Sozdanie programmnoj ob"ektno-orientirovannoj platformy dlya razrabotki UEFI modulej // Aktual'nye problemy infotelekommunikacij v nauke i obrazovanii (APINO 2021): sb. nauch. statej X Mezhdunar. nauch.-tekhn. i nauch.-metod. konf. SPb., 2021. T. 2. S. 246-250.
8. Porhun A.O., Gamayunov D.Yu. Fil'try obrabotki vhodnyh dannyh kak istochniki uyazvimostej v Veb-prilozheniyah // Problemy informacionnoj bezopasnosti. Komp'yuternye sistemy. 2015. № 4. S. 59-63.