Russian Federation
The article is devoted to the issue of requirements fulfillment aimed at ensuring information security in an organization. The main contradiction of the subject area concerned is pointed out, which consists in the presence of a huge number of different variants of requirements fulfillment in the absence of a possibility to choose their correct and optimal order. The task of requirements ranking is set and the idea of the proposed solution is described in the form of seven provisions aimed at coordinated recording of heterogeneous requirements in a single notation, and an intuitive scheme of the idea is synthesized (with all seven provisions indicated on it). To represent the idea, the following entities are introduced: an object-organization and its elements to which requirements are imposed; generalized conditions for satisfying requirements that do not depend on the specifics of the organization; variations of sets of conditions that take into account a particular organization; basic conditions that check the presence/absence of elements of the object and the values of their parameters; algorithms of activities in the organization to satisfy the conditions; priorities of requirements and resources needed by the algorithms. It is concluded that such formalization will lead organically to the algorithmic solution of the ranking problem and, eventually, to automation. The most suitable automated ways of solving the problem of ranking information security requirements – algorithmic application of combinatorial optimization and machine learning methods – are specified. Their high efficiency in comparison with «manual» methods used in modern information protection practice is predicted. The novelty, theoretical and practical significance of the obtained results are noted, as well as the prospect of further research – the construction of an analytical model of requirements fulfillment, which could be the basis of an appropriate method, followed by its program implementation and conducting of necessary experiments.
information security, requirements, ranking, formalization, automation
1. Cifrovye tekhnologii i problemy informacionnoj bezopasnosti / T.I. Abdullin [i dr.]: monografiya. SPb.: SPGEU, 2021. 163 s.
2. Zashchita informacii v komp'yuternyh sistemah / M.V. Bujnevich [i dr.]: monografiya. SPb.: SPGEU, 2017. 163 s.
3. Ghadeer D., Jaafar H., Vorobeva A.A. Security in kubernetes: best practices and security analysis // Journal of the Ural Federal District. Information Security. 2022. № 2 (44). S. 63-69.
4. Bujnevich M.V., Pokusov V.V., Izrailov K.E. Effekty vzaimodejstviya obespechivayushchih sluzhb predpriyatiya informacionnogo servisa (na primere sluzhby pozharnoj bezopasnosti) // Nauch.-analit. zhurn. «Vestnik S.-Peterb. un-ta GPS MCHS Rossii». 2018. № 4. S. 48-55.
5. Osnovnye principy proektirovaniya arhitektury sovremennyh sistem zashchity / M.V. Bujnevich [i dr.] // Nacional'naya bezopasnost' i strategicheskoe planirovanie. 2020. № 3 (31). S. 51-58. DOI:https://doi.org/10.37468/2307-1400-2020-3-51-58. EDN VPRMIB.
6. Maksimova E.A. Metody vyyavleniya i identifikacii istochnikov destruktivnyh vozdejstvij infrastrukturnogo geneza // Elektronnyj setevoj politematicheskij zhurnal «Nauchnye trudy KubGTU». 2022. № 2. S. 86-99.
7. Izrailov K.E., Bujnevich M.V. Metod obnaruzheniya atak razlichnogo geneza na slozhnye ob"ekty na osnove informacii sostoyaniya. CHast' 1. Predposylki i skhema // Voprosy kiberbezopasnosti. 2023. № 3 (55). S. 90-100. DOI:https://doi.org/10.21681/2311-3456-2023-3-90-100. 8. Izrailov K.E., Bujnevich M.V. Metod obnaruzheniya atak razlichnogo geneza na slozhnye ob"ekty na osnove informacii sostoyaniya. Chast' 2. Algoritm, model' i eksperiment // Voprosy kiberbezopasnosti. 2023. № 4 (56). S. 80-93. DOI:https://doi.org/10.21681/2311-3456-2023-4-80-93.
8. Izrailov K.E., Buynevich M.V. Metod obnaruzheniya atak razlichnogo geneza na slozhnye ob'ekty na osnove informacii sostoyaniya. Chast' 2. Algoritm, model' i eksperiment // Voprosy kiberbezopasnosti. 2023. № 4 (56). S. 80-93. DOI:https://doi.org/10.21681/2311-3456-2023-4-80-93.
9. Yaroshenko A.Yu. Formirovanie trebovanij k organizaciyam dlya protivodejstviya atakam na informacionnye resursy metodami social'noj inzhenerii // Aktual'nye problemy infotelekommunikacij v nauke i obrazovanii: sb. nauch. statej X Mezhdunar. nauch.-tekhn. i nauch.-metod. konf. SPb., 2021. T. 2. S. 452-456.
10. Yaroshenko A.Yu. Ranzhirovanie trebovanij informacionnoj bezopasnosti dlya vysokoprioritetnyh ob"ektov organizacionnoj sistemy zashchity // Informatizaciya i svyaz'. 2022. № 5. S. 30-41.
11. Yaroshenko A.Yu. Predposylki k neobhodimosti nepreryvnogo ranzhirovaniya trebovanij pozharnoj bezopasnosti // Nacional'naya bezopasnost' i strategicheskoe planirovanie. 2021. № 3 (35). S. 100-105. DOI:https://doi.org/10.37468/2307-1400-2021-3-100-105. EDN LQIIKJ.
12. Bujnevich M.V., Ahunova D.G., Yaroshenko A.Yu. Kompleksnyj metod resheniya tipovoj zadachi risk-menedzhmenta v infologicheskoj srede (na primere ranzhirovaniya trebovanij pozharnoj bezopasnosti). Chast' 1 // Nauch.-analit. zhurn. «Vestnik S.-Peterb. un-ta GPS MCHS Rossii». 2020. № 3. S. 88-99.
13. Bujnevich M.V., Ahunova D.G., Yaroshenko A.Yu. Kompleksnyj metod resheniya tipovoj zadachi risk-menedzhmenta v infologicheskoj srede (na primere ranzhirovaniya trebovanij pozharnoj bezopasnosti). CHast' 2 // Nauch.-analit. zhurn. «Vestnik S.-Peterb. un-ta GPS MCHS Rossii». 2020. № 4. S. 78-89.
14. Lesyuk E.A., Urkineev A.V. Model' organizacii tekhnicheskogo obsluzhivaniya raspredelennyh elementov slozhnogo tekhnicheskogo ob"ekta // Kachestvo. Innovacii. Obrazovanie. 2016. № 7 (134). S. 39-43.
15. Trebovaniya k elektrooborudovaniyu, prednaznachennogo dlya raboty v usloviyah Arktiki / A.V. Krymov [i dr.] // Arktika: innovacionnye tekhnologii, kadry, turizm. 2020. № 1 (2). S. 414-419.
16. Soshnikov A.V. Vybor racional'noj ocherednosti vypolneniya rabot na tekhnologicheskoj ustanovke s uchetom trebovaniya po sokrashcheniyu vremeni perenaladok // Nauka i biznes: puti razvitiya. 2020. № 1 (103). S. 55-59.
17. Kulikov E.V., Benamghar A., Skomorohov G.I. Sistemnaya formalizaciya strukturno-parametricheskogo opisaniya funkcional'nogo centra tekhnicheskih sistem // Komp'yuternye tekhnologii avtomatizirovannogo proektirovaniya sistem mashinostroeniya i aerokosmicheskoj tekhniki: trudy Ros. konf., posvyashch. 105-letiyu so dnya rozhdeniya osnovatelya KBHA S.A. Kosberga. Voronezh, 2008. S. 203-207.
18. Razrabotka algoritma vypolneniya trebovanij po kvotirovaniyu vybrosov zagryaznyayushchih veshchestv v atmosfernyj vozduh / O.A. Kiseleva [i dr.] // Energetik. 2023. № 3. S. 39-41.
19. Analiz trebovanij k sovremennym sistemam bezopasnosti i sistemam pozharnoj bezopasnosti zashchishchaemyh ob"ektov / A.S. Krivoborodov [i dr.] // Pozharnaya bezopasnost': problemy i perspektivy. 2018. T. 1. № 9. S. 477-479.
20. Brykova E.I. Osnovnye principy postroeniya bezopasnyh operacionnyh sistem // Vestnik Astrahanskogo gosudarstvennogo tekhnicheskogo universiteta. Ser.: Upravlenie, vychislitel'naya tekhnika i informatika. 2013. № 2. S. 52-57.
21. Levin M.Sh. O rekonfiguracii reshenij v kombinatornoj optimizacii // Informacionnye processy. 2016. T. 16. № 4. S. 414-429.
22. Bolotin S.A., Nefedova V.K. Kombinatornaya optimizaciya v programmah upravleniya proektami // Izvestiya vysshih uchebnyh zavedenij. Stroitel'stvo. 2003. № 6 (534). S. 47-51.
23. Izrailov K.E., Yaroshenko A.Yu. Issledovanie vozmozhnostej mashinnogo obucheniya dlya avtomaticheskogo ranzhirovaniya uyazvimostej po ih tekstovomu opisaniyu // Aktual'nye problemy infotelekommunikacij v nauke i obrazovanii (APINO 2023): sb. nauch. statej XII Mezhdunar. nauch.-tekhn. i nauch.-metod. konf. SPb., 2023. T. 1. S. 586-590.
24. Izrailov K.E. Koncepciya geneticheskoj dekompilyacii mashinnogo koda telekommunikacionnyh ustrojstv // Trudy uchebnyh zavedenij svyazi. 2021. T. 7. № 4. S. 10-17. DOI:https://doi.org/10.31854/1813-324X-2021-7-4-95-109.
25. Identifying characteristics of software vulnerabilities by their textual description using machine learning / K.E. Izrailov [et al.]: World Automation Congress. Taiwan, Taipei 2021. P. 186-192. DOI:https://doi.org/10.23919/WAC50355.2021.9559470.
26. Kotenko I., Izrailov K., Buinevich M. Static Analysis of Information Systems for IoT Cyber Security: A Survey of Machine Learning Approaches // Sensors. 2022. Vol. 22. Iss. 4. P. 1335. DOI:https://doi.org/10.3390/s22041335.