REGULATORY AND LEGAL INSTRUMENTS` PROBLEMATIC ISSUES AND AUTHOR'S TECHNIQUE FOR ACTUALIZATION OF INFORMATION AND CYBER SECURITY THREATS
Abstract and keywords
Abstract (English):
The work is devoted to solving the problem of information and cyber security threats actualization to EMERCOM of Russia information infrastructure, information systems and resources. It has been demonstrated that the conditions under which it is solve in the present day differ from those of a «static» and unambiguously regulated system. This has resulted in the emergence of a number of regulatory and legal instruments` problematic issues and has consequently elevated it to the rank of a complex scientific and technical task. It has been demonstrated that the Regulator has altered the basis for the systematization of information security threats. This led to a reduction in the power of their set from 222 to 11 and inspired an innovative approach to developing an authoring technique for threat actualization. Its steps are outlined: 1) preparation of an expert questionnaire in the notation of the Regulator's threat database; 2) interviewing the experts and filling in the questionnaire in electronic form; 3) compiling the interview results into a table, the objective of which is to summarize the frequency with which each of the 171 ways of realizing threats was applied; 4) correlation of «actual» ways with potentially realizable threats and summating of how often each way is used; 5) construction of a histogram of the information and cyber security threat assessment of EMERCOM of Russia information infrastructure, information systems and resources for all 11 threats. Conclusions are drawn regarding the novelty and practical significance of the results obtained, as well as directions for further research.

Keywords:
information and cyber security, threats to information security, threat realization ways, Regulator's threat database, threat actualization technique, ranking
Text
Text (PDF): Read Download
References

1. Metodika ocenki ugroz bezopasnosti informacii: metod. dokument (utv. FSTEK Rossii 5 fevr. 2021 g.). Dostup iz sprav.-pravovogo portala «Garant».

2. Bujnevich M.V., Izrailov K.E., Pokusov V.V. Model' ugroz informacionno-tekhnicheskogo vzaimodejstviya v integrirovannoj sisteme zashchity informacii // Informatizaciya i svyaz'. 2021. № 4. S. 66–73. DOI:https://doi.org/10.34219/2078-8320-2021-12-4-66-73.

3. Pokusov V.V. Analiticheskaya model' ugroz mezhmodul'nogo vzaimodejstviya v sisteme zashchity informacii // Informatizaciya i svyaz'. 2023. № 3. S. 76–84. DOI:https://doi.org/10.34219/2078-8320-2023-14-3-76-84.

4. Bujnevich M.V., Moiseenko G.Yu. Kombinirovanie raznorodnyh destruktivnyh vozdejstvij na informacionnuyu sistemu i protivodejstvie atakam (na primere insajderskoj deyatel'nosti i DDoS-ataki) // Informacionnye tekhnologii i telekommunikacii. 2023. T. 11. № 3. S. 27‒36. DOI:https://doi.org/10.31854/2307-1303-2023-11-3-27-36.

5. Bujnevich M.V., Vlasov D.S., Moiseenko G.Yu. Kombinirovanie sposobov vyyavleniya insajderov bol'shih informacionnyh sistem // Voprosy kiberbezopasnosti. 2024. № 3 (61). S. 2–13. DOI:https://doi.org/10.21681/2311-3456-2024-3-2-13.

6. Bujnevich M.V., Moiseenko G.Yu. Povyshenie «ustojchivosti» reglamentov deyatel'nosti kak sposob protivodejstviya neumyshlennomu insajdingu // Voprosy kiberbezopasnosti. 2024. № 6 (64). S. 108–116. DOI:https://doi.org/10.21681/2311-3456-2024-6-108-116.

7. Trebovaniyah k segmentu informacionnoj sistemy «Sistema elektronnogo dokumentooborota MCHS Rossii» (vydan FGBU «Informacionno-analiticheskij centr MCHS Rossii» 16.06.2020 g.; licenziat – OOO Centr zashchity informacii «Egida» (licenziya FSTEK Rossii № 2712 ot 30 sent. 2015 g.). Dostup iz sprav.-pravovogo portala «Garant».

8. Metodika opredeleniya aktual'nyh ugroz bezopasnosti personal'nyh dannyh pri ih obrabotke v informacionnyh sistemah personal'nyh dannyh» (utv. FSTEK Rossii 14 fevr. 2008 g.). Dostup iz sprav.-pravovogo portala «Garant».

Login or Create
* Forgot password?