The concept of assessing the risks of cybersecurity of the information system of the critical infrastructure object

IF 0.2 Q4 ENGINEERING, ELECTRICAL & ELECTRONIC Visnyk NTUU KPI Seriia-Radiotekhnika Radioaparatobuduvannia Pub Date : 2022-06-24 DOI:10.30837/rt.2022.2.209.12
I. Gorbenko, О.A. Zamula, Yu. S. Osipenko
{"title":"The concept of assessing the risks of cybersecurity of the information system of the critical infrastructure object","authors":"I. Gorbenko, О.A. Zamula, Yu. S. Osipenko","doi":"10.30837/rt.2022.2.209.12","DOIUrl":null,"url":null,"abstract":"Ensuring cyber and information security for critical infrastructure is achieved through the implementation of an appropriate set of information security management measures, which can be provided in the form of software policies, methods, procedures, organizational structures and functions. Information security requirements are determined, in particular, by systematic risk assessment of information security, which can be one of the elements of the predicted approach to identifying hazards in the provision of services to service participants in the information interaction of the information system. The paper presents conceptual provisions for assessing and managing cybersecurity risks of the critical infrastructure information system. The proposed concept involves the definition of: areas of security threats to the information system; involved information assets and calculation of their value; assessment of the probability of attacks on the information system; assessment of the probability of success of attacks on the information system and more. Risk assessment methods are proposed that take into account the probability of success of an attack and the probability of an attack occurring, which makes it possible to eliminate the shortcomings inherent in known approaches and provide more accurate identification of attack methods associated with the attacker's behavior. The concept of cybersecurity risk assessment and the methodology for analyzing and assessing security threats that are presented in the work correspond to approaches to building risk-oriented information security management systems and can become the basis for developing an information security system in the information system of a critical infrastructure object.","PeriodicalId":41675,"journal":{"name":"Visnyk NTUU KPI Seriia-Radiotekhnika Radioaparatobuduvannia","volume":null,"pages":null},"PeriodicalIF":0.2000,"publicationDate":"2022-06-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Visnyk NTUU KPI Seriia-Radiotekhnika Radioaparatobuduvannia","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.30837/rt.2022.2.209.12","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"ENGINEERING, ELECTRICAL & ELECTRONIC","Score":null,"Total":0}
引用次数: 0

Abstract

Ensuring cyber and information security for critical infrastructure is achieved through the implementation of an appropriate set of information security management measures, which can be provided in the form of software policies, methods, procedures, organizational structures and functions. Information security requirements are determined, in particular, by systematic risk assessment of information security, which can be one of the elements of the predicted approach to identifying hazards in the provision of services to service participants in the information interaction of the information system. The paper presents conceptual provisions for assessing and managing cybersecurity risks of the critical infrastructure information system. The proposed concept involves the definition of: areas of security threats to the information system; involved information assets and calculation of their value; assessment of the probability of attacks on the information system; assessment of the probability of success of attacks on the information system and more. Risk assessment methods are proposed that take into account the probability of success of an attack and the probability of an attack occurring, which makes it possible to eliminate the shortcomings inherent in known approaches and provide more accurate identification of attack methods associated with the attacker's behavior. The concept of cybersecurity risk assessment and the methodology for analyzing and assessing security threats that are presented in the work correspond to approaches to building risk-oriented information security management systems and can become the basis for developing an information security system in the information system of a critical infrastructure object.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
关键基础设施对象信息系统网络安全风险评估的概念
通过实施一套适当的信息安全管理措施,确保关键基础设施的网络和信息安全,这些措施可以以软件政策、方法、程序、组织结构和功能的形式提供。信息安全需求是通过系统的信息安全风险评估来确定的,这可以是预测方法的一个要素,用于识别在信息系统的信息交互中向服务参与者提供服务时的危害。本文提出了评估和管理关键基础设施信息系统网络安全风险的概念性规定。拟议的概念涉及以下方面的定义:对信息系统构成安全威胁的领域;涉及的信息资产及其价值计算;信息系统遭受攻击的可能性评估;评估信息系统攻击成功的概率等。提出了考虑攻击成功概率和攻击发生概率的风险评估方法,这使得有可能消除已知方法固有的缺点,并提供更准确的识别与攻击者行为相关的攻击方法。工作中提出的网络安全风险评估的概念和分析评估安全威胁的方法与构建面向风险的信息安全管理系统的方法相对应,可以成为关键基础设施对象信息系统中开发信息安全系统的基础。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
Visnyk NTUU KPI Seriia-Radiotekhnika Radioaparatobuduvannia
Visnyk NTUU KPI Seriia-Radiotekhnika Radioaparatobuduvannia ENGINEERING, ELECTRICAL & ELECTRONIC-
自引率
33.30%
发文量
0
期刊最新文献
Combined heat conductive boards with polyimide dielectrics Synthesis and analysis of the trace detector of air objects of an interrogating radar system Creating a call center test bench for load balancing Asterisk servers in a cluster Current state and development trends of class E oscillators: an overview Experimental studies of a lidar emitter built according to the oscillator-amplifier scheme
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1