Pavel Zaporotskov,Rosreestr for Volgograd Region,

DOI: https://doi.org/10.15688/nbit.jvolsu.2020.4.3

2021-03-01

NBI Technologies

Abstract:Information processes, as well as information resources, manage information of varying degrees of importance for the enterprise. In this regard, the protection of such information is one of the most important procedures in the field of state security, the importance of which is growing every year. The problem of information security – the reliable provision of its safety and the established status of use – is one of the most important problems of our time. The paper considers the existing standards in the field of information security audit. The author has developed an innovative model of audit of the information security system based on the comparison of demand measures of order no. 21 of the FSTEC of Russia and ways of implementation in the subsystem of the information system of personal data protection, the recommendations for inspections of specific measures of protection and used technology audit technical means. The developed method is tested on the example of conducting an audit in “Lama” LLC company. The choice was made to establish the compliance of the organization’s personal data protection system with the requirements of order no. 21 of the FSTEC of Russia. Recommendations have been developed to eliminate the existing shortcomings and inconsistencies by re-equipping the anti-virus protection subsystem and the subsystem of inter-network shielding and protection of communication channels.

L. Kashirskaya,Yu. Zurnadzh'yanc

DOI: https://doi.org/10.12737/1998-0701-2022-8-1-21-31

2022-02-04

Auditor

Abstract:Th e article is devoted to the study of information security audit objects, which include information stored and processed at the enterprise; information resources on which information is stored; information channels through which information is transmitted; soft ware used to process information; legal and technical documentation on hardware and soft ware and means of physical protection of information, as well as the characteristics of the stages of the audit of such objects. Th e article concludes that in view of the continuous and dynamic development of information objects in companies, there is a need to group such objects and form, on its basis, the main elements of information security audit.

Yuriy Yakymenko,Dmytro Rabchun,Tetyana Muzhanova,Mykhailo Zaporozhchenko,Yurii Shchavinskyі

DOI: https://doi.org/10.28925/2663-4023.2023.20.4561

2023-01-01

Abstract:The content of the audit and vulnerability testing of the information and telecommunication system (ITS) of any enterprise is considered. Based on the results of the information security audit, the overall security of the company's ITS is assessed. It is proposed to assess the security of IT using penetration testing in the following areas: penetration testing from outside and inside the information infrastructure, social engineering testing of the company's personnel and testing for resistance to DDoS attacks; assessment of the security of the mobile application, web resource and wireless networks. The proposed general algorithm for IT infrastructure penetration testing (analysis of vulnerabilities and security of information resources) in the form of stages: initialization, passive and active intelligence, operation and post-exploitation, systematization and presentation of the results of security assessment, risk and vulnerability assessment, recommendations regarding them elimination. In stages all operations are carried out without causing real damage to the ITS. The purpose of a technical audit is shown, which covers the components of the ITS and can be considered as an independent examination or a procedure for their investigation in order to assess the condition and identify reserves. Technical audit as a result of checking the software and technical part of the resource provides an opportunity to form a list of key problems and get comprehensive recommendations for their elimination. It is noted that in accordance with modern requirements, technical audit can be used as an audit in the form of remote technical support, and information security audit can be considered as a variant of technical audit. Conducting an information security audit includes: analysis of risks associated with the possibility of information security threats to resources; assessment of the current level of ITS security; localization of "bottlenecks" in the ITS protection system; assessment of ITS compliance with existing standards in the field of security; providing recommendations on the implementation of new and improving the effectiveness of existing ITS security mechanisms. The content of the detailed report of the technical audit of the enterprise's ITS security has been revealed.

Nataliya Kuznetsova,Tatyana Karlova,Aleksandr Bekmeshov

DOI: https://doi.org/10.30987/2658-6436-2023-3-13-22

2023-09-30

Automation and modeling in design and management

Abstract:The aim of the scientific work is to create a methodology for designing an auxiliary automated management decision making system based on analysing information security level of intellectual resources of a large industrial enterprise. The methodology is based on the principle of comprehensive information security. The article is devoted to solving the problem of creating a convenient auxiliary tool for auditing information security events. The novelty of the work is the proposed creative concept of using the maximum amount of data on information security events to make a management decision (including a personnel management decision). The study results are recommendations for building an auxiliary automated system for auditing and analysing the information security level of intellectual resources of a large industrial enterprise.

L. Budnyk,I. Blazhei,O. Ronska

DOI: https://doi.org/10.33108/galicianvisnyk_tntu2021.04.077

2021-01-01

Abstract:Effective management of the enterprise financial and economic activities is based primarily on the application of a set of relevant and reliable data concerning its financial status, provided by internal audit procedures. The factors arising interest in internal audit, such as: streamlining business processes; the need to obtain independent and objective information on the state of affairs; ensuring the economic security of the company are identified in this paper. In order to substantiate the tasks of internal audit for ensuring the economic security of the enterprise, the main sources of threats and objects of protection investigated in the process of internal audit are defined. It is substantiated that one of the important tendencies in the development of internal audit is the increase of its level from the tester of control procedures to the analyst of the most important risks. The functions of internal audit in ensuring the security of the company are analyzed. They include: assessment of the economic security system as a whole and providing information to the board of directors and senior management; participation in the implementation of the enterprise security process procedures. A new and important direction for internal audit development – audit of corporate culture is defined. The main tasks of internal audit in this area are to assess how effective measures are provided in the company for the purposeful formation of corporate culture; how the existing level of corporate culture is assessed. Recommendations for the organization of internal audit are given, the following three main approaches are highlighted: creation of own internal audit service; use of services of outsourcing companies; co-sourcing – the division of functions for internal audit in the company between its own service and the involvement of external experts in solving certain tasks. It is proved that the need to introduce internal audit meets the requirements of economic security of the enterprise, information and management needs of economic entities, the specific facts of the internal audit. It is substantiated that internal audit is an integral part of quality control of enterprise management processes and a component of general audit, organized in the interests of owners and regulated by regulations on compliance with the established order of economic activity, property protection and economic security.

OLGA MOROZOVA,ARTEM TETSKYI,ANDRII NICHEPORUK,DENUS KRUVAK,VITALII TKACHOV

DOI: https://doi.org/10.31891/csit-2021-5-11

2022-04-14

Computer Systems and Information Technologies

Abstract:The concept of the Internet of Things became the basis of the fourth industrial revolution, which allowed to transfer the processes of automation to a new saber. As a result, automation systems, such as smart homes, healthcare systems and car control systems, have become widespread. The developers of such systems primarily focus their efforts on the functional component, leaving safety issues in the background. However, when designing and operating IoT systems, it is equally important to assess potential bottlenecks and develop complete and comprehensive strategies to mitigate and eliminate the negative effects of cyberattacks. The purpose of this study is to identify possible cyber threats and assess their impact on critical information objects in the smart home system. To achieve this goal, the three-level architecture of the smart home system is considered and a review of known cyber threats for each level is conducted. The critical information objects in the smart home system are the containers in which the information objects are stored, the risk assessment criteria and the cyber threat scenarios. The information security risks of the smart home system were assessed using the OCTAVE Allegro methodology for the information object that presents the information collected by the smart home sensors.

Oleksandr Khrapkin,

DOI: https://doi.org/10.25140/2411-5215-2023-4(36)-86-94

2023-01-01

Abstract:The article deals with the peculiarities of ensuring strategic management of information security of modern enterprises. Nowadays, information security systems are designed to ensure the full function-ing of an enterprise's information infrastructure using various types of information services, automation of financial and production activities, as well as its business processes.The basic provisions of information security are formalized and enshrined in the Information Security Strategy of Ukraine. Other regulatory documents and standards of enterprises must comply with the laws and regulatory framework of Ukraine, international law, industry standards and EU and NATO directives.The article considers the need to form an information security management system, which is caused by the existence of internal and external threats, their destructive consequences for the activities and image of an enterprise. The tasks of information security are analyzed: data confidentiality, integ-rity, availability, ensuring the reliability of information, ensuring the legal significance of information, ensuring the untraceability of user actions. Information security management involves identifying po-tential risks to an enterprise, assessing the potential impact, developing and implementing strategies to eliminate problems designed to minimize risks with the available resources.The main stages of developing an information security policy are identified: complete registration of all information resources that require protection; formation of a list of possible threats to each re-source from the list; assessment of the probability of occurrence of each threat; application of actions for the effective protection of each resource. The basic principles of an information security management system for an enterprise are outlined: ease of use, full control, open architecture, access limits, least privileges, sufficient stability, and minimization of duplication. It is also about storing and processing significant amounts of information of varying degrees of confidentiality, so the issue of protecting im-portant enterprise information data from various internal and external threats is relevant

Olga V. Mamatelashvili,Nafisa M. Kuchukova

DOI: https://doi.org/10.1063/5.0106102

2022-11-02

AIP Conference Proceedings

Abstract:Currently, an effective internal control system is needed to ensure economic security and achieve the company's goals. The purpose of the article is to study the development and transformation of the company's internal control system in the new conditions, the distinctive feature of which is the use of digital tools and platforms. The scientific novelty of this article is determined by the formation of theoretical generalizations and the presentation of practical-oriented recommendations regarding the vector of the modern development of the company's internal control system, taking into account the requirements of the digital economy, from the target position of ensuring sustainable development and economic security. The study hypothesis is based on the statement that the digital transformation of the company's internal control system avoids many risk factors, including those associated with its employees, as well as building a comprehensive system to ensure the company's economic security based on the construction of an effective internal audit and control metamodel as an integral part of the management system. The article considers approaches to the further development of the internal audit and control system, based on the application of international standards and methodologies, taking into account the experience of building control systems in Russia.

O I Bokova,O M Bulgakov,A S Etepnev,E A Rogozin

DOI: https://doi.org/10.1088/1742-6596/1479/1/012022

2020-03-01

Journal of Physics: Conference Series

Abstract:Abstract The article completes the cycle the articles by the authors assessing reliability of information security systems from the unauthorized access to automated systems. In includes previously unpublished materials. The article discloses main directions to improve methods and procedures for assessing reliability of the information security systems from the unauthorized access to automated systems. There is modification of the traditional static method to assess the functional reliability of the information security systems from the unauthorized access to investigate their operation in the dynamic (real) functioning mode and to quantify reliability of the information security systems, including development of adequate indicators, models and algorithms. Main stages and procedures for forming the reliability assessment method were developed as a technological scheme with demonstration of the main stages to implement the proposed methods in the current normative-technical documentation.

A. Bochkarev,E. Malyshev,,

DOI: https://doi.org/10.21209/2227-9245-2022-28-10-91-99

2022-01-01

Transbaikal State University Journal

Abstract:The special importance of ICT in the management of industrial enterprises is manifested in the demand of the management process, in particular in identifying factors that affect the efficiency of economic activity and their assessment. The object of the research is an industrial enterprise as an organizational system. The subject of the research is the methods of improving the information management system of an industrial enterprise. The purpose of the research is to improve the information management system of an industrial enterprise based on the analysis of key parameters of the information support of an industrial enterprise (ISIE) management subsystems. The following tasks have been identified and solved in order to achieve the set research goal: in the process of analyzing scientific approaches to identify the specifics and shortcomings of existing solutions in the areas of information management of industrial enterprises; evaluate the ISIE management system according to the proposed criteria on the basis of the author's DETA matrix systematizing the evaluation factors of the information support management system of an industrial enterprise; to develop a method for assessing the compliance of performance criteria with key parameters of information management subsystems of an industrial enterprise (factors of the organization of the information support system of an industrial enterprise). Research methodology. At the same time, for domestic industrial enterprises, taking into account difficult economic conditions, it is necessary to organize an effective management process in achieving financial, economic and production indicators, which, in turn, raises the responsibility and competence level of functional managers associated with the constant receipt of information coming from both external channels and internal sources. To characterize the modern information environment of an industrial enterprise, we will analyze the use of ICT in the Russian Federation, the Volga Federal District and the Perm Region. In this regard, we consider it relevant and necessary to develop methodological and practical aspects of IOPP in the direction of: development of evaluation tools; application of factor analysis of the organization of the information support of the enterprise; creating a concept and building models of the organization of enterprise processes.

Igor Kotenko,Igor Saenko,Roman Zakharchenko,Dmitry Velichko,,,,

DOI: https://doi.org/10.21681/2311-3456-2023-1-13-27

2023-01-01

Voprosy kiberbezopasnosti

Abstract:The purpose of the article: conducting a system analysis of the requirements for the subsystem for preventing computer attacks on critical information infrastructure in order to substantiate the directions for further improved scientific and methodological apparatus for the full functioning of the subsystem for preventing computer attacks. Research method: theoretical and systematic analysis of the requirements of legal acts, scientific publications, protection technologies and means of their implementation in departmental systems for detecting and counteringcomputer attacks.The result obtained: the rationale for the need to build mechanisms for preventing computer attacks on critical information infrastructure objects and the requirements for the subsystem for preventing computer attacks was carried out, an approach was proposed to prevent computer attacks at the stages of reconnaissance by an attacker of critical information infrastructure objects, based on the introduction of a security event correlation mechanism with automatic adaptation to the analyzed information infrastructure and the functions it performs at the current time and a detailed specification of the correlation rules.Scope of the proposed approach: a subsystem for preventing computer attacks of departmental systems for detecting and countering computer attacks, which should identify and prevent attempts to conduct computer attacks on critical information infrastructure objects in advance.The scientific novelty consists in a comprehensive analysis of the need to build mechanisms for preventing computer attacks on critical information infrastructure objects, an analysis of the requirements for the computer attack prevention subsystem, its functions and means of implementation. It is shown that the functions of preventing computer attacks in domestic technical solutions are not fully implemented, and that there is a substitution of the concept of “subsystem for preventing computer attacks” by the concept of “control and technical measures”. It is substantiated that for the implementation of the functions of preventing computer attacks, there is a technological backlog in the form of a ready-made technology based on the technology for building SIEM systems. It is shown that there is a need to refine the scientific and methodological apparatus for implementing computer warning functions based on artificial intelligence methods and big data technologies.Contribution: Kotenko I.V. - analysis of the functionality of the subsystem for preventing computer attacks, setting the task and proposals for developing the functionality of the subsystem for preventing computer attacks on critical information infrastructure objects; Saenko I.B. - analysis of the subsystem for preventing computer attacks in the general context of the theory of information security, substantiation of the implementation of the functions of preventing computer attacks based on the technology of building SIEM systems and big data; Zakharchenko R.I. - analysis of technical solutions that ensure the implementation of the subsystem for preventing computer attacks, Velichko D.V. - an approach to detecting computer attacks at the stages of reconnaissance by an attacker of objects of critical information infrastructure. All authors participated in the writing of the article.

Oday Jasim Almaliki

DOI: https://doi.org/10.9756/iajafm/v10i1/iajafm1012

2023-06-07

International Academic Journal of Accounting and Financial Management

Abstract:This study aims to investigate the role played by information systems in enhancing the external audit procedures of financial institutions. Presumably, these systems can help improve the quality of audit reports by allowing financial professionals to access and analyze financial information. An online survey using a questionnaire prepared by the researcher was used to collect data for the study. The data was analyzed using statistical analytics software. SPSS24 The results of the study revealed that the availability of appropriate audit information systems (AIS) led to a significant improvement in certain aspects of the quality of the external auditor. According to external auditors, the important function of these systems in improving the quality of procedures is recognized by them. The results show how an automated identification system can help improve the external audit performance of Iraqi SMEs. It also shows that the various applications and elements of an automated identification system can significantly enhance the quality of the procedures used by these companies. These include planning and executing audits, risk assessments, and the use of computer software components. The importance of this study is due to the increasing number of changes in the way internal audit procedures are conducted, such as the use of computerized software. There has been a lack of studies on the role of accounting information systems (AIS) in this process.

Bassam Zahran,Adamu Hussaini,Aisha Ali-Gombe

DOI: https://doi.org/10.48550/arXiv.2302.09426

2023-02-19

Abstract:IoT is undoubtedly considered the future of the Internet. Many sectors are moving towards the use of these devices to aid better monitoring, controlling of the surrounding environment, and manufacturing processes. The Industrial Internet of things is a sub-domain of IoT and serves as enablers of the industry. IIoT is providing valuable services to Industrial Control Systems such as logistics, manufacturing, healthcare, industrial surveillance, and others. Although IIoT service-offering to ICS is tempting, it comes with greater risk. ICS systems are protected by isolation and creating an air-gap to separate their network from the outside world. While IIoT by definition is a device that has connection ability. This creates multiple points of entry to a closed system. In this study, we examine the first automated risk assessment system designed specifically to deal with the automated risk assessment and defining potential threats associated with IT/OT convergence based on OCTAVE Allegro- ISO/IEC 27030 Frameworks.

Cryptography and Security

A. Muratov,S. Khasanov,Оlga Purchina,Аnna Poluyan,Dmitry Fugarov

DOI: https://doi.org/10.1051/e3sconf/202337103066

2023-03-01

E3S Web of Conferences

Abstract:In the age of rapidly developing information technologies, when the process of informatization has long touched almost all aspects of human life, it is impossible to imagine a single company that would not use a computer network for its functioning. And also with the development of the software and hardware infrastructure of companies, security requirements are growing. But business development through the introduction of the Internet only increases the number of threats associated with the availability, integrity and confidentiality of information. The development of antivirus software, intrusion detection and prevention systems does not fundamentally change the statistics on the number of attacks on enterprises. The number and variety of attacks on information systems is growing every year, and financial losses from the introduction of computer viruses and unauthorized access to the system are growing proportionally. Artificial intelligence (AI) is present in all areas of our activities. Whether it is a household area or a commercial one. In this regard, the use of AI in the fields of information security is more often observed, which is a promising area of research. The article describes the ways of possible application of artificial intelligence methods in the field of information protection, and also proposes an algorithm for the system of information protection from abnormal requests. The use of an artificial immune algorithm makes it possible to increase the effectiveness of threat detection by comparison with existing analogues. A distinctive feature of these methods is the ability of these systems to solve multidimensional problems of enormous computational complexity in real time.

M. Shlaifer,Oleh Mykytyn,,

DOI: https://doi.org/10.23939/smeu2022.02.148

2022-12-27

Abstract:The study is aimed at researching ways to improve the information support of the management system using software. The authors determined that automation allows to reduce the time required to perform basic management functions, it is used for calculations and analysis, design, quality control, planning of all operational processes, hiring and accounting of employees, etc. An information system is a combination of technical, software and organizational support, as well as personnel, designed to provide the right people with the right information in a timely manner. To implement the automation system, you need functional software such as an OPS server, a control system service, a database server, a recipe editor, and SCADA. It has been proven that a modern automated management system should combine the maximum possible set of functions for managing all business processes of the enterprise. We determined that for the effective functioning of enterprise services, the following requirements are placed on the quality of information: сomplexity (the information should reflect all aspects of the service in relation to external conditions), promptness (receiving input information must occur simultaneously with the course of the process in the management system or coincide with the moment of its completion), systematicity (the necessary information should be provided as continuously as possible), reliability (information should be formed in the course of fairly accurate measurements). To improve the management information system in the organization, it was proposed to use such programs as AnyLogic, Aris, Business Studio, MS Visio. Their functionality was compared and the best system for automating the management system was determined. It was determined that, in our opinion, the software product Business Studio is the priority as a software tool in the direction of service support, because from the user's point of view it meets the necessary requirements. The advantages of this product are a free demo version, available reference materials and the availability of example models.

Abd Al Rahman M. Abu Ebayyeh,Alireza Mousavi

DOI: https://doi.org/10.1109/access.2020.3029127

IF: 3.9

2020-01-01

IEEE Access

Abstract:Electronics industry is one of the fastest evolving, innovative, and most competitive industries. In order to meet the high consumption demands on electronics components, quality standards of the products must be well-maintained. Automatic optical inspection (AOI) is one of the non-destructive techniques used in quality inspection of various products. This technique is considered robust and can replace human inspectors who are subjected to dull and fatigue in performing inspection tasks. A fully automated optical inspection system consists of hardware and software setups. Hardware setup include image sensor and illumination settings and is responsible to acquire the digital image, while the software part implements an inspection algorithm to extract the features of the acquired images and classify them into defected and non-defected based on the user requirements. A sorting mechanism can be used to separate the defective products from the good ones. This article provides a comprehensive review of the various AOI systems used in electronics, micro-electronics, and opto-electronics industries. In this review the defects of the commonly inspected electronic components, such as semiconductor wafers, flat panel displays, printed circuit boards and light emitting diodes, are first explained. Hardware setups used in acquiring images are then discussed in terms of the camera and lighting source selection and configuration. The inspection algorithms used for detecting the defects in the electronic components are discussed in terms of the preprocessing, feature extraction and classification tools used for this purpose. Recent articles that used deep learning algorithms are also reviewed. The article concludes by highlighting the current trends and possible future research directions.

computer science, information systems,telecommunications,engineering, electrical & electronic

Rajasekar Ramalingam,Shimaz Khan,Shameer Mohammed

DOI: https://doi.org/10.48550/arXiv.1602.06510

2016-02-21

Cryptography and Security

Abstract:The revolution of internet technology and its usage have led a significant increase in the number of online transactions and electronic data transfer, parallely increased the number of cybercrime incidents around the world. Steady economic growth in the Sultanate of Oman accelerated the volume of online utilization for e-commerce, banking, communication, education and so forth. Normally attackers target the users who ignore security practices due to the lack of information security awareness. Unawareness of information security practices, user negligence, lack of awareness programs and trainings are the root cause for information security threats. Earlier studies reveal there is a considerable and continuous cybercrime incident in Oman which compromises the security policy of the organizations, affecting the business continuity and the economic growth. In this study, a survey was performed among the educational institutions in Oman to investigate the level of information security awareness and based on the study, a security awareness model is proposed to enable information security practices in the educational institutions.

Junyi Chen

DOI: https://doi.org/10.55267/iadt.07.13907

2023-11-16

Abstract:The industries significantly rely on information technology for effective operations; however, there are hazards like data breaches and system breakdowns. Information system audits are essential to reducing these risks, ensuring quality control, and optimizing the system. These audits evaluate gaps in controls, non-compliance concerns, and vulnerabilities, allowing for the installation of efficient risk mitigation measures. Information system audits are essential for locating and reducing hazards related to an organization's information systems.Vulnerabilities, threats, and control flaws can be found through routine audits, which then allows for the deployment of the necessary controls and risk-reduction measures. Additionally, audits support quality assurance by assessing data reliability, accuracy, and completeness, as well as system performance, regulatory compliance, and industry best practices.The deployment of remedial steps to improve data integrity and system reliability is made possible by their assistance in assisting organizations in identifying gaps and flaws. Information system audits also aid system optimization by revealing details about the functionality and performance of the system.  An extensive evaluation of the literature and case study analysis was used to perform the research.For the analysis of this research, a sequential mixed technique (qualitative and quantitative) study was conducted. Delphi questionnaires were used twice to conduct the study. It encompasses organizations and entities involved in various aspects including but not limited to logistics companies, freight carriers, shipping and distribution firms, public transportation agencies, and supply chain service providers. Data from the semi-structured interviews for the qualitative study were collected via a Delphi survey, and 14 nodes and six themes were then generated.Audits assist organizations in identifying areas for improvement and informing decisions about system upgrades or alterations by analyzing system utilization, response times, resource allocation, and scalability. The results of this study highlight the importance of information system audits in assuring the prosperity, effectiveness, and resilience of businesses engaged in supply chain operations. Organizations can attain a greater level of enterprise risk management, quality assurance, and system optimization, which will improve supply chain operations in general, by managing risks, improving data quality, and optimizing system performance.

Ashutosh Kumar,L. Kavisankar,S. Venkatesan,Manish Kumar,Suneel Yadav,Sandeep Kumar Shukla,Rahamatullah Khondoker

DOI: https://doi.org/10.1007/s10207-024-00930-z

2024-11-07

International Journal of Information Security

Abstract:The Internet of Things (IoT) has the potential to bring unprecedented accessibility and efficiency to a wide range of critical applications and access control services. With the advent of IoT technology, there is a surge in potential threats and challenges that engender the risk of IoT devices interconnected over the Internet infrastructure. The mitigation of potential threats and risks needs a comprehensive analysis of security threats and relevant attack vectors in IoT networks, especially in IoT devices. Auditing is crucial to ensure that all IoT devices in the ecosystem are operating accurately and securely. This research has examined several physical and remote IoT security auditing tools to identify their drawbacks. This paper has also explored possible security threats, audited these threats to prevent them proactively by using the proposed novel seven-layer architecture, and presented expanded security requirements for IoT devices. Even more, we have examined the existing audit tools using an IoT device (IP camera). The analysis has shown that audit features concerning security requirements are missing from the existing audit tools. Our proposed seven-layer IoT device architecture with expanded security requirements has the potential to be a security audit benchmark for all IoT devices at the manufacturing and end-user levels.

computer science, information systems, theory & methods, software engineering

V. M. Akhramovych,

DOI: https://doi.org/10.31673/2412-4338.2021.046277

2021-01-01

Telecommunication and information technologies

Abstract:With the development of digital and information technologies, electronic theft, forgery of documents, etc. began to appear. Criminals have mastered a new space and cause damage, stealing data not only from commercial organizations, for example, Borovikov systems, but also personal files of the average user. The service of protecting information on a PC has already become popular. Users are increasingly becoming aware of the importance of technical security of data stored on electronic devices. Not all users can take care of the security of private files and configure protection on their PC. Therefore, the article is devoted to the issue of quantifying the information security indicator on a computer, depending on the impact on the information structure of various types of internal and external threats (reflects: identification and authentication of users, control of data integrity and authenticity, data backup, delimitation of access to information, Firewall operation (packet filter), audit, antivirus, failures of software and hardware components, speed of information leakage, the effect of the amount of information on their leakage, the effect of information security threats from the loss of trust between users, the effect of the size of the computer system on security, the impact of computer security on information leakage). To solve the specified tasks, a mathematical model of information protection in a PC based on a system of differential equations was developed and solutions were simulated in the MatLab system. Three options for solving the equation near the steady state of the system were considered (a more visual analysis of the system’s behavior was performed, with a transition from the differential form of the equations to a discrete one and modeling of a certain interval of the system’s existence), it was concluded that, based on the conditions of the ratio of dissipation and the natural frequency of fluctuations of the magnitude, damping the latter up to a certain value is carried out periodically, with a decaying amplitude, or according to an exponentially decaying law. Taking into account the impact of the specified parameters on information protection and the possibility of determining a quantitative indicator of protection, PC users will be able to independently assess the impact of each component of threats and make adequate protection decisions.