I. B. Shubinsky,E. N. Rozenberg

DOI: https://doi.org/10.21683/1729-2646-2023-23-3-38-45

2023-08-22

Dependability

Abstract:Aim . The paper aims to solve the problem of objective and confident functional safety (FS) evaluation of intelligent control systems (ICS). As regards ICS, the conventional methods, due to their particular features, do not allow for a sufficiently confident estimation of the actual state of FS. The above features include primarily the nondistinct architecture of ICS and the changing connections between the system elements. Methods . Substantiating ICS FS requires using the complete arsenal of known methods and means recommended in GOST 33432-2015 [1], including managerial measures defined by the requirements for the safety policy, program and case. The authors have analysed the capability to prove ICS FS using experimental, expert, analytical, technological, and simulation-based methods. The limitations of some methods as regards ICS FS substantiation have been established. Results . The authors suggest a heuristic graph-based semi-Markov (Markov) method of proving system FS. For the purpose of substantiating ICS FS, it is recommended using the heuristic graph-based method combined with the technological method defined in GOST R IEC 61508 [2–4]. They don’t only allow confidently evaluating the FS of intelligent systems, but developing recommendations for achieving acceptable safety levels of such systems.

A.G. Andreev,G.V. Kazakov,V.V. Koryanov

DOI: https://doi.org/10.18698/2308-6033-2019-4-1868

2019-01-01

Abstract:Methods for solving the problem of ensuring the reliability of information have been considered in the works of many domestic and foreign scientists. Nevertheless, when performing some tasks of automation of the activity of the personnel of the governing bodies, it may be difficult to calculate the required value of data reliability due to the complexity of the algorithms for calculating the confidence indicator and difficulties in obtaining adequate input data. A new method for assessing the reliability of aircraft flight data is considered on the basis of the special representation of the data preparing process as a serial connection of technological sections in time and calculating the reliability indicators for each element of the technological section and the technological section as a whole. The structure of a typical technological section includes a documentalist, an operator, hardware, software and a procedure for correcting erroneous data detected by the control procedure. The use of such a process model allows obtaining a simple recurrent algorithm for estimating the data reliability index for any technological section using the reliability index values for the previous technology sections. Having determined the probabilities of data distortion and the time of operation performing by elements of the technological section, it is possible to calculate the values of similar indicators for each elementary data preparation process and the system as a whole. An elementary data preparation process, the essence of which is to update the system database is considered as an example. This stage is the most representative one, since all elements of the technological section are involved in its implementation

Pavel Zaporotskov,Rosreestr for Volgograd Region,

DOI: https://doi.org/10.15688/nbit.jvolsu.2020.4.3

2021-03-01

NBI Technologies

Abstract:Information processes, as well as information resources, manage information of varying degrees of importance for the enterprise. In this regard, the protection of such information is one of the most important procedures in the field of state security, the importance of which is growing every year. The problem of information security – the reliable provision of its safety and the established status of use – is one of the most important problems of our time. The paper considers the existing standards in the field of information security audit. The author has developed an innovative model of audit of the information security system based on the comparison of demand measures of order no. 21 of the FSTEC of Russia and ways of implementation in the subsystem of the information system of personal data protection, the recommendations for inspections of specific measures of protection and used technology audit technical means. The developed method is tested on the example of conducting an audit in “Lama” LLC company. The choice was made to establish the compliance of the organization’s personal data protection system with the requirements of order no. 21 of the FSTEC of Russia. Recommendations have been developed to eliminate the existing shortcomings and inconsistencies by re-equipping the anti-virus protection subsystem and the subsystem of inter-network shielding and protection of communication channels.

Nataliya Kuznetsova,Tatyana Karlova,Aleksandr Bekmeshov

DOI: https://doi.org/10.30987/2658-6436-2023-3-13-22

2023-09-30

Automation and modeling in design and management

Abstract:The aim of the scientific work is to create a methodology for designing an auxiliary automated management decision making system based on analysing information security level of intellectual resources of a large industrial enterprise. The methodology is based on the principle of comprehensive information security. The article is devoted to solving the problem of creating a convenient auxiliary tool for auditing information security events. The novelty of the work is the proposed creative concept of using the maximum amount of data on information security events to make a management decision (including a personnel management decision). The study results are recommendations for building an auxiliary automated system for auditing and analysing the information security level of intellectual resources of a large industrial enterprise.

O. Yu. Tsarev,Yu. A. Tsarev

DOI: https://doi.org/10.23947/2687-1653-2023-23-1-26-33

2023-04-17

Advanced Engineering Research

Abstract:Introduction. The article studies the problem of validating the specified levels of reliability during experimental development of a complex technical series system. Such tasks arise when it is required to make a decision on testing the system as part of a larger one or on the completion of experimental development and the start of series production. The study is aimed at validating the reduction of the experimental development time. The task is to determine whether the hypothesis Н о is accepted or rejected. Materials and Methods. To implement the research objective and task, a critical area described by the inequality was constructed based on the test results. The formulation of the requirements validation task was based on well-known approaches to testing statistical hypotheses. The conceptual apparatus of information theory, probability, and statistics was involved. The theoretical and applied literature on mathematical methods in reliability theory was studied. The particular tasks of the work were solved by known ways. Thus, the probability of obtaining the exact number of successful outcomes in a certain number of experiments was determined by the Bernoulli scheme. The exact confidence interval based on the binomial distribution was derived from the Clopper-Pearson relation. The theorem of A.D. Solovyov and R. A. Mirny made it possible to assess the system reliability based on the test results of its components. Results. Control rules adequate to the stage of experimental development (with insufficient data on the technical system) and the stage of series production were mathematically defined. The probability of a successful outcome when testing technical systems was represented by: – the probability of event for a system element; – confidence value; – required scope of tests. In these terms, the null and alternative hypotheses and the corresponding reliability control procedures were investigated. Two provisions were considered. The first one provided using the null confidence hypothesis Н о = { Р ≥ Р Т } and an alternative Н = { Р < Р Т } to confirm the requirements ( Р Т , γ) for the reliability indicator of one parameter for any ( Р Т , γ). In this case, one trouble-free test was enough. The second provision considered a sequential technical system with independent elements that were tested separately from the system according to the Bernoulli scheme for one parameter. We considered the requirements for the system in the form of a set of values ( Р Т , γ) and the requirements for any of its elements ( Р Т i , γ). They coincided when the planned outcome of the tests corresponded to the cases when the ratio Р = lim 1≤ i ≤ N : Р i = Р m was fulfilled, and the null alternative hypothesis was selected from the theory of statistical hypothesis testing. Discussion and Conclusions. The experimental development strategy should be implemented in two stages: the search and validation of the reliability of the elements through a series of fail-safe tests. In this case, the planned scope of tests of each element is determined taking into account the confidence probability, the lower limit of the confidence interval, and the requirements for reliability indices of one parameter of the technical system. If the use of the null confidence hypothesis is acceptable, one fail-safe test is sufficient to confirm the requirements for the reliability index.

English Else

O.A. Voskresenskaya,N.M. Sladkova,,

DOI: https://doi.org/10.34022/2658-3712-2021-45-4-121-129

2021-01-01

Social@labor researches

Abstract:Among the factors affecting the level of digitalization and information security of public services in the Russian Federation, the training level of civil servants in this area has a special place. The object of this paper is the activities of government agencies on the assessment and development of information security competencies of civil servants. The authors apply a competencybased approach to determine the effectiveness of information security in government agencies and focus on monitoring the state of work on assessing and developing competencies in the field of information security of civil servants. The purpose of the study is to develop tools and methods for monitoring the effectiveness of personnel to ensure information security in public services. The methodological base of the study includes the analysis of the regulatory framework, scientific literature in the field of the best domestic and foreign practices, data obtained on the basis of surveys of government representatives. The research results: indicators and methods for assessing the maturity of the work of state bodies on the assessment and development of competencies in the field of information security of civil servants are proposed; the findings of the study on information security level in a number of instances are presented, the most frequent incidents related to ensuring information security by civil servants are given, the relationship between the maturity of information security processes and the level of competence of civil servants in this area is shown. The results of the study may be used in the activities of HR and IT-services, information security divisions of public services, as well as by federal and regional authorities responsible for the development and implementation of state policy in legal regulation on information security in the public civil service. Provided the information security is one of the basic qualification requirements, the prospect of solving problems in this area is seen in the automation of monitoring processes based on the federal unified information system for personnel management of the civil service of Russia.

Vitalii Gaievskyi

DOI: https://doi.org/10.18664/1994-7852.204.2023.284024

2023-06-21

Collection of scientific works of the Ukrainian State University of Railway Transport

Abstract:The article examines the issues of improving the methodology for identification and assessment of the limits of existing risks of technical operation and maintenance of automated railway transport control systems, determining and classifying the level of severity of the consequences of failures for the further selection of appropriate risk management methods that will be applied in the development of innovative control systems of railway infrastructure transport. To resolve the issue, it is proposed to consider the effects of external factors and means of the system itself, which are designed to reduce risk in order to comply with a given level of functional safety using a risk-oriented approach. The main functions of risk are defined: protective, analytical, innovative, regulatory. The risk management process is based on the results of risk identification and assessment in order to reduce the consequences of dangerous factors and threats, based on the results of which a structural block diagram of the process was built using the principle "as low as reasonably achievable" (ALARP). 9 stages of risk management are defined: - risk assessment of potential consequences; - decision-making regarding risk and its acceptability; - development of measures to eliminate risks or reduce them to the lowest acceptable level; - determination of risk probabilities and completion of the table of risk probabilities - categories of the probability of occurrence of dangerous factors or threats; - assessment of the severity of their consequences and completion of the risk severity table with the definition of the severity category of the consequences of dangerous factors; - determination and classification of the level of severity of the consequences of train traffic control system failures; - assessment of risk acceptability using the risk assessment matrix and determination of risk acceptability indices; - risk assessment and decision-making regarding the acceptability or unacceptability of risks. - making a decision about the need to control the assessed risk. According to the results of the study, taking into account simplifications and assumptions, it was determined that the most vulnerable elements of the control system and timely and high-quality maintenance require identification and assessment of risks. That is, using statistical data on the failure of technical equipment on the one hand and statistical data on their technical maintenance, it is possible to calculate and assess risk levels and determine and classify the level of severity of the consequences of failures and the degree of their acceptability using quantitative and qualitative methods. The obtained results will be applied to the selection of appropriate risk management methods and further improvement of automated management systems by expanding their capabilities and providing them with additional functions.

Alexander Barabanov,Maxim Grishin,Alexey Markov

DOI: https://doi.org/10.48550/arXiv.1306.1955

2013-06-08

Cryptography and Security

Abstract:An approach to the development of security test procedures for information security controls is presented. The recommendations for optimizing the test procedure are obtained

L. A. Kleiman,V. I. Freyman

DOI: https://doi.org/10.15588/1607-3274-2021-1-16

2021-03-30

Abstract:Context. In the modern world, information management systems have become widespread. This make it possible to automate the technological processes of enterprises of various sizes. Many information management systems include wireless and autonomous elements. Autonomy, in this case, means the ability of the system elements to function for a certain time without additional energy supply. In this regard, such a parameter of operational reliability as the battery life of a system element becomes one of the most important. One of the main tools for improving the reliability and fault tolerance of information management system elements – is the use of a modern diagnostic system. Objective. The aim of the work is to develop a method for increasing the reliability of the functioning of autonomous elements of information management systems. It includes the creation of a model of an information management system and an algorithm for reasonable redistribution of diagnostic functions, as well as a software implementation of the developed algorithm, which confirms its higher reliability indicators in comparison with other algorithms. Methods. The basic model was the Preparata-Metz-Chen model. On its basis, a new model of the system was built, including the structural and logical description of the elements and the determination of the way of their interaction. The elements were classified by the degree of criticality of the functions performed in the system. On the basis of the developed model and description of the elements, an algorithm was developed for the reasonable redistribution of the diagnostic load, which made it possible to reduce the average energy consumption of the elements and thereby improve the reliability indicators. A software implementation of the developed algorithm was created, which allows to numerically evaluate its advantages. The developed and existing algorithms were compared. Results. A model of information management system has been developed. In such a system, it is proposed to use an integrated test diagnostics system. This diagnostic system implements algorithms for redistributing the diagnostic load. To determine the importance of the characteristics taken into account, a linear criterion was chosen, as the most studied and fastest in application. A software model, that implements the developed algorithm and makes it possible to compare it with existing algorithms, has been developed. A study of the software model with various parameters was carried out and, based on the results of the software simulation, conclusions were drawn about the possibilities of improving the algorithm and directions for further scientific research were formulated. Conclusions. The usage of the developed algorithm makes it possible to increase such a characteristic of the reliability of the elements of the information and control system as the mean time of failure-free operation (mean time between failures) by increasing the operating time of autonomous elements without recharging. When carrying out software modeling of the developed and existing algorithms, the advantages of the first were confirmed, and theoretical possibilities for its improvement were formulated.

Anton Petrov,Elena Popova,Alexander Petrov

DOI: https://doi.org/10.48550/arXiv.2003.02590

2020-03-05

Software Engineering

Abstract:Obviously, the dynamism of software reliability research has speeded up significantly in the last period, and we can state the fact that its intensity is approaching, and in some cases is ahead of the information systems hardware reliability research intensity. Reliability of software is much more important than its other characteristics, such as runtime, and although the absolute reliability of modern software is apparently unattainable, there is still no generally accepted measure of reliability of computer programs. The article analyzes the reasons for the situation and offers an approach to solving the problem. The article touches upon the issue of general characteristics of information systems software life cycle. Considered software application reliability questions and use of fail-safe ensuring programming. Also presented basic types of so-called virus programs that lead to abnormal functioning of information systems. Much attention is given to presenting some known models used for software debugging and operating. So, this review paper consists of four sections: information systems software process creation, reliability of information systems software, using of fail-safe programs and estimation of software reliability according the results of adjusting and normal operation.

Nikolay Sidnyaev,Elizaveta Sineva,,

DOI: https://doi.org/10.21681/2311-3456-2023-2-23-35

2023-01-01

Voprosy kiberbezopasnosti

Abstract:The purpose of the research is to develop the concept of systematization of the knowledge base and solving problems of information cybersecurity of systems and when making search decisions based on the construction of a structured semantic content model of terms of a scientific and theoretical nature describing complex active systems. Research methods: statistical analysis, hypothesis testing methods, machine learning methods, reliability models, evaluation type models used in testing reliability indicators, parameters of behavioral systems. The result obtained: The result obtained: experimental results of the application of reliability evaluation models and consent criteria to different sizes of knowledge bases are discussed and the evaluation of the results of measuring the reliability index on these components, taking into account the failure rate, is given. The description of generalized algorithms for the functioning of evaluation and forecasting components, as well as their applicability to solving problems in the field of information security, is given. A general model of a spatial network is proposed, within the framework of which the subject carries out risk management by effectively, in one sense or another, distributing the homogeneous resource at his disposal between its nodes. For the implementation of decision-making, more optimistic criteria than the minimax criterion are recommended. Scientific novelty: consists in the development of mathematical models to maintain the logical and physical integrity of the knowledge bases of cybersystems using the desirability function and consent criteria. The basic requirements for ensuring reliable behavior and operability of an information system using oriented databases are highlighted and described. It is postulated that the best information system reliability is achieved through the use of automated monitoring systems using knowledge bases for continuous monitoring and periodic analysis of cybersystem objects with tracking the dynamics of changes in the event space.

Muratzhan B. Shakirov,Igor N. Karmanov

DOI: https://doi.org/10.33764/2618-981x-2020-6-2-146-151

2020-07-08

Abstract:Automated systems play a key role in supporting business processes of commercial and state enterprises. The widespread use of automated information systems for storing, processing and transmitting information makes the issues of their protection relevant, especially given the global trend towards an increase in the number of information attacks, leading to significant financial and material losses. The article demonstrates the importance of conducting an audit in the field of information security of optoelectronic instrumentation. The article discusses the stages and rules of conducting an information security audit, as well as the criteria for evaluating its results. Information security audit is one of the most efficient tools for obtaining an independent and objective assessment of the current level of enterprise security from information security threats. In addition, the audit results provide the basis for forming a development strategy for the organization’s information security system.

N. Limanova,A. Anashkin

DOI: https://doi.org/10.33619/2414-2948/87/27

2023-02-15

Bulletin of Science and Practice

Abstract:The relevance of the work lies in the fact that the pace of development of the field of information security does not correspond to progress in the development of data processing methods, resulting in a serious lack of practical knowledge of the subject area, which prevents the creation of conditions for secure recording, processing and storage of data. In the process of writing the article, modern methods and principles of ensuring information security, including a mandatory approach, were studied, and a brief description of software products supporting this approach was given. The mandatory method of information protection implies granting access rights to certain actions in accordance with the user’s status. Such actions can be, for example, writing, reading and changing data. Examples of user statuses are ‘administrator’ and ‘reader’, where the administrator, as a rule, is provided with the entire list of available actions, and the reader is provided with only a minimum, sufficient for familiarization activities. In its architecture, the mandatory approach often contains tools for conducting cluster analysis. Cluster analysis can be used both to carry out work on risk analysis and assessment, and to determine the degree of protection of an object. In any case, when building a cluster, it should be taken into account that some levels of protection may be represented by more objects than others. There are software products on the information security market that allow the use of a mandatory method of ensuring information security. One of the striking examples is the PostgreSQL database management system, which has an apparatus of labels assigned according to the user’s level of rights: the higher the level of rights, the higher the access level.

Yurii Kharazishvili,Aleksy Kwilinski

DOI: https://doi.org/10.34021/ve.2022.05.04(1)

2022-12-30

Virtual Economics

Abstract:Applying artificial intelligence methods, the paper frames the algorithm structure and software for the formalized determination of the type of distribution (automatic classification) of the probability density function and the vector of limit values by justifying theoretically security gradations and determining quantitatively security indicators. The methodological basis of the research is the applied systems theory, statistical analysis, and methods of artificial intelligence (cluster analysis). The study of the approaches applied showed the absence of a theoretical basis for determining security gradations and the absence of their theoretical quantitative justification. The theoretical basis for determining security gradations is the concept of an extended "homeostatic plateau", which connects three levels of security in both directions: optimal, crisis, and critical with spheres of positive, neutral and negative feedback. To determine the bifurcation points (vector of limit values), the “t-criterion” method is used, which consists in constructing the probability density function of a “benchmark” sample, determining whether it belongs to the type of distribution with the calculation of statistical characteristics (mathematical expectation, mean square deviation, and asymmetry coefficient) and formalized calculation of the vector of limit values for characteristic types of distribution (normal, lognormal, exponential). To solve the problem of recognising (automatic classifying) the type of distribution of probability density functions of security indicators, artificial intelligence methods are used, namely, a discriminant method from the class of cluster analysis methods using quantitative and qualitative metrics: Euclidean distance, Manhattan metric and recognition by characteristic features. To digitize the determination of the vector of safety indicators limit values, an algorithm structure and software in the C++ programming language (version 6) have been developed, which ensures full automation of all stages of the algorithm and the adequacy of recognising graphic digital data with a predetermined number of clusters (types of distribution). A distinctive feature of the proposed method of formalized determination of the security indicators limit values is a complete absence of subjectivity and complete mathematical formalization, which significantly increases the speed, quality and reliability of the results obtained when evaluating the level of sustainable development, economic security, national security or national stability, regardless of the level of a researcher's qualification.

Yu.S. Tverskoy,I.A. Kolesov,A.V. Golubev,I.K. Muravyov,J.A. Gaidina,,,,,

DOI: https://doi.org/10.17588/2072-2672.2022.3.045-056

2022-06-30

Vestnik IGEU

Abstract:Modern production machinery is equipped with multifunctional automated process control systems (APCS) based on software and hardware complexes (SHC) of a network hierarchical structure. The experience of designing and operating multifunctional process control systems proves that the efficiency of the systems being developed significantly depends on the array of problems at different stages of the technology design and system modernization. It is to be developed, both at the fundamental level of local automatic control systems and at a higher level of hierarchical system structure. At the same time, special attention is paid to the software failure, which is fixed, as a rule, by periodically updating all the content. For process control systems, such an approach under the operation conditions of power equipment is unacceptable. In this regard, the effectivity problems of complex systems are to be classified in terms of technological process factors, the theory of automatic control and instrumental factors associated with the proper software implementation. As a theoretical basis to solve the problem of information sufficiency and synthesis of structurally stable systems, the methods of potentials and coordinates of the thermodynamics of irreversible processes are used. The testing method is applied as a tool to analyze and diagnose software and hardware tools. The authors have defined three groups of factors: system, controller and local. The task to analyze the conformity of information and algorithmic support means to expert and verify the absence of defects in the software of a multifunctional system and the fulfillment of the declared requirements. The automated testing system is a unified environment to analyze the execution of test scenarios. It provides continuous validation and verification of the information and algorithmic support of the SHC. In particular, a methodology has been developed to carry out resource tests of the software and hardware complex and checking the operation of the mechanisms for backing up, synchronizing, and replacing its components by simulating failures in the processor modules, hardware and software components. A set of methodological factors has been defined to develop advanced software and hardware systems for process control systems. It significantly affects the adequacy of the information and algorithmic support of a complex system. A technology of automated testing of software and hardware tools of the SHC has been developed. Methods to solve interdisciplinary problems are generalized. The authors recommend solving the problems at the earlier stages of a complex system design. The proposed technology to develop and diagnose automatically software and hardware of the SHC by implementing a single environment to study, compare and detect the defects of the SHC software throughout the entire life cycle of the process control system allows you to identify and eliminate the mutual negative influence of the SHC components both at the development stage and at the stage of the subsequent system organization, including solving the problem of information security at the stage of system installation and operation. The developed approach to solve complex interdisciplinary problems that require solution at the early stages of designing complex systems makes it possible to avoid fundamentally erroneous decisions and increase the competitiveness of the SHC as a systemically important APCS complex at the time of installation.

Marina E. Tsibareva

DOI: https://doi.org/10.18287/2542-0461-2023-14-4-134-140

2024-01-23

Abstract:The rapidly developing information technology industry, in the conditions of withdrawal from the Russian market of well-known IT brands such as Intel, IBM, Avast and others, faced the problem of a shortage of qualified specialists, investments, equipment and software. In conditions of limited resources, IT companies must offer domestic organizations new software that can fully replace foreign analogues. As part of import substitution, ensuring technological independence and security of Russia's critical information infrastructure (CII), regulatory legal acts were signed, according to which organizations, including state and departmental ones, are obliged to switch to using Russian software (software), including at CII facilities. To solve this problem, it is necessary to provide the IT industry with qualified specialists, the need for whom is growing not only quantitatively, but also professionally. The personnel shortage in the IT sector undermines the economic security of companies and can bring to naught all the efforts of the leadership to resist foreign information technologies. This circumstance determined the topic of the study – to assess the personnel component of the economic security of IT companies in Russia in order to identify problems and ways of developing the IT industry. The components of the personnel component of economic security (hereinafter referred to as personnel security) are defined: intellectual (number of trained); personnel efficiency; dynamics and movement of personnel; physical safety; staff motivation. The most vulnerable components were: labor efficiency; physical safety. The analysis of these components made it possible to identify areas for ensuring personnel security, including: increasing the responsibility of employees for disclosing information; informing employees about cyber defense measures; training (including trainings) of employees to improve their skills; early education and training of young people for the implementation of creative and innovative initiatives in the IT field.

M. Shlaifer,Oleh Mykytyn,,

DOI: https://doi.org/10.23939/smeu2022.02.148

2022-12-27

Abstract:The study is aimed at researching ways to improve the information support of the management system using software. The authors determined that automation allows to reduce the time required to perform basic management functions, it is used for calculations and analysis, design, quality control, planning of all operational processes, hiring and accounting of employees, etc. An information system is a combination of technical, software and organizational support, as well as personnel, designed to provide the right people with the right information in a timely manner. To implement the automation system, you need functional software such as an OPS server, a control system service, a database server, a recipe editor, and SCADA. It has been proven that a modern automated management system should combine the maximum possible set of functions for managing all business processes of the enterprise. We determined that for the effective functioning of enterprise services, the following requirements are placed on the quality of information: сomplexity (the information should reflect all aspects of the service in relation to external conditions), promptness (receiving input information must occur simultaneously with the course of the process in the management system or coincide with the moment of its completion), systematicity (the necessary information should be provided as continuously as possible), reliability (information should be formed in the course of fairly accurate measurements). To improve the management information system in the organization, it was proposed to use such programs as AnyLogic, Aris, Business Studio, MS Visio. Their functionality was compared and the best system for automating the management system was determined. It was determined that, in our opinion, the software product Business Studio is the priority as a software tool in the direction of service support, because from the user's point of view it meets the necessary requirements. The advantages of this product are a free demo version, available reference materials and the availability of example models.

Anastasia Kalita,Marina Ozhiganova,Evgeny Tishchenko

DOI: https://doi.org/10.15688/nbit.jvolsu.2019.1.2

2019-08-01

NBI Technologies

Abstract:Over the past few decades, there has been a tendency to minimize the participation of the human factor in various production and other processes. This process is implemented through the mass introduction of automated systems. Man-machine complexes are currently the most common and productive model of activity. At the current stage of technology development, the process of human activity automation is only an intermediate link on the way to excluding human intervention. This direction is the most relevant for systems that have a potential and real threat to human health and life (for example, manufacturing plants) or systems that are threatened by a person (for example, transport systems). The second group includes the sphere of information security. There is a need to move to the next level of excluding the human factor – introducing adaptive systems that will transfer the process of information protection in a completely different plane. The organization of adaptive information security systems is based on applying existing methods of adaptation from other areas of scientific knowledge in relation to information security issues. Features of such application of the generalized principles of adaptation reflect the specifics of the subject area without violating generally accepted norms. This article discusses the general principles of adaptive systems. It investigates the existing approaches to the organization of adaptive information security systems as well.

L. Kashirskaya,Yu. Zurnadzh'yanc

DOI: https://doi.org/10.12737/1998-0701-2022-8-1-21-31

2022-02-04

Auditor

Abstract:Th e article is devoted to the study of information security audit objects, which include information stored and processed at the enterprise; information resources on which information is stored; information channels through which information is transmitted; soft ware used to process information; legal and technical documentation on hardware and soft ware and means of physical protection of information, as well as the characteristics of the stages of the audit of such objects. Th e article concludes that in view of the continuous and dynamic development of information objects in companies, there is a need to group such objects and form, on its basis, the main elements of information security audit.

M. V. Romanova,E. V. Chernova

DOI: https://doi.org/10.21686/1818-4243-2022-2-14-24

2022-04-29

Open Education

Abstract:The purpose of the study is to substantiate and test an interactive methodology that involves the active interaction of a high school student - a moderator and schoolchildren in the process of developing their competencies in the field of information security, allowing them to successfully socialize in the information environment. The relevance of this problem is due, on the one hand, to the process of informatization of all spheres of society’s life and the demand in this regard for the subjects of society who have both knowledge in the field of information security and the ability to ensure their own technological, ideological and psychological security and, on this basis, objectively analyze and evaluate information coming to them, taking into account the threats contained in it. On the other hand, the need for practice in the methodological support of the process of teaching schoolchildren the basics of security on the Internet and the insufficient development of this issue in pedagogical science. Materials and methods . To achieve this goal, we used a systematic approach to create a model of an interactive methodology for teaching schoolchildren the basics of information security, an activity approach that allows us to activate the process of interaction between subjects of cognitive activity and the possibility of increasing its effectiveness based on gamification. The following methods were used in the work: analysis of pedagogical, psychological, scientific, technical and methodological literature on the research problem, systematization, generalization, experiment, questioning, testing, survey, diagnostic methods (methods of Internet addiction by S.Kulikov and Kimberly-Young in adapted by S. Loskutova), and methods of mathematical statistics and visual presentation of results. The experiment involved 66 schoolchildren from the fifth to the ninth grades and five high school students as moderators of school No. 28 in Magnitogorsk. Results . As part of the study, an interactive methodology for teaching schoolchildren the basics of Internet security was developed and tested, implemented as part of extracurricular activities based on the author’s program, developed on the spiral principle of presenting the content of training, interaction between a teacher, a high school student - moderator and schoolchildren on the principle of mentoring, using gamification. The game scenario developed by us on the principles of gradual complication of situational tasks depending on the age of schoolchildren (gamification mechanics), cooperation (gamification dynamics) and motivation (gamification components) is implemented as a mobile application with elements of additional reality. Within the framework of this methodology, senior students act as mentors for students of middle school age. The study of the opinions of schoolchildren indicates that they are satisfied with the process and the result of education. Conclusion . The proposed interactive methodology for teaching schoolchildren the basics of security on the Internet, combining elements of traditional and e-learning as part of extracurricular activities, ensures the involvement of school-children in the educational process based on the development of external and internal motivation, increases the productivity of their cognitive activity, eliminates formalism in interactive interaction and allows effective implement monitoring and evaluation of learning outcomes.