Justification Models of Organizational and Technical Support of Measures to Create Information Protection System of Informatization Objects
- Authors: Avsentyev O.S.1, Butov V.V.1, Valde A.G.2
-
Affiliations:
- Voronezh Institute of the Ministry of the Interior of the Russian Federation
- Ministry Department of Internal Affairs of Russia in the Amur Region
- Issue: Vol 10, No 5 (2024)
- Pages: 93-108
- Section: INFORMATION TECHNOLOGIES AND TELECOMMUNICATION
- URL: https://ogarev-online.ru/1813-324X/article/view/270436
- EDN: https://elibrary.ru/AKWAWD
- ID: 270436
Cite item
Full Text
Abstract
The relevance of the article is due to the need to protect information at all stages of creating an information system in the absence of appropriate organizational and technical support. To justify this kind of provision, mathematical models are needed that take into account the conditions and the random nature of the implementation of heterogeneous information processing processes in time at each stage, threats to its security and protection from these threats. The article discusses approaches to the development of such models based on the apparatus of flow theory and the theory of composite Petri ‒Markov networks, the possibilities of which for modeling the processes under study have not been previously considered. The purpose of the article. To reveal the content of issues related to the justification of organizational and technical support for information protection at the stages of creating an information system, to show the need and ways to quantify threats to its security and protection from these threats. For this purpose, the methods of functional and structural analysis, probability theory and flow theory were applied. In the course of solving the scientific problem, the relevance of substantiating the organizational and technical support of information protection at the stages of creating information systems is shown, descriptive models of its processing processes are developed, time diagrams of threat scenarios are given in the absence of protection measures and in the conditions of using preventive organizational and technical measures, indicators and analytical ratios for their calculation are proposed. The scientific novelty of the article consists in the fact that for the first time it examines the issues of organizational and technical support for information protection at the stages of creating an information system, examines the theoretical aspects of quantifying threats to its security and protection from these threats based on flow theory and prospects for applying the theory of composite Petri-Markov networks. Significance (theoretical). The conditions for the implementation of the studied processes and the possibility of applying the theory of flows and the apparatus of composite Petri–Markov networks for their modeling are established. Significance (practical). The results obtained in the work can be used to justify the organizational and technical provision of information protection at the stages of creating information systems of various organizations (both state and non-state), for which the implementation of threats at these stages may lead to damage to their activities.
About the authors
O. S. Avsentyev
Voronezh Institute of the Ministry of the Interior of the Russian Federation
Email: osaos@mail.ru
SPIN-code: 7457-6728
V. V. Butov
Voronezh Institute of the Ministry of the Interior of the Russian Federation
Email: butov18@mail.ru
SPIN-code: 6574-5546
A. G. Valde
Ministry Department of Internal Affairs of Russia in the Amur Region
Email: avalde@mvd.ru
SPIN-code: 4747-6319
References
- ГОСТ 34.601-90. Информационная технология. Комплекс стандартов на автоматизированные системы. Автоматизированные системы. Стадии создания. М.: Стандартинформ, 2009.
- Avsentiev O.S., Valde A.G., Konkin Yu.V. Ensuring the Protection of Information in the Process of Creating an Information System of an Informatization Object // Chemistry and Technology of Fuels and Oils. 2021. № 3. P. 36.
- ГОСТ Р 50922-2006. Защита информации. Основные термины и определения. М.: Стандартинформ, 2007.
- Авсентьев О.С., Вальде А.Г. К вопросу о формировании системы защиты информации от утечки по техническим каналам, возникающим за счет побочных электромагнитных излучений объектов информатизации // Вестник Воронежского института МВД России. 2021. № 2. С. 22‒33. EDN:VNLGMX
- Язов Ю.К., Авсентьев О.С., Авсентьев А.О., Рубцова И.О. Метод оценивания эффективности защиты электронного документооборота с применением аппарата сетей Петри – Маркова // Труды СПИИРАН. 2019. Т. 18. № 6. С. 1269‒1300. doi: 10.15622/sp.2019.18.6.1269-1300. EDN:FBTRZZ
- Avsentiev O.S., Avsentiev A.O., Krugov A.G., Yazov Yu.K. Simulation of processes for protecting voice information objects against leakage through the spurious electromagnetic radiation channels using the Petri ‒ Markov nets // Journal of Computational and Engineering Mathematics. 2021. Vol. 8. Iss. 2. PP. 3‒24. doi: 10.14529/jcem210201. EDN:VOKXXO
- Язов Ю.К., Анищенко А.В. Сети Петри-Маркова и их применение для моделирования процессов реализации угроз безопасности информации в информационных системах. Монография. Воронеж: Кварта, 2020. 173 с.
- Язов Ю.К., Анищенко А.В., Суховерхов А.С. Основы теории составных сетей Петри-Маркова и их применения для моделирования процессов реализации угроз безопасности информации в информационных системах. Монография. СПб.: Сциентиа, 2024. 196 с. doi: 10.32415/scientia_978-5-6052111-2-9. EDN:CGTNTU
- ГОСТ Р 51583-2014. Защита информации. Порядок создания автоматизированных систем в защищенном исполнении. Общие положения. М.: Стандартинформ, 2014.
- Язов Ю.К., Соловьев С.В. Методология оценки эффективности защиты информации в информационных системах от несанкционированного доступа. Монография. СПб.: Наукоемкие технологии, 2023. 258 с. EDN:WVCHKW
- Меньшаков Ю.К. Теоретические основы технических разведок: учебное пособие. Под ред. Ю.Н. Лаврухина. М.: Изд-во МГТУ им. Н.Э. Баумана, 2008. 536 с.
Supplementary files
