Methodical approach to quantitative assessment of the risks of the implementation of threats unauthorized access to an information resource automated systems of internal affairs bodies
Objective. A characteristic feature of the current stage of development of the sphere of informatization of internal affairs bodies (OVD) is a significant increase in the volume and variety of types of service information of limited distribution, stored, processed and transmitted in automated system...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | Russian |
| Published: |
Dagestan State Technical University
2022-11-01
|
| Series: | Вестник Дагестанского государственного технического университета: Технические науки |
| Subjects: | |
| Online Access: | https://vestnik.dgtu.ru/jour/article/view/1126 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1850024394711105536 |
|---|---|
| author | T. V. Meshcheryakova E. A. Rogozin A. O. Efimov V. R. Romanova S. A. Konovalenko |
| author_facet | T. V. Meshcheryakova E. A. Rogozin A. O. Efimov V. R. Romanova S. A. Konovalenko |
| author_sort | T. V. Meshcheryakova |
| collection | DOAJ |
| description | Objective. A characteristic feature of the current stage of development of the sphere of informatization of internal affairs bodies (OVD) is a significant increase in the volume and variety of types of service information of limited distribution, stored, processed and transmitted in automated systems (AS). This gives rise to the emergence of a large number and expansion of the range of threats to information security, primarily threats associated with unauthorized access (UAS) to the information resource of the ATS AS, and necessitates the improvement of existing methods to combat this type of crime in order to ensure the information security of objects of informatization of ATS. To obtain information that allows assessing the degree of threats, it is necessary to conduct a quantitative risk assessment.Method. The method for assessing the risks of implementing threats of unauthorized access to the information resource of the ATS AS and obtaining data in a quantitative representation is based on the use of mathematical modeling methods. The advantage of a quantitative assessment compared to a qualitative assessment is the ability to compare risks with the final result, which can be represented in monetary terms, and further use in assessing the likelihood of information threats and calculating the damage caused.Result. A methodical approach to the quantitative assessment of the risks of the implementation of UA threats to the information resource of the ATS AS is proposed, which makes it possible to assess the level of security of service information.Conclusion. The proposed methodological approach to quantitative assessment of the risks of the implementation of UA threats to the information resource of the ATS AS provides a visual representation in monetary terms of the objects of assessment (damage, costs). These calculations can be used to justify the requirements for the level of security of ATS ASs during their development and operation. |
| format | Article |
| id | doaj-art-cc8e8320180440b0a4f74b38bad96fce |
| institution | DOAJ |
| issn | 2073-6185 2542-095X |
| language | Russian |
| publishDate | 2022-11-01 |
| publisher | Dagestan State Technical University |
| record_format | Article |
| series | Вестник Дагестанского государственного технического университета: Технические науки |
| spelling | doaj-art-cc8e8320180440b0a4f74b38bad96fce2025-08-20T03:01:07ZrusDagestan State Technical UniversityВестник Дагестанского государственного технического университета: Технические науки2073-61852542-095X2022-11-014939110310.21822/2073-6185-2022-49-3-91-103722Methodical approach to quantitative assessment of the risks of the implementation of threats unauthorized access to an information resource automated systems of internal affairs bodiesT. V. Meshcheryakova0E. A. Rogozin1A. O. Efimov2V. R. Romanova3S. A. Konovalenko4Voronezh Institute of the Ministry of Internal Affairs of RussiaVoronezh Institute of the Ministry of Internal Affairs of RussiaVoronezh Institute of the Ministry of Internal Affairs of RussiaVoronezh Institute of the Ministry of Internal Affairs of RussiaGeneral of the Army S.M. Shtemenko Krasnodar Higher Military SchoolObjective. A characteristic feature of the current stage of development of the sphere of informatization of internal affairs bodies (OVD) is a significant increase in the volume and variety of types of service information of limited distribution, stored, processed and transmitted in automated systems (AS). This gives rise to the emergence of a large number and expansion of the range of threats to information security, primarily threats associated with unauthorized access (UAS) to the information resource of the ATS AS, and necessitates the improvement of existing methods to combat this type of crime in order to ensure the information security of objects of informatization of ATS. To obtain information that allows assessing the degree of threats, it is necessary to conduct a quantitative risk assessment.Method. The method for assessing the risks of implementing threats of unauthorized access to the information resource of the ATS AS and obtaining data in a quantitative representation is based on the use of mathematical modeling methods. The advantage of a quantitative assessment compared to a qualitative assessment is the ability to compare risks with the final result, which can be represented in monetary terms, and further use in assessing the likelihood of information threats and calculating the damage caused.Result. A methodical approach to the quantitative assessment of the risks of the implementation of UA threats to the information resource of the ATS AS is proposed, which makes it possible to assess the level of security of service information.Conclusion. The proposed methodological approach to quantitative assessment of the risks of the implementation of UA threats to the information resource of the ATS AS provides a visual representation in monetary terms of the objects of assessment (damage, costs). These calculations can be used to justify the requirements for the level of security of ATS ASs during their development and operation.https://vestnik.dgtu.ru/jour/article/view/1126automated systemriskunauthorized accessthreatinformation security |
| spellingShingle | T. V. Meshcheryakova E. A. Rogozin A. O. Efimov V. R. Romanova S. A. Konovalenko Methodical approach to quantitative assessment of the risks of the implementation of threats unauthorized access to an information resource automated systems of internal affairs bodies Вестник Дагестанского государственного технического университета: Технические науки automated system risk unauthorized access threat information security |
| title | Methodical approach to quantitative assessment of the risks of the implementation of threats unauthorized access to an information resource automated systems of internal affairs bodies |
| title_full | Methodical approach to quantitative assessment of the risks of the implementation of threats unauthorized access to an information resource automated systems of internal affairs bodies |
| title_fullStr | Methodical approach to quantitative assessment of the risks of the implementation of threats unauthorized access to an information resource automated systems of internal affairs bodies |
| title_full_unstemmed | Methodical approach to quantitative assessment of the risks of the implementation of threats unauthorized access to an information resource automated systems of internal affairs bodies |
| title_short | Methodical approach to quantitative assessment of the risks of the implementation of threats unauthorized access to an information resource automated systems of internal affairs bodies |
| title_sort | methodical approach to quantitative assessment of the risks of the implementation of threats unauthorized access to an information resource automated systems of internal affairs bodies |
| topic | automated system risk unauthorized access threat information security |
| url | https://vestnik.dgtu.ru/jour/article/view/1126 |
| work_keys_str_mv | AT tvmeshcheryakova methodicalapproachtoquantitativeassessmentoftherisksoftheimplementationofthreatsunauthorizedaccesstoaninformationresourceautomatedsystemsofinternalaffairsbodies AT earogozin methodicalapproachtoquantitativeassessmentoftherisksoftheimplementationofthreatsunauthorizedaccesstoaninformationresourceautomatedsystemsofinternalaffairsbodies AT aoefimov methodicalapproachtoquantitativeassessmentoftherisksoftheimplementationofthreatsunauthorizedaccesstoaninformationresourceautomatedsystemsofinternalaffairsbodies AT vrromanova methodicalapproachtoquantitativeassessmentoftherisksoftheimplementationofthreatsunauthorizedaccesstoaninformationresourceautomatedsystemsofinternalaffairsbodies AT sakonovalenko methodicalapproachtoquantitativeassessmentoftherisksoftheimplementationofthreatsunauthorizedaccesstoaninformationresourceautomatedsystemsofinternalaffairsbodies |