Approach of the information properties destruction risks assessing based on the color scale

Authors

DOI:

https://doi.org/10.20535/2411-1031.2020.8.2.222608

Keywords:

information properties, information security, information security risk, risk assessment, color scale

Abstract

One of the urgent tasks of today is information protection as defined by the regulations of our state in the field of information security and cybersecurity. The protection of information is to ensure the preservation of its properties such as confidentiality, integrity, and accessibility. In the process of assessing the information security, the priorities of its protection are determined, taking into account the degree of restriction of access to it. Information security risks are assessed to select effective measures and remedies. The existing assessment methods are analyzed, based on estimates of the magnitude of possible damage from the occurrence of an information security incident and the probability or probability of its occurrence. However, none of the forms of formalizing the risk level reflects which properties may be violated within the incident. That is, the general presentation of the risk does not allow its prompt processing. With the use of modern computer technology, it has become possible to create dynamic images of the level of risk. The basis of computer graphics is an additive model of the transfer of red, green, and blue. With this in mind, a method has been developed to assess the risks of violating the properties of information. Its use will distinguish the properties of information by the set color. With the advent of information about new vulnerabilities in information and telecommunications systems, the color may change, which will signal a change in the level of risk for a particular property of information. This approach to information security risk management facilitates prompt decision-making on risk management and maintains the information security process at the appropriate level. At the same time, the use of the proposed method will allow to record changes in the numerical values of colors and, as a consequence, to find the rate of change of the level of information security risk. Its average value can be used to predict the resilience of the protection system to information security incidents. Therefore, the speed of change in the level of information security risk can expand the list of parameters for determining the index of information system development and the basis for updating the planned costs of the organization to ensure information security.

Author Biographies

Volodymyr Mokhor, Pukhov institute for modeling in energy engineering of National academy of sciences of Ukraine, Kyiv,

сorresponding member
of the National Academy
of Sciences of Ukraine,
doctor of technical sciences,
professor, director

Andrii Davydiuk, Pukhov Institute for Modeling in Energy Engineering of National academy of sciences of Ukraine, Kyiv,

postgraduate student

References

SE “UkrNDNC”. (2015, Dec. 18). DSTU ISO/IEC 27001, Information Technologies. Methods of protection. Information security management systems. Requirements (ISO / IEC 27001: 2013; Cor 1: 2014, IDT). Kyiv, 2016, 22 p.

The Verkhovna Rada of Ukraine (1994, Jul. 05) Law 80/94-ВР, On the Protection of Information in Information and Telecommunication Systems. [Online]. Available: https://zakon.rada.gov.ua/laws/show/80/94-%D0%B2%D1%80#Text. Accessed on: May 19, 2020.

V. Mokhor, O. Bakalinsky, and V. Tsurkan, “Analysis of ways to present information security risk assessments”, Information Technology and Security, Vol.6, pp. 75-84, 2018, doi: https://doi.org/10.20535/2411-1031.2018.6.1.153189.

U. S. Kashnitsky, “Visual analytics in the problem of triclustering”, Works of MIPT, vol. 6, no. 3, pp. 43-56, 2014.

O. Latvala, J. Toivonen, A. Evesti, M. Sihvonen, and V. Jordan “Security Risk Visualization with Semantic Risk Model”, Procedia Computer Science, vol. 83, pp. 1194-1199, 2016, doi: https://doi.org/10.1016/j.procs.2016.04.247.

M. V. Buinevich, V. V. Pokusov, and K. E. Izrailov, “Method of visualization of information security system modules”, [Online]. Available: https://cyberleninka.ru/article/n/sposob-vizualizatsii-moduley-sistemy-obespecheniya-informatsionnoy-bezopasnosti/viewer. Accessed on: Aug. 08, 2020.

V. Mokhor, O. Bakalinsky, and V. Tsurkan, “Presentation of information security risk assessments by a risk map”, Information Technology and Security, vol. 6, iss. 2, pp. 94-104, 2018, doi: https://doi.org/10.20535/2411-1031.2018.6.2.153494.

M. V. Kolomeets, A. A. Chechulin, E. V. Doinikova, and I. V. Kotenko, “Methods of visualization of cybersecurity metrics”, Computing, vol. 61, no. 10, 2018, doi: http://dx.doi.org/10.17586/0021-3454-2018-61-10-873-880.

J. Muchagata, and A. Ferreira, “How can visualization affect security”, SCITEPRESS, pp. 503-510, 2018, doi: https://doi.org/10.5220/0006695505030510.

S. Yoo, H. Ryu, H. Yeon, T. Kwon, and Y. Jang, “Visual analytics and visualization for android security risk”, Journal of computer languages, vol. 53, pp. 9-21, 2019, doi: https://doi.org/10.1016/j.cola.2019.03.004.

Wikipedia (2020, листопад). RGB. 2020. [Online]. Available: https://ru.wikipedia.org/wiki/RGB#/media/%D0%A4%D0%B0%D0%B9%D0%BB:RGBCube_ b.svg. Accessed on: Aug. 08, 2020.

Cabinet of Ministers of Ukraine, (2019, June 19). Resolution № 518, On approval of the General requirements for cyber protection of critical infrastructure. [Online]. Available: https://www.kmu.gov.ua/npas/pro-zatverdzhennya-zaganih-vimog-do-kiberzahistu-obyektiv-kritichnoyi-infrastrukturi-i190619. Accessed on: Aug. 08, 2020.

V. M. Bezshtanko, and V. V. Tsurkan, “Diophantine method for determining the frequency of damage due to the implementation of information security threats”, Ukrainian Information Security Research Journal, vol. 15, no. 4, 2013, doi: https://doi.org/10.18372/2410-7840.15.5707.

NIST (2021) National vulnerability database. [Online]. Available: https://nvd.nist.gov/. Accessed on: Aug. 08, 2020.

B. D. Leonov, R. M. Shostak, and V. S. Seryogin, “Development of methodological support for anti-terrorist protection of critical infrastructure facilities (on the example of the United States)”, Information and Law, № 3, pp. 88-96, 2020.

Published

2020-12-30

How to Cite

Mokhor, V., & Davydiuk, A. (2020). Approach of the information properties destruction risks assessing based on the color scale. Information Technology and Security, 8(2), 216–223. https://doi.org/10.20535/2411-1031.2020.8.2.222608

Issue

Section

INFORMATION SECURITY RISK MANAGEMENT