Approach of the information properties destruction risks assessing based on the color scale
DOI:
https://doi.org/10.20535/2411-1031.2020.8.2.222608Keywords:
information properties, information security, information security risk, risk assessment, color scaleAbstract
One of the urgent tasks of today is information protection as defined by the regulations of our state in the field of information security and cybersecurity. The protection of information is to ensure the preservation of its properties such as confidentiality, integrity, and accessibility. In the process of assessing the information security, the priorities of its protection are determined, taking into account the degree of restriction of access to it. Information security risks are assessed to select effective measures and remedies. The existing assessment methods are analyzed, based on estimates of the magnitude of possible damage from the occurrence of an information security incident and the probability or probability of its occurrence. However, none of the forms of formalizing the risk level reflects which properties may be violated within the incident. That is, the general presentation of the risk does not allow its prompt processing. With the use of modern computer technology, it has become possible to create dynamic images of the level of risk. The basis of computer graphics is an additive model of the transfer of red, green, and blue. With this in mind, a method has been developed to assess the risks of violating the properties of information. Its use will distinguish the properties of information by the set color. With the advent of information about new vulnerabilities in information and telecommunications systems, the color may change, which will signal a change in the level of risk for a particular property of information. This approach to information security risk management facilitates prompt decision-making on risk management and maintains the information security process at the appropriate level. At the same time, the use of the proposed method will allow to record changes in the numerical values of colors and, as a consequence, to find the rate of change of the level of information security risk. Its average value can be used to predict the resilience of the protection system to information security incidents. Therefore, the speed of change in the level of information security risk can expand the list of parameters for determining the index of information system development and the basis for updating the planned costs of the organization to ensure information security.
References
SE “UkrNDNC”. (2015, Dec. 18). DSTU ISO/IEC 27001, Information Technologies. Methods of protection. Information security management systems. Requirements (ISO / IEC 27001: 2013; Cor 1: 2014, IDT). Kyiv, 2016, 22 p.
The Verkhovna Rada of Ukraine (1994, Jul. 05) Law 80/94-ВР, On the Protection of Information in Information and Telecommunication Systems. [Online]. Available: https://zakon.rada.gov.ua/laws/show/80/94-%D0%B2%D1%80#Text. Accessed on: May 19, 2020.
V. Mokhor, O. Bakalinsky, and V. Tsurkan, “Analysis of ways to present information security risk assessments”, Information Technology and Security, Vol.6, pp. 75-84, 2018, doi: https://doi.org/10.20535/2411-1031.2018.6.1.153189.
U. S. Kashnitsky, “Visual analytics in the problem of triclustering”, Works of MIPT, vol. 6, no. 3, pp. 43-56, 2014.
O. Latvala, J. Toivonen, A. Evesti, M. Sihvonen, and V. Jordan “Security Risk Visualization with Semantic Risk Model”, Procedia Computer Science, vol. 83, pp. 1194-1199, 2016, doi: https://doi.org/10.1016/j.procs.2016.04.247.
M. V. Buinevich, V. V. Pokusov, and K. E. Izrailov, “Method of visualization of information security system modules”, [Online]. Available: https://cyberleninka.ru/article/n/sposob-vizualizatsii-moduley-sistemy-obespecheniya-informatsionnoy-bezopasnosti/viewer. Accessed on: Aug. 08, 2020.
V. Mokhor, O. Bakalinsky, and V. Tsurkan, “Presentation of information security risk assessments by a risk map”, Information Technology and Security, vol. 6, iss. 2, pp. 94-104, 2018, doi: https://doi.org/10.20535/2411-1031.2018.6.2.153494.
M. V. Kolomeets, A. A. Chechulin, E. V. Doinikova, and I. V. Kotenko, “Methods of visualization of cybersecurity metrics”, Computing, vol. 61, no. 10, 2018, doi: http://dx.doi.org/10.17586/0021-3454-2018-61-10-873-880.
J. Muchagata, and A. Ferreira, “How can visualization affect security”, SCITEPRESS, pp. 503-510, 2018, doi: https://doi.org/10.5220/0006695505030510.
S. Yoo, H. Ryu, H. Yeon, T. Kwon, and Y. Jang, “Visual analytics and visualization for android security risk”, Journal of computer languages, vol. 53, pp. 9-21, 2019, doi: https://doi.org/10.1016/j.cola.2019.03.004.
Wikipedia (2020, листопад). RGB. 2020. [Online]. Available: https://ru.wikipedia.org/wiki/RGB#/media/%D0%A4%D0%B0%D0%B9%D0%BB:RGBCube_ b.svg. Accessed on: Aug. 08, 2020.
Cabinet of Ministers of Ukraine, (2019, June 19). Resolution № 518, On approval of the General requirements for cyber protection of critical infrastructure. [Online]. Available: https://www.kmu.gov.ua/npas/pro-zatverdzhennya-zaganih-vimog-do-kiberzahistu-obyektiv-kritichnoyi-infrastrukturi-i190619. Accessed on: Aug. 08, 2020.
V. M. Bezshtanko, and V. V. Tsurkan, “Diophantine method for determining the frequency of damage due to the implementation of information security threats”, Ukrainian Information Security Research Journal, vol. 15, no. 4, 2013, doi: https://doi.org/10.18372/2410-7840.15.5707.
NIST (2021) National vulnerability database. [Online]. Available: https://nvd.nist.gov/. Accessed on: Aug. 08, 2020.
B. D. Leonov, R. M. Shostak, and V. S. Seryogin, “Development of methodological support for anti-terrorist protection of critical infrastructure facilities (on the example of the United States)”, Information and Law, № 3, pp. 88-96, 2020.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2020 Information Technology and Security
This work is licensed under a Creative Commons Attribution 4.0 International License.
The authors that are published in this collection, agree to the following terms:
- The authors reserve the right to authorship of their work and pass the collection right of first publication this work is licensed under the Creative Commons Attribution License, which allows others to freely distribute the published work with the obligatory reference to the authors of the original work and the first publication of the work in this collection.
- The authors have the right to conclude an agreement on exclusive distribution of the work in the form in which it was published this anthology (for example, to place the work in a digital repository institution or to publish in the structure of the monograph), provided that references to the first publication of the work in this collection.
- Policy of the journal allows and encourages the placement of authors on the Internet (for example, in storage facilities or on personal web sites) the manuscript of the work, prior to the submission of the manuscript to the editor, and during its editorial processing, as it contributes to productive scientific discussion and positive effect on the efficiency and dynamics of citations of published work (see The Effect of Open Access).