Conceptual model of information protection of critical information infrastructure objects of Ukraine
DOI:
https://doi.org/10.20535/2411-1031.2021.9.2.249889Keywords:
information security model, object of critical information structure, information security threats, protection measures, information security status assessment matrixAbstract
The problem of the information protection sphere – the choice of the information protection model at the critical information infrastructure objects of Ukraine is investigated. An analysis of modern models for the protection of computer systems and networks that form the basis of critical information infrastructure objects was carried out. These models consider the specific features of their operation. They make it possible to assess different scenarios of information security events, to analyze the state of computer systems and networks that are part of the critical information infrastructure objects. They are designed to simulate the actions of the attacker. The presented models of protection with reservations can be used during the development of the architecture for the protection system of critical information infrastructure objects. The schemes which can be used to design the information protection model architecture of critical information infrastructure objects have resulted. Particular attention is paid to issues related to the peculiarities of information security threats and shows the ways of their formation This analysis is appropriate for choosing the means of information protection circulating in computer systems and networks of critical information infrastructure objects. The reasons and conditions for the formation of information security threats are important, they are a source of valuable information for establishing a basic and additional set of information security tools. The main and additional means of protection are established unconditionally for the information protection models of critical information infrastructure objects. The basis for their implementation is the matrix of information security assessment for objects of critical information infrastructure, compiled with the help of expert assessment. The components of the objects of the critical information infrastructure information protection model are determined. It consists of three components: information security threats, information infrastructure elements, and protection measures, which in turn are divided into basic and additional. The relationship of the model components is formalized with the help of a matrix. The formulaic form of the model is presented, where its elements are the probabilities arising from the influential effect of information security threats on the elements of the information infrastructure. These probabilities are established by an expert method. Sets of conditions for the influence of (external and internal) factors, states (working and emergency) functioning, the structure of elements of critical information infrastructure objects are formulated. This important information is ultimately a linguistic description of the requirements for creating an information protection model of critical information infrastructure objects.
References
KPI and two other Kyiv universities have joined the USAID Cyber Security Project. [Online]. Available: https://kpi.ua/2021-05-21. Accessed on: Sept. 4, 2021.
A. Wenger, V. Mauer and M. Cavelty, International critical information infrastructure protection handbook 2008–2009, Eds. Center for Security Studies, ETH Zurich, 2009.
National Institute of Standards and Technology. (2018, Apr. 16). Framework for Improving Critical Infrastructure Cybersecurity. Ver. 1.1. [Online]. Available: https://doi.org/10.6028/NIST.CSWP.04162018. Accessed on: Sept. 4, 2021.
Ukraine’s national security strategy in the context of the experience of the world community. Coll. art. for mater. int. conf. Kyiv: SATSANGA, 2001.
O. Dovhan, “Critical infrastructure as an object of protection against cyber-attacks”, on scientific-practical conf. Information security: challenges and threats of modernity. Kyiv, 2013, pp. 17-20.
S. Honchar, G. Leonenko, and O. Yudin, “Theoretical and methodological aspect of information security of critical infrastructure facilities”, Bulletin of Lviv Polytechnic National University. Computer Systems and Networks, № 806, 2014, pp. 34-39.
E. Galkova, “Dynamic model of information protection in an attempt to raid a credit and financial institution”, dis. cand. sciences, St. Pet. nat. res. un. of inform. tech. mechanics and optics, 2014.
D. Korolev, and M. Korolev, Information systems in banking. Belgorod: BelSU Publ. House, 2004.
J.-S. Chang, Y.-H. Jeon, and S. Sim, “Information Security Modeling for the Operation of a Novel Highly Trusted Network in a Virtualization Environment”. [Online]. Available: https://doi.org/10.1155/2015/359170. Accessed on: Sept. 4, 2021.
Y. Lee, “Information Security Investment Model and Level in Incomplete Information”, [Online]. Available: https://doi.org/10.13089/JKIISC.2017.27.4.855. Accessed on: Sept. 4, 2021.
C. K. Wong, S. B. Maynard, A. Ahmad, and H. Naseer, “Information Security Governance: A Process Model and Pilot Case Study”. [Online]. Available: https://aisel.aisnet.org/icis2020/cyber_security_privacy/cyber_security_privacy/3/. Accessed on: Sept. 4, 2021.
Department of Homeland Security. (2002, Nov. 25). The Critical Infrastructure Information Act of 2002. [Online]. Available: https://www.dhs.gov/publication/critical-infrastructure-information-act/. Accessed on: Sept. 4, 2021.
National Institute of Standards and Technology (NIST). Computer Security Resource Center (CSRC). (2008, July 25). SP 800-123, Guide to General Server Security. [Online]. Available: https://csrc.nist.gov/publications/detail/sp/800-123/final. Accessed on: Sept. 4, 2021.
T. Dalzell, The Routledge Dictionary of Modern American Slang and Unconventional English, 2009. [Online]. Available: https://books.google.com.ua/books?id=5F-YNZRv-VMC&pg=PA595&redir_esc=y#v=onepage&q&f=false. Accessed on: Sept. 4, 2021.
E. Partridge, T. Dalzell, T. Victor, The Concise New Partridge Dictionary of Slang, Psychology Press, 2007.
E. Derbin, and S. Klimov, Organizational framework for information security of the enterprise. Moscow: Fin. Un., 2013.
A. Nosarev, “Models in Information Security” [Online]. Available: https://habr.com/ru/post/467269/. Accessed on: Sept. 4, 2021.
A. Vozniuk, A. Krieger, and G. Tumurov, “Model of organization of information protection at the enterprise”. [Online]. Available: https://storage.tusur.ru/files/36680. Accessed on: Sept. 4, 2021.
A. Zagorodnikov, and S. Kozlov, “Information Protection Model”, in Proc. Conf. participation GPO TUSUR, 2014. [Online]. Available: https://gpoconference.tusur.ru/conference/2014/themes/99/projects/571/discourses/653. Accessed on: Sept. 4, 2021.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2021 Information Technology and Security
This work is licensed under a Creative Commons Attribution 4.0 International License.
The authors that are published in this collection, agree to the following terms:
- The authors reserve the right to authorship of their work and pass the collection right of first publication this work is licensed under the Creative Commons Attribution License, which allows others to freely distribute the published work with the obligatory reference to the authors of the original work and the first publication of the work in this collection.
- The authors have the right to conclude an agreement on exclusive distribution of the work in the form in which it was published this anthology (for example, to place the work in a digital repository institution or to publish in the structure of the monograph), provided that references to the first publication of the work in this collection.
- Policy of the journal allows and encourages the placement of authors on the Internet (for example, in storage facilities or on personal web sites) the manuscript of the work, prior to the submission of the manuscript to the editor, and during its editorial processing, as it contributes to productive scientific discussion and positive effect on the efficiency and dynamics of citations of published work (see The Effect of Open Access).
