Analysis of the Risks of Information Security Violations from Computer Attacks with an Increasing amount of Damage from Their Implementation
https://doi.org/10.25205/1818-7900-2023-21-1-19-31
Abstract
The article discusses the issues of analyzing the risks of information security violations if it is necessary to take into account the total damage in the event of computer incidents. A discrete time model is considered as a mathematical model of the occurrence of incidents, in which incidents in an information system occur at random discrete moments of time. Incidents are understood as unintended events, such as malfunctions, violations of operating rules, and intentional – computer attacks, unauthorized access attempts and similar situations. In the case of a risk-based approach, we believe that the occurrence of each incident is accompanied by damage, the magnitude of which is fixed. The use of protective equipment reduces the likelihood of the risk of incidents. But setting up an incident response can be implemented in one of two main scenarios. In one variant, when another incident occurs, the corresponding amount of damage is compared with its maximum allowable value. If the amount of damage received, regardless of the damage caused by other incidents, does not exceed the specified threshold, then the information system continues to operate normally. Otherwise, the security policy is reviewed, the necessary additional protective measures are introduced and other measures are taken to improve the security of the information system. In another variant of the scenario, when incidents occur that lead to a violation of information security, the values of damages from successive incidents are summed up and the value of the sum is compared with the maximum allowable amount of damage. If, during the next incident, the total damage from all previous incidents does not exceed the maximum set value, the information system continues to operate normally. Otherwise, it is concluded that it is necessary to introduce additional protection measures. In the work, within the framework of the models under consideration, the risks of information security violations are assessed, in particular, the probabilistic distribution of the time of safe operation of the information system is found. As an illustration of the considered approach, predictive models of the number of unauthorized transactions with accounts of legal entities and the number of unauthorized transactions using payment cards are constructed. The models under consideration are based on real data about incidents, using a previously developed forecasting method based on a continuous approximating function.
About the Authors
A. Yu. Ermakova
Russian Technological University
Russian Federation
Russian Federation
Alla Yu. Ermakova, associate professor Department
Moscow
A. B. Los
HSE University
Russian Federation
Russian Federation
Alexey B. Los, associate professor Department
Moscow
References
1. Examination and audit of information security. [Electronic resource]. Access mode: https://sudexpa.ru/expertises/ ekspertiza-i-audit-informatcionnoi-bezopasnosti/ (date of application 17. 02. 2020).
2. Audit of information systems. Regola-monitoring. [Electronic resource]. Access mode: https://spb.systematic.ru/about/news/regola-monitoring.htm/ (date of application 20. 02. 2020).
3. Market overview of SIEM systems. [Еelectronic resource]. Access mode: https://www.antimalware.ru/node/11637 (date of application 15. 03. 2020).
4. Artemyev V., Kostogryzov A., Rudenko J., Kurpatov O., Nistratov G., Nistratov A. Probabilistic methods of estimating the mean residual time before the next parameters abnormalities for monitored critical systems. Proceedings of the 2<sup>nd</sup> International Conference on System Reliability and Safety (ICSRS- 2017), December 20–22, 2017, Milan, Italy, pp. 368–373
5. Kostogryzov A, Nistratov A. Probabilistic methods of risk predictions and their pragmatic applications in life cycle of complex systems. In “Safety and Reliability of Systems and Processes”, Gdynia Maritime University, 2020. pp. 153–174. DOI: 10.1007/978-3-030-46895-8_27
6. Kostogryzov A., Nistratov A., Nistratov G. (2020) Analytical Risks Prediction. Rationale of System Preventive Measures for Solving Quality and Safety Problems. In: Sukhomlin V., Zubareva E. (eds) Modern Information Technology and IT Education. SITITO 2018. Communications in Computer and Information Science, vol 1201. Springer, pp. 352–364.
7. Egoshin N. S. Model’ tipovy’x ugroz bezopasnosti informacii, osnovannaya na modeli informacionny’x potokov / N. S. Egoshin // Doklady’ Tomskogo gosudarstvennogo universiteta sistem upravleniya i radioe’lektroniki. – 2021. – T. 24. – № 3. – S. 21-25.
8. Kondakov S. E. Model’ processa provedeniya komp’yuterny’x atak s ispol’zovaniem special’ny’x informacionny’x vozdejstvij / S. E.Kondakov, I. S. Rud’ // Voprosy’ kiberbezopasnosti. – 2021. № 5 (45). S. 12-20.
9. Kalashnikov A. O. Modeli kolichestvennogo ocenivaniya komp’yuterny’x atak / A.O. Kalashnikov, K.A. Bugajskij, E.V. Anikina //Informaciya i bezopasnost’. – 2019. – T. 22. – № 4. – S. 517-538.
10. Ermakova A. Y. Razrabotka metodov prognozirovaniya na primere analiza sredstv vichislitelnoy techniki // Promishlennie ASU i kontrolleri. –2017. – № 1. – С. 28−34.
11. Ermakova A.Y., Los A.B., Issledovanie prognoznich modeley dinamicheskoj sistemi na primere prognoza insidentov informatinnoj bezopasnosti // Kompjuternie nauki i informationnie technologii : sbornik statei Mezdunarodnoj nauchnoj konferentcii. Saratov: Izdatelskij Center «Nauka», 2018 – С. 144-149.
12. Ermakova A. Y. Ob otcenke tochnosti prognozirovanija sostojanij dinamicheskoj sistemi metodom postroenija approksimirujushej funktcii // Promishlennie ASU i kontrolleri. – 2018. – № 5. – С.36−42.
13. Ermakova A.Y. Ob odnom podchode k otcenke zashishennosti informatcionnoj sistemi na osnove analiza intcidentov // Systemi visokoj dostupnosti. –2018. – № 4. – С. 32−35.
14. Ermakova A. Y. Modeli DDoS atak i issledovanie zashishennosti informatcionnoj sistemi ot dannogo tipa ugroz // Promishlennie ASU i kontrolleri.– 2019. – № 12. – С. 54−59. DOI: 10.25791/asu.12.2019.1074
15. Ermakova A. Y. Model kompjuternoj ataki v uslovijach ogranichennoj vozmojnosti zashiti i postroenie prognoznich modelej compjuternich incidentov // Promishlennie ASU i kontrolleri.–2020. – № 6. – С. 50−57. DOI: 10.25791/asu.6.2020.1194
16. Kalashnikov A. I. Review of unauthorized money transfers for 2017. Electronic resource (free access mode) : https://ib-bank.ru/ural/ (date of application 11. 04. 2019)
Review
For citations:
Ermakova A.Yu., Los A.B. Analysis of the Risks of Information Security Violations from Computer Attacks with an Increasing amount of Damage from Their Implementation. Vestnik NSU. Series: Information Technologies. 2023;21(1):19-31. (In Russ.) https://doi.org/10.25205/1818-7900-2023-21-1-19-31
Views:
140
Email this article 