基于脆弱性的标准信息系统信息保护系统效率设计与评估的方法学支持

Journal of Computer Science Pub Date : 2023-11-01 DOI:10.3844/jcssp.2023.1305.1317

Islam Alexandrovich Alexandrov, Andrey Victorovich Kirichek, Vladimir Zhanovich Kuklin, Alexander Nikolaevich Muranov, Leonid Mikhajlovich Chervyakov

{"title":"基于脆弱性的标准信息系统信息保护系统效率设计与评估的方法学支持","authors":"Islam Alexandrovich Alexandrov, Andrey Victorovich Kirichek, Vladimir Zhanovich Kuklin, Alexander Nikolaevich Muranov, Leonid Mikhajlovich Chervyakov","doi":"10.3844/jcssp.2023.1305.1317","DOIUrl":null,"url":null,"abstract":"The Information Protection System (IPS) is an integral part of any Information System (IS). To develop an optimal IPS model at the earliest stages of the IS lifecycle, it is necessary to develop IS resource and threat models. This study is devoted to developing a specific model of IS resources, allowing a detailed description of the relationship between resources and business processes and developing an IS threat model to describe in detail the relationships between threat implementations, various IS vulnerabilities, and the relationships between them. To solve these problems, this study used the methods of set theory, graph theory, probability theory, game theory, random processes theory, mathematical logic, and object-oriented approach. This study simulated different variants of the IPS and found that only a balanced IPS project met the Pareto demands. The projects where the emphasis is on countering only external or internal threats do not meet these demands.","PeriodicalId":40005,"journal":{"name":"Journal of Computer Science","volume":"39 4","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Developing the Concept of Methodological Support for Designing and Assessing the Efficiency of Information Protection Systems of Standard Information Systems Considering Their Vulnerabilities\",\"authors\":\"Islam Alexandrovich Alexandrov, Andrey Victorovich Kirichek, Vladimir Zhanovich Kuklin, Alexander Nikolaevich Muranov, Leonid Mikhajlovich Chervyakov\",\"doi\":\"10.3844/jcssp.2023.1305.1317\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The Information Protection System (IPS) is an integral part of any Information System (IS). To develop an optimal IPS model at the earliest stages of the IS lifecycle, it is necessary to develop IS resource and threat models. This study is devoted to developing a specific model of IS resources, allowing a detailed description of the relationship between resources and business processes and developing an IS threat model to describe in detail the relationships between threat implementations, various IS vulnerabilities, and the relationships between them. To solve these problems, this study used the methods of set theory, graph theory, probability theory, game theory, random processes theory, mathematical logic, and object-oriented approach. This study simulated different variants of the IPS and found that only a balanced IPS project met the Pareto demands. The projects where the emphasis is on countering only external or internal threats do not meet these demands.\",\"PeriodicalId\":40005,\"journal\":{\"name\":\"Journal of Computer Science\",\"volume\":\"39 4\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-11-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Computer Science\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.3844/jcssp.2023.1305.1317\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Computer Science","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.3844/jcssp.2023.1305.1317","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

摘要

信息保护系统(IPS)是任何信息系统(is)的一个组成部分。为了在IS生命周期的早期建立最优的IPS模型，需要建立IS资源模型和威胁模型。本研究致力于开发一个特定的is资源模型，详细描述资源与业务流程之间的关系，并开发一个is威胁模型，详细描述威胁实现与各种is漏洞之间的关系以及它们之间的关系。为了解决这些问题，本研究运用了集合论、图论、概率论、博弈论、随机过程理论、数理逻辑和面向对象的方法。本研究模拟了IPS的不同变体，发现只有平衡的IPS项目才能满足帕累托需求。那些只强调对抗外部或内部威胁的项目不能满足这些要求。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Developing the Concept of Methodological Support for Designing and Assessing the Efficiency of Information Protection Systems of Standard Information Systems Considering Their Vulnerabilities

The Information Protection System (IPS) is an integral part of any Information System (IS). To develop an optimal IPS model at the earliest stages of the IS lifecycle, it is necessary to develop IS resource and threat models. This study is devoted to developing a specific model of IS resources, allowing a detailed description of the relationship between resources and business processes and developing an IS threat model to describe in detail the relationships between threat implementations, various IS vulnerabilities, and the relationships between them. To solve these problems, this study used the methods of set theory, graph theory, probability theory, game theory, random processes theory, mathematical logic, and object-oriented approach. This study simulated different variants of the IPS and found that only a balanced IPS project met the Pareto demands. The projects where the emphasis is on countering only external or internal threats do not meet these demands.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Journal of Computer Science Computer Science-Computer Networks and Communications

CiteScore

1.70

自引率

0.00%

发文量

期刊介绍： Journal of Computer Science is aimed to publish research articles on theoretical foundations of information and computation, and of practical techniques for their implementation and application in computer systems. JCS updated twelve times a year and is a peer reviewed journal covers the latest and most compelling research of the time.