Justification Models of Organizational and Technical Support of Measures to Create Information Protection System of Informatization Objects

Cover Page

Cite item

Full Text

Abstract

The relevance of the article is due to the need to protect information at all stages of creating an information system in the absence of appropriate organizational and technical support. To justify this kind of provision, mathematical models are needed that take into account the conditions and the random nature of the implementation of heterogeneous information processing processes in time at each stage, threats to its security and protection from these threats. The article discusses approaches to the development of such models based on the apparatus of flow theory and the theory of composite Petri ‒Markov networks, the possibilities of which for modeling the processes under study have not been previously considered. The purpose of the article. To reveal the content of issues related to the justification of organizational and technical support for information protection at the stages of creating an information system, to show the need and ways to quantify threats to its security and protection from these threats. For this purpose, the methods of functional and structural analysis, probability theory and flow theory were applied. In the course of solving the scientific problem, the relevance of substantiating the organizational and technical support of information protection at the stages of creating information systems is shown, descriptive models of its processing processes are developed, time diagrams of threat scenarios are given in the absence of protection measures and in the conditions of using preventive organizational and technical measures, indicators and analytical ratios for their calculation are proposed. The scientific novelty of the article consists in the fact that for the first time it examines the issues of organizational and technical support for information protection at the stages of creating an information system, examines the theoretical aspects of quantifying threats to its security and protection from these threats based on flow theory and prospects for applying the theory of composite Petri-Markov networks. Significance (theoretical). The conditions for the implementation of the studied processes and the possibility of applying the theory of flows and the apparatus of composite Petri–Markov networks for their modeling are established. Significance (practical). The results obtained in the work can be used to justify the organizational and technical provision of information protection at the stages of creating information systems of various organizations (both state and non-state), for which the implementation of threats at these stages may lead to damage to their activities.

About the authors

O. S. Avsentyev

Voronezh Institute of the Ministry of the Interior of the Russian Federation

Email: osaos@mail.ru
SPIN-code: 7457-6728

V. V. Butov

Voronezh Institute of the Ministry of the Interior of the Russian Federation

Email: butov18@mail.ru
SPIN-code: 6574-5546

A. G. Valde

Ministry Department of Internal Affairs of Russia in the Amur Region

Email: avalde@mvd.ru
SPIN-code: 4747-6319

References

  1. ГОСТ 34.601-90. Информационная технология. Комплекс стандартов на автоматизированные системы. Автоматизированные системы. Стадии создания. М.: Стандартинформ, 2009.
  2. Avsentiev O.S., Valde A.G., Konkin Yu.V. Ensuring the Protection of Information in the Process of Creating an Information System of an Informatization Object // Chemistry and Technology of Fuels and Oils. 2021. № 3. P. 36.
  3. ГОСТ Р 50922-2006. Защита информации. Основные термины и определения. М.: Стандартинформ, 2007.
  4. Авсентьев О.С., Вальде А.Г. К вопросу о формировании системы защиты информации от утечки по техническим каналам, возникающим за счет побочных электромагнитных излучений объектов информатизации // Вестник Воронежского института МВД России. 2021. № 2. С. 22‒33. EDN:VNLGMX
  5. Язов Ю.К., Авсентьев О.С., Авсентьев А.О., Рубцова И.О. Метод оценивания эффективности защиты электронного документооборота с применением аппарата сетей Петри – Маркова // Труды СПИИРАН. 2019. Т. 18. № 6. С. 1269‒1300. doi: 10.15622/sp.2019.18.6.1269-1300. EDN:FBTRZZ
  6. Avsentiev O.S., Avsentiev A.O., Krugov A.G., Yazov Yu.K. Simulation of processes for protecting voice information objects against leakage through the spurious electromagnetic radiation channels using the Petri ‒ Markov nets // Journal of Computational and Engineering Mathematics. 2021. Vol. 8. Iss. 2. PP. 3‒24. doi: 10.14529/jcem210201. EDN:VOKXXO
  7. Язов Ю.К., Анищенко А.В. Сети Петри-Маркова и их применение для моделирования процессов реализации угроз безопасности информации в информационных системах. Монография. Воронеж: Кварта, 2020. 173 с.
  8. Язов Ю.К., Анищенко А.В., Суховерхов А.С. Основы теории составных сетей Петри-Маркова и их применения для моделирования процессов реализации угроз безопасности информации в информационных системах. Монография. СПб.: Сциентиа, 2024. 196 с. doi: 10.32415/scientia_978-5-6052111-2-9. EDN:CGTNTU
  9. ГОСТ Р 51583-2014. Защита информации. Порядок создания автоматизированных систем в защищенном исполнении. Общие положения. М.: Стандартинформ, 2014.
  10. Язов Ю.К., Соловьев С.В. Методология оценки эффективности защиты информации в информационных системах от несанкционированного доступа. Монография. СПб.: Наукоемкие технологии, 2023. 258 с. EDN:WVCHKW
  11. Меньшаков Ю.К. Теоретические основы технических разведок: учебное пособие. Под ред. Ю.Н. Лаврухина. М.: Изд-во МГТУ им. Н.Э. Баумана, 2008. 536 с.

Supplementary files

Supplementary Files
Action
1. JATS XML
Download


Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.

Согласие на обработку персональных данных

 

Используя сайт https://journals.rcsi.science, я (далее – «Пользователь» или «Субъект персональных данных») даю согласие на обработку персональных данных на этом сайте (текст Согласия) и на обработку персональных данных с помощью сервиса «Яндекс.Метрика» (текст Согласия).