Email this article Using graphs to identify asset security compromises
- Authors: Grineva N.V.1
-
Affiliations:
- Financial University under the Government of the Russian Federation
- Issue: Vol 11, No 4 (2024)
- Pages: 25-34
- Section: MATHEMATICAL MODELING, NUMERICAL METHODS AND COMPLEX PROGRAMS
- URL: https://journal-vniispk.ru/2313-223X/article/view/282559
- DOI: https://doi.org/10.33693/2313-223X-2024-11-4-25-34
- EDN: https://elibrary.ru/FVVTHN
- ID: 282559
Cite item
Open Access
Access granted
Subscription Access
Abstract
Due to the ever-expanding threat landscape, the problem of timely identification of information security risks, their assessment, and, as a result, management of these risks remains urgent. The main components of all quantitative risk assessments are the frequency, or probability, of the realization of a risky event, and the amount of losses from the realization of the threat. The purpose of the work is to increase the accuracy in quantifying information security risks, develop a theoretical model that takes into account all the relationships between assets in the company’s information environment, and compile an effective set of risk management measures. To formalize the company’s information security risk assessment model, a set of security breach conditions for the company’s information environment was identified, consisting of elements characterizing the possible results of threat implementation for each asset. As a result of the development of the model, the relationship of assets and the versatility of threat scenarios are shown.
Keywords
Full Text
##article.viewOnOriginalSite##About the authors
Natalia V. Grineva
Financial University under the Government of the Russian Federation
Author for correspondence.
Email: ngrineva@fa.ru
ORCID iD: 0000-0001-7647-5967
Cand. Sci. (Econ.), Associate Professor; associate professor, Department of Information Technology
Russian Federation, MoscowReferences
- Ageev S.A., Saenko I.B. Method of intelligent multi-agent information security risk management in secure multiservice networks for special purposes. T-Comm: Telecommunications and Transport. 2015. Vol. 9. No. 1. Pp. 5–10. (In Rus.). EDN: TILBWN.
- Volkov Yu.V., Samokhin D.S. Method for determining the type and parameters of distributions of random variablesrank according to operational data from nuclear power facilities. Izvestiya vuzov. Nuclear Energy. 2007. No. 4. Pp. 15–23. (In Rus.). EDN: JUEFIN.
- Vorontsov K.V., Sukhareva A.V. Construction of a complete set of topics of probabilistic thematic models. Intelligent Systems. Theory and Applications. 2019. Vol. 23. No. 4. Pp. 7–23. (In Rus.). EDN: CWOGHS.
- Goncharenko V.A. Modeling and evaluation of the characteristics of random streams of events in computer networks with parametric uncertainty. Proceedings of the A.F. Mozhaisky VKA. 2015. Issue 649. Pp. 16–22. (In Rus.). EDN: VLCXNJ.
- Grineva N.V., Mikhailova S.S., Vilkul A.A. Comparative analysis of clustering methods for graph data. Neurocomputers: Development, Application. 2023. Vol. 25. No. 4. Pp. 32–44. (In Rus.). doi: 10.18127/j19998554-202304-05. EDN: IDYWPI.
- Grineva N.V., Semenova P.A. Application of spectral methods for recognizing the structure of communities in complex networks. Bulletin of the Voronezh State University. Series: System Analysis and Information Technology. 2023. No. 3. Pp. 75–83. (In Rus.). doi: 10.17308/sait/1995-5499/2023/3/75-83. EDN: HFLBXC.
Supplementary files
