MODERN APPROACHES TO CLASSIFICATION OF THE SECURITY THREAT OF INFORMATION OF OBJECTS OF INFORMATION ACTIVITIES OF THE NATIONAL GUARD OF UKRAINE

Authors

  • V. Yelchenkov
  • O. Smyrnov

DOI:

https://doi.org/10.33405/2078-7480/2020/2/73/207141

Keywords:

integrated information protection system, observability, controllability, technical information protection, information security threats

Abstract

The article provides a classification of violations of the properties of information that can be implemented with the help of an intruder in relation to the object of information activity of NSU. The most appropriate way to classify threats of all existing ones, specified in the article is the classification of threats based on the result of their influence on information, that is, a violation of its confidentiality, integrity, and availability of information. Information is kept confidential if the established rules for acquaintance with it are observed. Information maintains integrity if the established rules for its modification are observed. Information remains accessible if it remains possible to familiarize yourself with it or modify it in accordance with the established rules for a certain (small) period of time. A special place for determining the classification of each of the threats must be investigated, firstly, on the violation of what properties of information or ITS it is aimed at, secondly, the sources of the threat, and thirdly, possible ways to implement threats.

It is known that information vulnerabilities can affect it not directly, but indirectly. Random threats of a subjective nature (actions carried out by staff or users through carelessness, negligence, ignorance, etc., but unintentionally) can be:

– actions leading to the failure of ITS (individual components), the destruction of hardware, software, information resources (equipment, communication channels, deletion of data, programs, etc.)

– unintentional damage to storage media;

 unlawful change of the ITS operating modes (of individual components, equipment, software etc.), initiation of testing or technological processes that can lead to irreversible changes in the system (for example, formatting of storage media);

– unintentional viral infection of software;

– failure to comply with the requirements for organizational measures of protection of administrative documents in force in ITS;

 errors when entering data into the system, outputting data to incorrect addresses of devices, internal and external subscribers, and the like;

 any actions that may lead to the disclosure of confidential information, attributes of access control, loss of attributes, and the like;

 unlawful implementation and use of software prohibited by the security policy (for example, training and game programs, system and application software, etc.)

 the consequences of the incompetent use of protective equipment.

The analysis and classification of threats to information security at an object of information activities and its circulation in ITS will simplify the process of compiling an information protection plan and increase the efficiency of its compilation at the information activity object in the information and telecommunication system.

The article provides a general description of threats to information property violations.

References

Ленков С. В., Перегудов Д. А., Хорошко В. А. Методы и средства защиты информации: в 2 т. / за ред. В. А. Хорошко. Киев : Арин, 2008. 464 c.

Бабак В. П. Теоретичні основи захисту інформації : підручник. Київ : Книжкове вид-во НАУ, 2008. 752 с.

Хорошко В. О., Чередниченко В. С., Шелест М. Є. Основи інформаційної безпеки / за ред. проф. В. О. Хорошка. Київ : ДУІКТ, 2008. 186 с.

НДТЗІ 1.5-001-2000. Захист інформації. Технічний захист інформації. Радіовиявлювачі. Класифікація. Загальні технічні вимоги.

Соколов А. В., Шаньгин В. Ф. Защита информации в распределительных корпоративных сетях и системах. Москва : ДМК Пресс, 2002. 6З6 с.

Конахович Г. Ф. Защита информации в телекоммуникационных системах. Київ : МК-Пресс, 2005. 288 с.

Нормативне забезпечення інформаційної безпеки / С. М. Головань та ін. ; за ред. проф. В. О. Хорошка. Київ : ДУІКТ, 2008. 533 с.

Антонюк А. О. Основи захисту інформації в автоматизованих системах : навч. посіб. Київ : КМ Академія, 2003. 244 с.

Модель технічних розвідок “ТР-2030ˮ. Київ : Адміністрація Держспецзв՚язку, 2016. Кн. 1–5.

Issue

Section

Articles