CASPIAN JOURNAL

MANAGEMENT AND HIGH TECHNOLOGIES

BUILDING A RELATIONSHIP BETWEEN AN INFORMATION SECURITY INTRUDER AND VULNERABILITIES OF INFORMATION ASSETS IN INFORMATION SYSTEMS FOR PROCESSING PERSONAL DATA

Read

Zhuk Roman V., Dzoban Pavel I., Vlasenko Alexandra V. BUILDING A RELATIONSHIP BETWEEN AN INFORMATION SECURITY INTRUDER AND VULNERABILITIES OF INFORMATION ASSETS IN INFORMATION SYSTEMS FOR PROCESSING PERSONAL DATA // Caspian journal : management and high technologies. — 2020. — №1. — pp. 162-169.

Zhuk Roman V. - Branch В«Macroregion SouthВ» Ltd Co IC В«SIBINTEKВ», goonerkrd@gmail.com

Dzoban Pavel I. - Kuban State Technological University, antiemoboy@mail.ru

Vlasenko Alexandra V. - Kuban State Technological University, Alex_Vlasenko@list.ru

Methods for determining assets in information systems, selecting software vulnerabilities, and identifying information security intruder and threats to information security are considered. A review of the methodology for assessing software vulnerabilities and the methodology for selecting the potential for an information security intruder with certain capabilities is carried out. Unification of parameters of an asset of an information system for processing personal data is proposed. A method for quantifying the potential of an information security intruder is proposed, and the relationship between an information security intruder and software vulnerabilities is built on the basis of projecting and unifying metrics of the software vulnerability assessment vector on the parameters of the information security intruder's potential. We have prepared production rules that allow us to determine whether the identified software vulnerabilities can be implemented by the selected information security violator.

Key words: актив, вектор, уязвимость программного обеспечения, метрика уязвимости, нарушитель информационной безопасности, продукционная модель, угроза информационной безопасности, vector, software vulnerability, vulnerability metric, information security intruder,