CASPIAN JOURNAL
MANAGEMENT AND HIGH TECHNOLOGIES
Assessment of status for data security of organization in conditions of realization possibility for information security threats
Read | Azhmukhamedov Iskandar M., Knyazeva Oksana M. Assessment of status for data security of organization in conditions of realization possibility for information security threats // Caspian journal : management and high technologies. — 2015. — №3. — pp. 24-39. |
Azhmukhamedov Iskandar M. - D.Sc. (Engineering), Associate Professor, Astrakhan State Technical University, 16 Tatishchev St., Astrakhan, 414025, Russian Federation, aim_agtu@mail.ru
Knyazeva Oksana M. - post-graduate student; pecialist of supporting 1C, Astrakhan State Technical University; Ltd. В«UpGradeВ», 171 Krasnaya Naberezhnaya St., Astrakhan, 414004, Russian Federation, chobitoksana@mail.ru
For most organizations now exist urgent task of assessing the level of information security (IS) in case of IS threats implementations. Existing methods of assessing IS, in many cases do not allow generating enough informed judgments about the condition of information confidentiality, integrity and availability. Accordingly, it is difficult to take action to manage their levels, apply preventive measures - especially in the presence of resource and other limitations for decisions perfoming. The task of IS level assessing because of its features is weakly formalized. As a result of research made by authors, have been proposed a method of IS level assessing for organization, based on fuzzy cognitive modeling. The model has six hierarchical levels. The fifth level is the bottom of the hierarchy. At that level are located mechanisms and means of information protection. The fourth are the vulnerability and threats to IS. On the third are the attacks to the information resources of organization. On the second are the damage information assets and information protection means. At the first are the properties of information, describing its security (confidentiality, integrity, availability). On the zero level (the highest in the hierarchy) are an integral indicator of the organization IS. The inputs data to the model are the linguistic evaluations of current (or planned in case of decision-making, concerned with IS level management) status of information protection tools (a set of values: low, below average, average, above average, high). Based on these estimates are calculated value concepts at higher levels. Fuzzy cognitive model allows not only adequately assess the level of IS, but also develop recommendations for improving it (taking into account the mutual influence of factors). The proposed method has been implemented in software complex В«Fuzzy cognitive modeling of integrated information securityВ». Methods and software have been tested in the В«Center of Training Pilot-InformВ» by assessing the IS level of organization. This estimate served as the basis of developing recommendations for strengthening measures, aimed at confidentiality improving of information.
Key words: информационная безопасность, уязвимости, угрозы, повреждения информационных ресурсов, повреждения средств защиты информации, нечеткое когнитивное моделирование, лингвистическая переменная, нечеткие числа, нечеткий классификатор, поддержка принятия решений