The results of the research aimed at further development detection models cyber threats, as well common classes anomalies and cyber-attacks in mission critical computer systems (MCCS) are presented.It is shown that one promising directions synthesis adaptive prevention application logical procedures detection, based on coverage matrices features anomalies, threats within known new MCCS intrusions. model cyber-attacks, to was designed, which learning samples form elementary classifiers for...

One of the pressing areas that is developing in field information security associated with use Honeypots (virtual decoys, online traps), and selection criteria for determining most effective their further classification an urgent task. The main products implement virtual decoy technologies are presented. They often used to study behavior, approaches methods unauthorized party uses gain access system resources. Online hooks can simulate any resource, but more they look like real production...

The study showed that mainly for analysis and risk assessment used statistical data on incidents information security threats. In many countries at the state level, such statistics are not kept, which limits possibilities of existing tools national use. It should also be noted sets expert certain limitations (on set parameters) gives him possibility applying evaluation a wider range values. Based this, two methods presented risk, allow you to use wide parameters, giving opportunity create...

There is system analysis and information security risks assessment based on processing of linguistic variables. These variables are standard parametric trapezoidal fuzzy numbers with a fixed number term sets. standards defined by experts at the initialization stage basic units in course setup. Its efficient use will increase, if there possibility correction without corresponding experts' involvement. To solve this problem, implementation method function transformation single increment terms...

The construction of information security management system (ISMS), complex and other systems require carrying out the analysis risk assessment. existing assessment tools in its majority are based on statistical approaches. In many countries, both at enterprise level State such statistics is not conducted. This limits ability tools, as use different input data types for A known tool gives no administration opportunity risks a wide range initial parameters. On t he basis proposed method, which...

As information technologies progress further, the number of vulnerabilities and threats to various data processing systems increases, creating a need for specialized security tools ensure proper functioning intrusion prevention. A promising area rapid growth within field is cyberattack detection prevention unauthorized party access. To identify network intrusions, use modern methods, models, controls integrated technical solutions that can remain effective when new or modified types...

There are many ways to organize authentication and authorization in information systems. Typically, is used provide login, primarily a security tool for personal user data. It the first level of protection against receiving any system information. In turn, helps ensure data integrity when running multiple different users with permissions. The communication systems includes circulating computer designed storing, searching processing (databases, application programs, control various devices,...

Был проведен анализ понятия риска в различных предметных областях с точки зрения безопасности, психологии, экономики, страхования, медицины, геологии и т.д., которое раскрывалось как монографиях, статьях, учебниках, словарях так нормативных национальных международных документах. Определены базовые характеристики из множества его толкований для последующей интерпретации информационной безопасности. Предлагается интеграции определения риска, отображением области ИБ, представить виде кортежа...

The detailed analysis of problem is conducted and the method estimation size quantitative high-quality parameters possible harm national safety state developed in case disclosure information which make a secret or losses financial carriers data.

Applied results of scientific analysis should be the key focus modern security research. A comparative research obtained using different methods, as an applied task, forms a broader basis for interpreting and substantiating conclusions. social survey expert opinion were conducted to implement general concept strategic cybersecurity in Ukraine. Using method based on determining average value certain set estimates, well theory fuzzy sets, risks spreading cyber threats Ukraine assessed. The...

The known information security assessment risk system(developed by authors) is based on processing methods oflinguistic variables. These variables are thestandard parametric trapezoidal fuzzy numbers with afixed number of term sets. Etalons defined expertsat the stage base units initialization during setting-upsystem. Efficiency its use would increase if it isavailable to correct etalons without involvement ofappropriate experts. To solve this problem authorspropose a method function...

В работе представлено методологию синтеза систем анализа и оценки риска потерь информационных ресурсов, которая позволяет использовать широкий спектр параметров, дающая возможность создавать более гибкие средства анализа, а также оценивать риски, как на основе статистических данных, так экспертных оценках, сделанных в неопределенной, слабоформализованной среде с учетом периода времени, отрасли, экономической управленческой специфики предприятия др. Кроме этого, методология дает отражать...

В работе проведено исследование широкого спектра существующих методик и программного обеспечения управления информационными рисками относительно набора параметров, характеризующих риск. К этим параметрам принадлежат: событие, действие, характеристика ситуации, мера, вероятность, опасность, затраты потери. Для этих средств с учетом интегрированных параметров риска составлен кортеж, который даст возможность унифицировать процесс сравнительного анализа соответствующего инструментального...

Стремительное развитие ІТ-инфраструктуры предприятий неизменно влечет за собой неконтролируемый рост количества информационных угроз и уязвимостей ресурсов. В этих условиях оценка рисков позволяет определить необходимый уровень защиты информации, осуществить его поддержку разработать стратегию развития информационной структуры компании. Оценка анализ является необходимым условием при создании системы управления рисками плана обеспечения непрерывности возобновления бизнеса.

Nowadays, one of the relevant areas that is developing in field information security associated with use Honeypot (virtual lures, online traps), and selection criteria for determination most effective their further classification an urgent task. There are presented main products which virtual lures technology implemented. Often they used to study behavior, approaches methods unauthorized party uses access system resources. Online traps can imitate any resource, but more often look like real...

The known information security assessment risk system (developed by authors) is based on processing methods of linguis-tic variables. These variables are the standard parametric trapezoidal fuzzy numbers with a fixed number term sets. Eta-lons defined experts at stage base units initialization during setting-up system. Efficiency its use would increase if it available to correct etalons without involvement appropriate experts. To solve this problem authors propose method function realization...

The known information security assessment risk system (developed by authors) is based on processing methods of linguistic variables. Their foundation are reference parametric trapezoidal fuzzy numbers with different plurality defining terms, the formation which associated involvement experts in relevant subject area. For more efficient use such it's necessary to provide abilities: handle types and transform amount terms without real-time mode. To solve this problem we propose n-fold decrease...

В работе проведено исследование широкого спектра существующего программного обеспечения анализа и оценки риска относительно набора параметров, характеризующих риск. К таким параметрам относятся событие, действие, характеристика ситуации, мера, вероятность, опасность, затраты потери. наиболее известным программным продуктам, которые использованы для исследования, RiskWatch, RA2 art of risk, Risk Advisor, OCTAVE др. Для этих средств с учетом интегрированных параметров составлен кортеж, который...

The construction of information security management system requires providing the analysis and risk assessment that are often characterized by high fuzzy conditions. existing tools do not provide opportunities for a wide range initial parameters. On basis proposed method it was implemented an appropriate software system. It allows making in conditions using established components, which displayed model integrated concept parameters can be represented both numerical linguistic forms. To...

Проведен анализ базовых понятий связанных с управлением риска в сфере информационной безопасности. Относительно этого построена схема зависимости процессов и его интегрированными параметрами. Это даст возможность унифицировать процесс исследования существующих методов методик анализа оценки риска, повысит эффективность осуществления их выбора. Также приведен пример наиболее известных использованием интегрированных параметров.

To implement the process of analysis and information risk assessment based on expert judgments it is required to use some methods means that make possible handle with fuzzy input data, for example, presented in linguistic form. There a system where an parametric trapezoidal numbers. A practical implementation this requires application other types The development capabilities such can be achieved through additional another type numbers-triangular. solve task paper suggests conversion method...