Milko D.S., Nasedkin P.N. - Ekspertnaya sistema ocenki ugroz bezopasnosti informatsii. Formalnoe predtavlenie objektov vozdejstviya [Threat modeling expert system. Formal representation of impact objects]. Molodaya nauka Sibiri: ehlektronnyj nauchnyj zhurnal [Young science of Siberia: electronic scientific journal], 2021, no. 2. [Accessed 23/06/21]
An assessment of information security threats is necessary to develop an appropriate threat model. Also, the results of the threat assessment are used to select and justify the required measures when building an information protection system. In February 2021, a new methodological document of the Federal Service for Technical and Export Control of the Russian Federation (FSTEC of Russia) came into force, which is mandatory for all organizations that assess information security threats.
The paper describes the difficulties associated with the implementation of one of the stages of the automated process of assessing threats to information security. This stage concerns the assessment of the relevance of the affected objects. Two approaches, which are fundamentally new for the objects of influence, are introduced - the introduction of identifiers for the objects of influence and the formalization of the representation of objects of influence, which allow automating the process of assessing the relevance of objects of influence.
The work also reflects the existing difficulties associated with the use of terminology in the source of information about threats to information security - the Threat Data Bank, which is maintained by the FSTEC of Russia.
An algorithm for selecting objects of influence as a part of the algorithm for assessing threats to information security in general is described.
In the conclusion, recommendations are given regarding the tightening of the rules for maintaining the FSTEC of Russia Threat Databank, namely: the introduction of identifiers of objects of influence, the introduction of more stringent rules for describing objects of influence, amending the terminology used in the FSTEC of Russia Threat Databank
1. Konev А.А. Podhod k postroeniyu modeli ugroz zashishaemoi informatsii [Approach to creation protected information model] // Doklady TUSUR [TUSUR reports]. 2012 No. 1-2 (25). pp. 34–39.
2. Methodological document of the FSTEC of Russia dated 05.02.2021 «Methodology for assessing information security threats».
3. Decree of the President of the Russian Federation No. 1085 of 16.08.2004 «Issues of the Federal Service for Technical and Export Control».
4. GOST R 53114-2008. Information security. Ensuring information security in the organization. Basic terms and definitions. Valid from 01.10.2009.
5. Bank Dannyh Ugroz FSTEC Rossii [Threat Data Bank of the FSTEC of Russia] [Electronic resource]. URL: https://bdu.fstec.ru/threat (accessed 03.05.2021).
6. Serov A. V. Sistemy identifikatorov objektov i rabota s nimi [Object identifier systems and work with them] // Vestnik Syktyvkarskogo universiteta [Syktyvkar University Bulletin]. Ep.1. Mathematics. Mechanics. Information Techniligy. 2001. No 4.
7. GOST R ISO/IEC 9126-93. Information technology. Software product evaluation. Qualitycharacteristics and guidelines for their use.Valid from 28.12.1993.
8. GOST R 57429-2017. Forensic information technology examination. Terms and definitions. Valid from 01.09.2017.
9. GOST R 56938-2016. Information protection. Information security with virtualization technology. General. Valid from 01.06.2017.
10. GOST R 50922-2006. Protection of information. Basic terms and definitions. Valid from 01.02.2008.
11. GOST R 54671-2011 (EH 14511-1:2011). Air conditioners, liquid chilling packages and heat pumps with electrically driven compressors for space heating and cooling. Terms and definitions. Valid from 01.07.2012.
12. Teminy - Bank Dannyh Ugroz FSTEC Rossii [Therms - Threat Data Bank of the FSTEC of Russia] [Electronic resource]. URL: https://bdu.fstec.ru/terms (accessed 03.05.2021).