METHODOLOGICAL APPROACH TO ANALYSIS AND EVALUATION OF INFORMATION PROTECTION IN INFORMATION SYSTEMS BASED ON VULNERABILITY DANGER

The paper considers a methodological approach to an analysis and estimation of information security in the information systems which is based on the analysis of vulnerabilities and an extent of their hazard. By vulnerability hazard it is meant a complexity of its operation as a part of an information system. The required and sufficient vulnerability operational conditions  have  been  determined in the paper. The paper proposes a generalized model for attack realization which is used as a basis for construction of an attack realization model for an operation of a particular vulnerability. A criterion for estimation of information protection in the information systems which is based on the estimation of vulnerability hazard is formulated in the paper. The proposed approach allows to obtain a quantitative estimation of the information system security on the basis of the proposed schemes on realization of typical attacks for the distinguished classes of vulnerabilities.

The methodical approach is used for choosing variants to be applied for realization of protection mechanisms in the information systems as well as for estimation of information safety in the operating information systems.

1. Астахов, А. А. Анализ защищенности корпоративных систем / А. А. Астахов // Открытые системы. – 2002. – №7/8. – С. 44–49.

2. Вихорев, С. В. Как узнать откуда напасть и откуда исходит угроза безоапасности / С. В. Вихорев, Р. Ю. Кобиев // Конфидент. – 2002. – №1. – С. 44–49.

3. Симонов, С. Современные технологии анализа рисков в информационных системах / С. Симонов // PC Week/RE = Компьютерная неделя. – 2001. – № 37 (307).