The development of the IT industry and computing resources allows the formation of cyberphysical social systems (CPSS), which are the integration of wireless mobile and Internet technologies and the combination of the Internet of things with the technologies of cyberphysical systems. To build protection systems, while minimizing both computing and economic costs, various sets of security profiles are used, ensuring the continuity of critical business processes. To assess/compare the level of CPSS security, various assessment methods based on a set of metrics are generally used. Security metrics are tools for providing up-to-date information about the state of the security level, cost characteristics/parameters from both the defense and attack sides. However, the choice of such sets is not always the same/understandable to the average person. This, firstly, leads to the absence of a generally accepted and unambiguous definition, which means that one system is more secure than another. Secondly, it does not take into account the signs of synergy and hybridity of modern targeted attacks. Without this knowledge, it is impossible to show that the metric measures the security level objectively. Thirdly, there is no universal formal model for all metrics that could be used for rigorous analysis. The paper explores the possibility of defining a basic formal model (classifier) for analyzing security metrics. The proposed security assessment model takes into account not only the level of secrecy of information resources, the level of provision of security services, but also allows, based on the requirements put forward, forming the necessary set of security assessment metrics, taking into account the requirements for the continuity of business processes. The average value of the provision of security services to CPSS information resources is 0.99, with an average value of the security level of information resources of 0.8
The development of technologies and computing resources not only expanded the spectrum of digital services in all areas of human activity, but also defined the spectrum of targeted cyber attacks. The object of the study is the process of ensuring the safety of critical business processes that ensure the continuity of production and/or functioning of the company/organization/enterprise as a whole. Targeted attacks are aimed at destroying not only the business structure, but also its individual components that determine critical business processes. Continuity of such business processes is a critical component of any company, organization or enterprise of any form of government, which critically affects the earning of profits or the organization of production processes. The proposed concept of determining the security level of critical business processes is based on the need to use multi-loop information protection systems. This allows to ensure the continuity of critical business processes through a timely objective assessment of the level of security and the timely formation of preventive measures. This approach is based on the proposed rules for determining the achievement of a given level of security, which are based on assessments of the integrity, availability and confidentiality of information arrays, as well as computer equipment in relation to various points of the organization's business processes. The use of threat integration on the internal and external contours of the protection system allows to ensure the necessary level of security and continuity of the production/technological process of critical business processes. The proposed practical implementation of the system security level assessment system in the declarative programming language Prolog, which allows to form requirements regarding the achievement of a given system security level depending on the state assessments of individual system components
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.