Комплексный подход к оцениванию защищенности значимых объектов критической информационной инфраструктуры от несанкционированного доступа

Abstract

The number of cybersecurity events in the modern world has increased significantly, of which a significant number fall on objects of critical information infrastructure. This paper discusses the main requirements for models for assessing the security of significant objects of critical information infrastructure from unauthorized access, classification of ambiguous source information, a generalized algorithm for assessing the level of security of significant objects of critical information infrastructure from unauthorized access, a fuzzy model for assessing the level of security using point and linguistic scales. It also determines the procedure for assessing the security of significant objects of critical information infrastructure from unauthorized access. Among the main requirements for models for assessing the security of significant objects of critical information infrastructure from unauthorized access are the following: versatility, extensibility, formalizability, simplicity, multifactoriality. The generalized algorithm for assessing the level of security of significant objects of critical information infrastructure from unauthorized access includes four computational blocks: in block 1, the collection and primary processing of information is carried out; in block 2, calculations using fuzzy evaluation algorithms with linguistic and point scales are used; in block 3, the effectiveness of information security employees is evaluated; in block 4, the levels of security of significant objects of critical information infrastructure from unauthorized access are predicted using fuzzy time series; in block 5, the estimates obtained at previous stages of calculations are examined using data processing techniques and draw appropriate conclusions for decision-making.