РАЗРАБОТКА ЕРС - МОДЕЛЕЙ УГРОЗ НАРУШЕНИЯ ИНФОРМАЦИОННОЙ БЕЗОПАСНОСТИ АВТОМАТИЗИРОВАННОЙ СИСТЕМЫ УПРАВЛЕНИЯ ТЕХНОЛОГИЧЕСКИМИ ПРОЦЕССАМИ.

Abstract

The purpose of this study is to develop threat models specific to the object of protection-automated process control systems. When developing the threat models, we propose a method of constructing graphical notations of events (Event-driven Process Chain), the main elements of which are events and functions associated with logical operations. We present the results of the analysis of threats of violation of information security of automated control systems of technological processes. The EPC-models of threats of information security violation of modern information and control systems of industrial enterprises are presented. The EPC-models allow to describe in detail ways of realization of the threats that, in turn, gives the chance to the experts working in the field of information security to design systems of information protection matched to potential threats and taking into account specifics of production. Modeling threats of violation of information security allows the specialist for data protection obtaining sufficient arguments about the feasibility of a violator of the threats to specific automated control systems of technological processes, which contributes to the financing of the project. This paper is not limited to the consideration of only business process models as the only means of creating threat models in the field of information security, and offer EPC-modeling as one of the methods of building information security threats for automated control systems. The EPC models allow to describe ways of realization of the threats actual for modern automated control systems and to estimate probabilities of their realization.