Analysis and Classification of Potentially Unauthorized Actions to Information in Automatic and Automated Systems Resource Areas

Abstract

The issues of filling the relevant nodes of the system of proactive information management and security events, the methodology for calculating risks on the basis of objective assessments for the possibility of increasing the veracity of expert assessments. The proposed methodology is necessary for the most accurate calculation of the risk regarding the security of information resources of intelligent information systems. The methodology is also intended for the purpose of organizing operational recommendations for the protection of information in the computer system of the enterprise in real time. Risks calculations are based on interrelated objective assessments of the probabilities of the number of unfavorable events, predictions of the values of damage estimates from information security breaches. For on-line searching of necessary information in real time, an ontological approach with elements of the integrated representation is provided. To clarify the picture of a more precise definition of the vulnerabilities of information resources in the intellectual information systems of the enterprise and better management of information and security events, a generalized formula is proposed that is based on various probability indicators of access by an attacker to the information resources of automated and automatic systems.