Methodical approach to quantitative assessment of the risks of the implementation of threats unauthorized access to an information resource automated systems of internal affairs bodies

Abstract

Objective. A characteristic feature of the current stage of development of the sphere of informatization of internal affairs bodies (OVD) is a significant increase in the volume and variety of types of service information of limited distribution, stored, processed and transmitted in automated systems (AS). This gives rise to the emergence of a large number and expansion of the range of threats to information security, primarily threats associated with unauthorized access (UAS) to the information resource of the ATS AS, and necessitates the improvement of existing methods to combat this type of crime in order to ensure the information security of objects of informatization of ATS. To obtain information that allows assessing the degree of threats, it is necessary to conduct a quantitative risk assessment.Method. The method for assessing the risks of implementing threats of unauthorized access to the information resource of the ATS AS and obtaining data in a quantitative representation is based on the use of mathematical modeling methods. The advantage of a quantitative assessment compared to a qualitative assessment is the ability to compare risks with the final result, which can be represented in monetary terms, and further use in assessing the likelihood of information threats and calculating the damage caused.Result. A methodical approach to the quantitative assessment of the risks of the implementation of UA threats to the information resource of the ATS AS is proposed, which makes it possible to assess the level of security of service information.Conclusion. The proposed methodological approach to quantitative assessment of the risks of the implementation of UA threats to the information resource of the ATS AS provides a visual representation in monetary terms of the objects of assessment (damage, costs). These calculations can be used to justify the requirements for the level of security of ATS ASs during their development and operation.