MODEL OF PARAMETERS FOR ASSESSING CONSEQUENCES OF LEAKAGE OFFICIAL INFORMATION FROM OBJECT OF CRITICAL INFRASTRUCTURE

Authors

DOI:

https://doi.org/10.28925/2663-4023.2024.26.691

Keywords:

object of critical infrastructure, consequences of leakage official information, model of parameters for assessment consequences

Abstract

There is a problem between the effectiveness of ensuring the stable and continuous functioning of a critical infrastructure facility in the process of providing it with basic services and/or vital functions and the effectiveness of the implemented methods, means and measures that do not provide a sufficient level of protection of critical information infrastructure facilities and, as a result, lead to the leakage of information with limited access, especially official information. To solve it, an analysis of the types of liability in case of disclosure of official information, classified by the amount of significant damage caused or serious consequences, was conducted. Criteria for restricting access and classifying types of information with limited access, especially for official information, were established as a “three-part test” to determine the relevant interest, purpose and its purpose, harm in case of disclosure and its counterbalance to the public interest in disclosure. Based on the conducted study of the list of service information of a separate critical infrastructure object, a basic model was developed, which, due to the integrated set-theoretic representation of sets characterizing the parameters of access restrictions, the information object, its set or individual indicators, the stamp, terms and types of marking of material carriers of service information, etc., allows, in accordance with the requirements of current legislation, to determine the sets of input and output components for forming a set of parameters for assessing the consequences of its leakage. Also, a hierarchical structure of this tuple model of the parameters for assessing the consequences of a leak of service information of a critical infrastructure object was built for the structuring of input and output data. In the future, to conduct experimental research and practical implementation of the above process, it is necessary to develop a method for assessing the consequences of the leakage of official information from object of critical infrastructure.

Downloads

Download data is not yet available.

References

On Access to Public Information, Law of Ukraine No. 2939-VI (2023). https://zakon.rada.gov.ua.

Latsyba, M., et al. (2011). Methodological Recommendations on Practical Implementation of the Law of Ukraine ‘On Access to Public Information’. Methodological recommendations. https://www.president.gov.ua.

Ogdanska, O., et al. (2014). Official information: the procedure of classification and access. A practical guide. http://za.inf.ua/bo/slizkonis_dsk.pdf.

Issues of Ensuring Access to Public Information by Executive Bodies, Decree of the President of Ukraine No. 547/2011 (2011). https://zakon.rada.gov.ua

Drais, Y. (2012). Taking into account the interests of the state in the methodology of damage assessment in the field of protection of state secrets. V International Conference on Integrated Intelligent Robotic Systems (IIRTC-2012), 316–318.

Korchenko, O., et al. (2014). Assessment of damage to the national security of Ukraine in case of leakage of state secrets. Monograph. https://repository.mu.edu.ua/jspui/handle/123456789/5221.

Kasperskyi, I. (2014). Classification features of proprietary information. Information security of a person, society, state, 3(16), 104–109.

Kasperskyi, I. (2020). Problems of legal regulation of the content of proprietary information in Ukraine. Information security of a person, society, state, 1–3 (28–30), 83–89.

Tkachuk, T., & Marchuk, V. (2012). Actual theoretical and practical problems of determining the legal nature of official information. Information security of a person, society, state, 3(10), 51–56.

Gumeniuk, I. (2012). Problems of protection of state secrets and proprietary information in the labour law aspect. Actual problems of managing the information security of the state, abstracts of the conference, 12–15.

Falchenko, S., et al. (2020). Method of Fuzzy Classification of Information with Limited Access. IEEE 2nd International Conference on Advanced Trends in Information Theory (ATIT), 255–259. https://doi.org/10.1109/ATIT50783.2020.9349358

Korchenko, O., & Dreis, Y. (2011). Protection of confidential information of the enterprise. Study guide.

Korchenko, O., & Dreis, Y. (2012). Model of a complex orientated information network of proprietary information in the defence sector - the List of proprietary information of the Armed Forces of Ukraine. Information Protection and Security of Information Systems, 10–11.

Dreis, Y., & Korchenko, O. (2014). The problem of forming a list of data constituting proprietary information. Actual problems of information security management of the state, 168–169.

Dreis, Y. (2021). Proprietary information: the amount of material damage in case of disclosure. XI International ITSec Conference, 7–8.

Dreis, Yu., et al. (2022). Restricted Information Identification Model. In: Cybersecurity Providing in Information and Telecommunication Systems, Vol. 3288, 89–95.

Korchenko, O., & Dreis, Y. (2022). A tuple model for the formation of a database of primary parameters for assessing the state of protection of state secrets. Information Security, 28(1), 35–42. https://doi.org/10.18372/2225-5036.28.16911

Dreis, Yu., et al. (2024). Model to Formation Data Base of Internal Parameters for Assessing the Status of the State Secret Protection. In: Cybersecurity Providing in Information and Telecommunication Systems, Vol. 3654, 277–289.

Dreis, Yu., et al. (2024). Model to Formation Data Base of Secondary Parameters for Assessing Status of the State Secret Protection. In: Cyber Security and Data Protection, Vol. 3800, 1–11.

Dreis, Yu. (2024). Method for assessing consequences of los a critical information infrastructure object by generalized criteria. Electronic Professional Scientific Journal «Cybersecurity: Education, Science, Technique», 1(25), 487–504. https://doi.org/10.28925/2663-4023.2024.25.487504

Korchenko, О., et al. (2017). Analysis problems in the field of state’s critical infrastructure. Projekt interdyscyplinarny projektem XXI wieku: Monograph, 1, 397–402.

Korchenko, О., et al. (2013). Synthesis methodology and software implementation system evaluation harm to national security in protection of state secrets. Ukrainian Journal of Information Security Research, 15(1), 14–20. https://doi.org/10.18372/2410-7840.15.4210

O. Korchenko, et al. (2017). Applied information security risk assessment systems. Monograph.

Mohor, V., & Honchar, S. (2019). Assessment of cyber security risks of information systems of critical infrastructure objects. Electronic Modeling, 41(6), 65–76.

Gnatyuk, S., et al. (2020). Basic aspects of confidential information security in critical information infrastructure objects. Electronic Professional Scientific Journal «Cybersecurity: Education, Science, Technique», 1(9), 170–181.

On Approval of the Rules for Ensuring the Protection of Information in Information, Electronic Communication and Information and Communication Systems, CMU Resolution, Rules No. 373 (2021). https://zakon.rada.gov.ua.

Some Issues of Critical Infrastructure Objects, Cabinet of Ministers of Ukraine, Resolution No. 1109 (2024). https://zakon.rada.gov.ua

Some issues of critical information infrastructure, Cabinet of Ministers of Ukraine, Resolution No. 943 (2022). https://zakon.rada.gov.ua

On Approval of the List of Data Containing Proprietary Information in the Ministry of Education and Science of Ukraine, Ministry of Education and Science of Ukraine, Order No. 1 (2019). https://mon.gov.ua

On Approval of the Standard Instruction on the Procedure for Keeping Records, Storage, Use and Destruction of Documents and Other Material Media Containing Proprietary Information, CMU Resolution No. 736 (2023). https://zakon.rada.gov.ua

Hulak, H. M., Zhiltsov, O. B., Kyrychok, R. V., Korshun, N. V., & Skladannyi, P. M. (2024). Information and cyber security of the enterprise. Textbook. Lviv: Publisher Marchenko T. V.

Downloads


Abstract views: 8

Published

2024-12-19

How to Cite

Dreis, Y. (2024). MODEL OF PARAMETERS FOR ASSESSING CONSEQUENCES OF LEAKAGE OFFICIAL INFORMATION FROM OBJECT OF CRITICAL INFRASTRUCTURE . Electronic Professional Scientific Journal «Cybersecurity: Education, Science, Technique», 2(26), 200–211. https://doi.org/10.28925/2663-4023.2024.26.691