METHODS FOR ASSESSING INFORMATION SECURITY IN COMMUNICATION NETWORKS
DOI:
https://doi.org/10.28925/2663-4023.2025.27.767Keywords:
information protection, cybersecurity, system security indicator, weighting coefficients, models, vulnerabilitiesAbstract
The article considers methodological approaches to determining and assessing information security indicators in modern security systems. The authors focus on the complexity of the process of selecting indicators to assess the level of security, which requires taking into account a wide range of factors. These include the characteristics of protected components, destabilizing environmental influences, protection mechanisms, and the time aspect, which plays a key role in predicting the effectiveness of protective measures. A generalized approach to constructing an integral indicator is proposed, which allows for a comprehensive assessment of the state of information security. This approach is based on the formation of a system of vectors that include initial characteristics, complex security indicators, security parameters, and weighting factors. This method provides the ability to take into account various aspects of security and their relationships.
For the practical application of security assessment models, three main methodological approaches are distinguished: empirical, theoretical, and combined theoretical-empirical. Practical recommendations are given for the effective application of assessment models. In particular, the need to involve highly qualified specialists who are able to adequately interpret the data obtained is emphasized. It is important to consider the behavior of indicators when changing input data, which allows predicting the system's response to new threats. To select the optimal variant of the protection system, it is proposed to use a modified minimax criterion. This approach allows taking into account the set of private quality criteria and provides the best value among the worst normalized indicators. This method provides a balance between various aspects of security, helping to find the optimal solution when designing and evaluating information protection systems.
The proposed methodological approaches and practical recommendations are of great importance for increasing the effectiveness of information protection systems. They allow not only to assess the current state of security, but also to predict possible risks, which is important for ensuring the long-term stability of information systems.
Downloads
References
Brailovskyi, M. M., Khoroshko, V. O., & Khoroshko, O. V. (1999). Optimization of parameter choice of information protection system. Proceedings of the National Aviation University, 2(1). https://doi.org/10.18372/2306-1472.2.9319
Laptiev, O. A., Sobchuk, V. V., & Savchenko, V. A. (2019). A method of increasing the noise immunity of the system for detection, recognition and localisation of digital signals in information systems. Collection of scientific papers of the Military Institute of Taras Shevchenko National University of Kyiv, 66, 124–132.
Laptiev, O., Pohasii, S., Milevskyi, S., Sobchuk, A., & Barabash, A. (2021). Detection illegal of means of obtaining of information by the method of determining the deviation of characteristics of radio signal from the specified parameters. Znanstvena misel journal. Slovenia, 1(61), 23–29.
Kyrychok, R., Laptiev, O., Lisnevsky, R., Kozlovsky, V. & Klobukov, V. (2022). Development of a method for checking vulnerabilities of a corporate network using bernstein transformations. Eastern-European Journal of Enterprise Technologies, 1(9(115), 93–101. https://doi.org/10.15587/1729-4061.2022.253530.
Berkman, L. N., Barabash, O. V., Tkachenko, O. M., Musiienko, A. P., Laptiev, O. A., & Svynchuk, O. V. (2022). Intelligent control system for information and communication networks. Navigation and communication control systems, 3(69), 54–59. https://doi.org/10.26906/SUNZ.2022.3
Kudinov, V. O., & Khoroshko, V. O. (2005). Methodology of system design of the corporate network of the internal affairs agencies of Ukraine. Protection of information, 2, 4–13.
Kudinov, V. O., Plus, D. V., Khoroshko, V. O., & Chyrkov, D. V. (2005). Methodology for synthesising the optimal topology of a corporate network structure. Information security, 1, 12–21.
Information Security Management Systems — Requirements . International Organization for Standardization (ISO/IEC 27001:2022) (2022).
Hryshchuk, R. V. (2008). Quantitative assessment of the level of security of electronic computing equipment objects taking into account their functioning in the conditions of information conflict. Bulletin of the Higher Technical School of the State Technical University of Ukraine Technical sciences: computer science, computer engineering, 3(46), 113–120.
Buriachok, V. L. (2011). Algorithm for assessing the degree of security of special information and telecommunication systems. Protection of information, 3(52), 19–27.
Laptiev, O., & Zozulia, S. (2023). The method of exclusion of known signals when scanning a specified radio range. Electronic Professional Scientific Journal “Cybersecurity: Education, Science, Technique”, 2(22), 31–38. https://doi.org/10.28925/2663-4023.2023.22.3138
Laptiev, S. (2022). The advanced method of protection of personal data from attacks using social engineering algorithms. Electronic Professional Scientific Journal “Cybersecurity: Education, Science, Technique”, 4(16), 45–62. https://doi.org/10.28925/2663-4023.2022.16.4562
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 Олександр Лаптєв, Віталій Савченко, Алла Кобозева, Анатолій Салій, Тимур Куртсеітов
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
