METHODOLOGY OF INFORMATION SECURITY RISK ASSESSMENT OF ELECTRONIC RESOURCES UNDER UNAUTHORIZED ACCESS THREATS

Authors

  • Komil Kerimov Department of System and Applied Programming, Tashkent University of Information Technologies named after Muhammad al-Khwarizmi (UZ)
  • Zarina Azizova Department of Information Security Tashkent University of Information Technologies named after Muhammad al-Khwarizmi (UZ)

DOI:

https://doi.org/10.17770/etr2024vol2.8043

Keywords:

computer network, vulnerability, risks, information security, artifacts, testing

Abstract

The article proposes a methodology for assessing the risk of information security of a computer network based on the results of the analysis of vulnerability attributes and protection attributes of information system elements, as well as security attributes of information system elements. According to the results of the research the space of information protection signs is formed. The results of the analysis of possible variants of threats of unauthorized access to electronic resources of the computer network, as well as solutions to reduce the risks of information security are given. Quantitative indicators of the results of the application of the proposed methodology to assess the risk of threats of unauthorized access to electronic resources of the computer network confirm the effectiveness of the proposed methodology, which can be used to improve the level of protection of electronic resources in organizations.

 

Downloads

Download data is not yet available.

References

J. Bhattacharjee, A. Sengupta and C. Mazumdar, "A formal methodology for Enterprise Information Security risk assessment," presented at 2013 International Conference on Risks and Security of Internet and Systems (CRiSIS), La Rochelle, France, 2013.

A. Shameli-Sendi, R. Aghababaei-Barzegar and M. Cheriet, "Taxonomy of Information Security Risk Assessment (ISRA)," Computers & Security, vol. 57, pp. 14-30, 2016.

Y. Ye, W. Lin, S. Deng and T. Zhang, "A Practical Solution to the Information Security Risk Evaluation Problems in Power Systems," presented at 2014 International Conference on Future Computer and Communication Engineering, Tianjin, China, 2014.

R. Khamdamov, K. Kerimov and J. Ibrahimov, "Method of Developing a Web-Application Firewall", Journal of Automation and Information Sciences, vol. 51, pp. 61-65, 2019.

S. Bezzateev, T. Elina, V. Mylnikov and I. Livshits, "Methodology of information systems risk assessment based on the analysis of user behavior and information security incidents," Scientific and Technical Bulletin of Information Technologies, Mechanics and Optics, vol. 21, pp. 553-561, 2021.

F. Krachten , Introduction to Rational Unified Process - 2.ed.: Williams, 2002.

A. Astakhov, The Art of Information Risk Management. M: DMK Press, 2010.

P. Khorev, Methods and means of information protection in computer systems. M: Helios, 2006.

S. Zapechnikov, Information security of open systems. In 2 vol. Vol. 1 Threats, vulnerabilities, attacks and approaches to defense. M: GLT, 2017. V. Opanasenko, S. Kryvyi, "Synthesis of Adaptive Logical Networks on the Basis of Zhegalkin Polynomials", Cybernetics and Systems Analysis, vol. 51, pp. 969–977, 2015

Downloads

Published

2024-06-22

How to Cite

[1]
K. Kerimov and Z. Azizova, “METHODOLOGY OF INFORMATION SECURITY RISK ASSESSMENT OF ELECTRONIC RESOURCES UNDER UNAUTHORIZED ACCESS THREATS”, ETR, vol. 2, pp. 155–161, Jun. 2024, doi: 10.17770/etr2024vol2.8043.