Network attacks main danger indicators formation in Internal Affairs Bodies automated systems

摘要

The purpose of this study is to analyze the existing indicators used in information security implementing threats risk assessing in automated systems. The goal is to identify its advantages, disadvantages and application possibilities, when conducting implementing danger network attacks quantitative assessment on automated systems operated in a secure execution at the Internal Affairs Bodies informatization objects. To achieve this goal we use the method of system analysis of threat hazard indicators based on research of open literature sources, international and industry standards of the Russian Federation for information protection in automated systems, methodological and guiding documents and orders of the Federal service for technical and expert control of Russia on the problem of assessing the risk of unauthorized access to automated systems, as well as the regulatory framework of the Ministry of internal Affairs of Russia, regulating the operation of automated systems of internal Affairs bodies in a protected version. The risk model of the automated system is analyzed to make a correct choice of adequate indicators when conducting a quantitative analysis of the risk of information security violations. To conduct network attacks danger quantitative assessment and study them in a dynamic mode, the main directions for improving the identified indicators are proposed, taking into account Internal Affairs Bodies protected automated systems operation actual features and disadvantages. Development of a dynamic integral attack hazard indicator that reflects the real dynamic properties of the process of implementing a set of typical network attacks on an automated system, and improvement of existing mathematical software for assessing the risk of network attacks by determining the probability-time characteristics of multiple parallel attacks implemented model-based simulation will allow to quantify risk and increase the real security of the automated systems in process of their operation on the objects of Informatization of Internal Affairs bodies.