| Инд. авторы: | Mukhanova A.A., Fedotov А.М. |
| Заглавие: | Vulnerability Classification of Information Security in Corporate Systems |
| Библ. ссылка: | Mukhanova A.A., Fedotov А.М. Vulnerability Classification of Information Security in Corporate Systems // Information. - 2014. - Vol.17. - Iss. 1. - P.219-228. - ISSN 1343-4500. - EISSN 1344-8994. - http://db4.sbras.ru:8080/xmlui/bitstream/handle/SBRAS/415/mukhanova_1_2014.pdf |
| Внешние системы: | РИНЦ: 21874575; SCOPUS: 2-s2.0-84899676166; |
| Реферат: | eng: The project is devoted to detection of vulnerabilities of information security in corporate systems. As an example for the detailed analysis was taken a network attack to level of reference model of open systems interaction (ISO/OSI) on which the threat is realized which uses vulnerabilities of protocols of network interaction.
For convenience of the analysis vulnerabilities are classified into various types and are presented in the form of a tree of rubricators. Possible violations of information safety and vulnerability of several protocols of TCP/IP stack are listed. Such classification is logically finished and proved as it covers all stages of life cycle of information systems.
Key words: information security, threat classification, vulnerability classification, an access to information, dispersed informational resources.
rus: The project is devoted to detection of vulnerabilities of information security in corporate systems. As an example for the detailed analysis was taken a network attack to level of reference model of open systems interaction (ISO/OSI) on which the threat is realized which uses vulnerabilities of protocols of network interaction. For convenience of the analysis vulnerabilities are classified into various types and are presented in the form of a tree of rubricators. Possible violations of information safety and vulnerability of several protocols of TCP/IP stack are listed. Such classification is logically finished and proved as it covers all stages of life cycle of information systems. Key words: information security, threat classification, vulnerability classification, an access to information, dispersed informational resources. |
| Издано: | Japan: International Information Institute, 2014 |
| Физ. характеристика: | с.219-228 |
| Ссылка: | http://db4.sbras.ru:8080/xmlui/bitstream/handle/SBRAS/415/mukhanova_1_2014.pdf |
| Цитирование: | 1. N.A.Mazov, A.V.Revnivyh,A.M.Fedotov. Classification of risks of information security//the Novosibirsk state univ.Messenger. Series: Information technologies. 2011. T.9, edition 2, Page 80-89. 2. A.V.Revnivyh,A.M.Fedotov.Review of political information security//the Novosibirsk state univ.Messenger. Series: Information technologies. 2012 .T.10, edition 3. Page 66-79. 3. V.A.Galatenko.Bases of information security.M, 2004.Page 264. 4. Raúl Rojas, Ulf Hashagen. The First Computers: History and Architectures. — MIT Press, 2002. — ISBN 9780262681377 5. D.Kamer. TCP/IPNetworks, Vol. 1: Principles, Protocols and Architecture. — M: "Williams", 2003. — ISBN 0-13-018380-6 6. T.Parker, K.Siyan. TCP/IP.For professionals.3rd edition.SPb.: St. Petersburg, 2004. 7. S.V.Vikhorev, Classification of threats of information security, 2001, http://www.cnews.ru/reviews/free/oldcom/security/elvis_class.shtml. 8. D. A.Skripnik. General questions of technical information security, M: INTUIT.RU "Internet University of Information Technologies", 2004. 9.L.Tsirlovv.Bases of information security of the automated systems.Short course.Phoenix, 2008, ISBN 978-5-222-13164-0. 10. A. E.Kireenko. Modern problems in the field of information security: classical threats, methods and means of their prevention /A.E.Kireenko//Young scientist. — 2012 .— No. 3. 11. N. M.Radko, I.O. Skobelev. Risk model of information and telecommunication systems at realization of threats of remote and direct access. — М: Radio Software, 2010 — Page 232: 76th illustration, 7 tab., bibl. 109 ISBN 978-5-93274-019-4. 12. Technical means and information security methods: The textbook for higher educational institutions / A.P.Zaytsev, A.A. Shelupanov,R. V.Meshcheryakov, etc.; under the editorship of A.P.Zaytsev and A.A.Shelupanova. - M: JSC Mechanical Engineering Publishing House, 2009. 13. Basic model of threats of safety of personal information at their processing in information systems of personal data (Approved by the Deputy director of Russian FSTEK, February 15, 2008). 14. Model of threats and thepersonal information safety attacker processed in standard information systems of personal information in the given branch (The solution of section No. 1 of Scientific and technical council of MinkomsvyaziRossiya "Scientific and technical and strategic development of the branch", April 21, 2010 No. 2). 15. GOST P ISO/MEK 15408-1(2,3)-2002. Methods and means of ensuring safety.Criteria of an assessment of information technologiessafety. H. 1-3 . 16. GOST P ISO/MEK 27005:2008 – 2010. Methods and means of ensuring safety.Management of information securityrisk. 17. GOST P ISO/MEK 7498-1-99 - Information technology. Interrelation of open systems.Part 1.Basic reference model. 18. GOST P ISO/MEK 7498-2-99 - Information technology. Interrelation of open systems.Basic reference model.Part 2.Architecture of information security. 19. GOST P ISO/MEK 7498-3-97 - Information technology. Interrelation of open systems.Basic reference model.Part 3.Assignment of names and addressing. 20. GOST P ISO/MEK 27001:2005 – 2006. System of Management of Information Security (SMIS). 21. GOST P ISO/MEK 27002:2005 - Information technologies. The set of rules on management of information security. 22. The federal law of the Russian Federation of July 27, 2006 N 149-FZ "About information, information technologies and about information security". |