| Реферат: | eng: The article analyzes the information security from the standpoint of causes triggering the vulnerabilities of information technologies and systems. Methods/Statistical Analysis: Information technologies are based on three interdependent components, namely, hardware, software and human resource (Figure 1). The susceptibility of final technologies to a number of threats challenging the information security takes roots in each of the abovementioned aspects both taken separately and in their complex combination. Findings: Data processing centers constitute a way to centralize the resources of the organizations' information infrastructure. Implementing such centers increases the system reliability and information availability in the whole and reduces the loading of the data transmission network at the organization. Meanwhile, data processing centers are an expensive option, and not every company can afford it. In addition to it, efficient foundation and functioning of such centers require highly qualified personnel. Modern information systems suffer from security imperfections. The main cause of their vulnerabilities roots in their complexity connected to the fact that information systems consist of a number of interrelated components which are designed and produced separately by different working teams. With the development of the civilization, the complexity increases steadily, therefore there is a burning need in working out measures. Applications/Improvements: May be used as guidance in order to improve the quality of testing the components of information systems and their compatibility.
|
| Цитирование: | Mazov NA, Revnivykh AV, Fedotov AM. Analysis of information security risks. Vestnik NGU. 2011; 9(2):80–9.
Brinkley DL, Schell RR. What is there to worry about? An Introduction to the Computer Security Problem. In: Information Security: An Integrated Collection of Essays. 1995. p. 11–39.
Revnivykh АV, Fedotov АМ. Monitoring of information infrastructure of an organization. Vestnik NGU. 2013; 11(4):84–91.
Mukhanova АА, Revnivyh АV, Fedotov АМ. Classification of threats and vulnerabilities of information security in corporate systems. Vestnik NSU. 2013.
Hogan CB. Protection imperfect: Security of some computing environments. ACM SIGOPS Operating Systems Rev. 1988; 22(3):7–27.
Department of defence trusted computer system evaluation criteria. Available from: http://csrc.nist.gov/publications/ history/dod85.pdf
National Vulnerability Database. Available from: http:// nvd.nist.gov/
MITRE Corp, Common Vulnerabilities and Exposures. Available from: http://www.cve.mitre.org/ 9. Security focus. Available from: http://www.securityfocus.com
Witten B, Landwehr C, Caloyannides M. Does Open Source Improve System Security? IEEE Software. 2001; 18(5):57–61.
Lawton G. Open Source Security: Opportunity or Oxymoron? Computer. 2002 Mar; 35(3):18–21.
Wagner D, Foster JS, Brewer EA, Aiken A. A first step towards automated detection of buffer overun vulnerabilities. In: Network and Distributed System Security Symposium. San Diego: CA. 2000 Feb. p. 3–17.
Viega J, Bloch JT, Kohno Y, Mcgraw G. Its 4: a static vulnerability scanner for C and C++ code. In: Computer Security Applications. ACSAC ‘2000. 16Th Annual Conference. 2000. p. 257–67.
Ball T, Bounimova E, Cook B, Levin V, Lichtenberg J, Mcgarvey C, Ondrusek B, Rajamani SK, Ustuner A. Thorough static analysis of device drivers. SIGOPS Oper Syst Rev. 2006; 40(4): 73–85.
Evans D, Larochelle D. Improving security using extensible lightweight static analysis. IEEE Software. 2002; 19(1):42– 51.
Xie Y, Chou A, Engler DR. Archer: Using symbolic, pathsensitive analysis to detect memory access errors. In: ESEC / SIGSOFT FSE. 2003. p. 327–36.
Islam S, Dong W. Human factors in software security risk management. Proceedings of the first international workshop on Leadership and Management in Software Architecture; Leipzig, Germany; ACM: 2008.
Aycock J. Computer Viruses and Malware. Germany: Springer; 2006.
Filiol E. Computer viruses: from theory to applications. Germany: Springer; 2005.
Kim K, Lee S, Yun Y, Choi J, Mun H. Security evaluation metric of windows-based Information security Products. Indian Journal of Science and Technology. 2015 Apr; 8(S8):54–62.
|