Biblio

The problem of information security of critical information infrastructure objects in the conditions of openness is formulated. The concept of information infrastructure openness is analyzed. An approach to assessing the openness of an information system is presented. A set-theoretic model of information resources openness was developed. The formulation of the control problem over the degree of openness with restrictions on risk was carried out. An example of solving the problem of finding the coefficient of openness is presented.

Archival services are one of the main functions of an information security management system for archival management, and the conversion and updating of archival intelligence services is an important means to meet the increasing diversity and wisdom of the age of intelligence. The purpose of this paper is to study an information security management system for archival management based on embedded artificial intelligence. The implementation of an embedded control management system for intelligent filing cabinets is studied. Based on a configurable embedded system security model, the access control process and the functional modules of the system based on a secure call cache are analysed. Software for wireless RF communication was designed, and two remote control options were designed using CAN technology and wireless RF technology. Tests have shown that the system is easy to use, feature-rich and reliable, and can meet the needs of different users for regular control of file room management.

In this paper, a sliding mode control (SMC) based on nonlinear disturbance observer and intermittent control is proposed to maximize the security of cyber-physical systems (CPSs), aiming at the cyber-attacks and physical uncertainties of cyber-physical systems. In the CPSs, the transmission of information data and control signals to the remote end through the network may lead to cyber attacks, and there will be uncertainties in the physical system. Therefore, this paper establishes a CPSs model that includes network attacks and physical uncertainties. Secondly, according to the analysis of the mathematical model, an adaptive SMC based on disturbance observer and intermittent control is designed to keep the CPSs stable in the presence of network attacks and physical uncertainties. In this strategy, the adaptive strategy suppresses the controller The chattering of the output. Intermittent control breaks the limitations of traditional continuous control to ensure efficient use of resources. Finally, to prove the control performance of the controller, numerical simulation results are given.

The article deals with the issues of improving the quality of corporate information systems functioning and ensuring the information security of financial organizations that have a complex structure and serve a significant number of customers. The formation of the company's informational system and its integrated information security system is studied based on the process approach, methods of risk management and quality management. The risks and threats to the security of the informational system functioning and the quality of information support for customer service of a financial organization are analyzed. The methods and tools for improving the quality of information services and ensuring information security are considered on the example of an organization for social insurance. Recommendations are being developed to improve the quality of the informational system functioning in a large financial company.

The proposed method allows us to determine the predicted value of the complex systems information security risk and its confidence interval using regression analysis and fuzzy logic in terms of the risk dependence on various factors: the value of resources, the level of threats, potential damage, the level of costs for creating and operating the system, the information resources control level.

In the course of the research, the research of discriminatory methods of handling video information resource based on the JPEG platform was carried out. This research showed a high interest of the scientific world in identifying important data at different phases of handling. However, the discriminatory handling of the video information resource after the quantization phase is not well understood. Based on the research data, the goal is to find possible ways to operation a video information resource based on a JPEG platform in order to identify important data in a telecommunications system. At the same time, the proposed strategies must provide the required pace of dynamic picture grade and hiding in the context of limited bandwidth. The fulfillment of the condition with limited bandwidth is achieved through the use of a lossless compression algorism based on arithmetic coding. The purpose of the study is considered to be achieved if the following requirements are met:1.Reduction of the volume of dynamic pictures by 30% compared to the initial amount;2.The quality pace is confirmed by an estimate of the peak signal-to-noise ratio for an authorized user, which is Ψauthor ≥ 20 dB;3.The pace of hiding is confirmed by an estimate of the peak signal-to-noise ratio for unauthorized access, which is Ψunauthor ≤ 9 dBThe first strategy is to use encryption tables. The advantage of this strategy is its high hiding strength.The second strategy is the important matrix method. The advantage of this strategy is higher performance.Thus, the goal of the study on the development of possible ways of handling a video information resource based on a JPEG platform in order to identify important data in a telecommunication system with the given requirements is achieved.

Multi-Agent system has the advantages of information sharing, knowledge accumulation and system stability, which is consistent with the concept of collaborative co-governance of public crisis management, and provides support for dealing with sudden public crises. Based on the background of the all-media environment, this study introduces the Internet-driven mass data management (“ crowdsourcing” crisis management) as a part of the crisis response system to improve the quality of information resource sharing. Crowdsourcing crisis management and Multi-Agent collaborative co-governance mechanism are combined with each other, so as to achieve a higher level of joint prevention and control mechanism, and explore how to effectively share information resources and emergency management resources across regions and departments in public crisis events.

In this article we have developed a simulation model in the Mininet environment for analyzing the operation of a software-defined network (SDN) in cloud data centers. The results of the simulation model of the operation of the SDN network on the Mininet emulator and the results of the simulation of the traditional network in the Graphical Network Simulator 3 emulator are presented.

The biometric system of access to information resources has been developed. The software and hardware complex are designed to protect information resources and personal data from unauthorized access using the principle of user authentication by fingerprints. In the developed complex, the traditional input of login and password was replaced by applying a finger to the fingerprint scanner. The system automatically recognizes the fingerprint and provides access to the information resource, provides encryption of personal data and automation of the authorization process on the web resource. The web application was implemented using the Bootstrap framework, the 000webhost web server, the phpMyAdmin database server, the PHP scripting language, the HTML hypertext markup language, along with cascading style sheets and embedded scripts (JavaScript), which created a full-fledged web-site and Google Chrome extension with the ability to integrate it into other systems. The structural schematic diagram was performed. The design of the device is offered. The algorithm of the program operation and the program of the device operation in the C language are developed.

Research Purpose: The distributed, traceable and security of blockchain technology are applicable to the construction of new government information resource models, which could eliminate the barn effect and trust in government information sharing, as well as promoting the transformation of government affairs from management to service, it is also of great significance to the sharing of government information and construction of service-oriented e-government. Propose Methods: By analyzing the current problems of government information sharing, combined with literature research, this paper proposes the theoretical framework and advantages of blockchain technology applied to government information management and sharing, expounds the blockchain-based solution, it also constructs a government information sharing model based on blockchain, and gives implementation strategies at the technical and management levels. Results and Conclusion: The government information sharing model based on the blockchain solution and the transparency of government information can be used as a research framework for information interaction analysis between the government and users. It can also promote the construction and development of information sharing for Chinese government, as well as providing unified information sharing solution at the departmental and regional levels for e-government.

With the increase in the number of cyber attacks on industrial control systems, especially in critical infrastructure facilities, the problem of comprehensive analysis of the security of such systems becomes urgent. This, in turn, requires the availability of fundamental mathematical, methodological and instrumental basis for modeling automated systems, modeling attacks on their information resources, which would allow realtime system protection analysis. The paper proposes a basis for simulating protected industrial control systems, based on the developed reference security model, and a model for attacks on information resources of automated systems. On the basis of these mathematical models, a complex model of a protected automated system was developed, which can be used to build protection systems for automated systems used in production.

Among the threats to information systems of state institutions, enterprises and financial organizations of particular importance are those originating from organized criminal groups that specialize in obtaining unauthorized access to the computer information protected by law. Criminal groups often possess a material base including financial, technical, human and other resources that allow to perform targeted attacks on information resources as secretly as possible. The principal features of such targeted attacks are the use of software created or modified specifically for use in illegal purposes with respect to specific organizations. Due to these circumstances, the detection of such attacks is quite difficult, and their prevention is even more complicated. In this regard, the task of identifying and analyzing such threats is very relevant. One effective way to solve it is to implement the Honeypot system, which allows to research the strategy and tactics of the attackers. In the present article, there is proposed the original architecture of the Honeypot system designed to study targeted attacks on information systems of criminogenic objects. The architectural design includes such basic elements as the functional component, the registrar of events occurring in the system and the protector. The key features of the proposed Honeypot system are considered, and the functional purpose of its main components is described. The proposed system can find its application in providing information security of institutions, organizations and enterprises, it can be used in the development of information security systems.

Information on cyber incidents and threats are currently collected and processed with a strong technical focus. Threat and vulnerability information alone are not a solid base for effective, affordable or actionable security advice for decision makers. They need more than a small technical cut of a bigger situational picture to combat and not only to mitigate the cyber threat. We first give a short overview over the related work that can be found in the literature. We found that the approaches mostly analysed “what” has been done, instead of looking more generically beyond the technical aspects for the tactics, techniques and procedures to identify the “how” it was done, by whom and why. We examine then, what information categories and data already exist to answer the question for an adversary's capabilities and objectives. As traditional intelligence tries to serve a better understanding of adversaries' capabilities, actions, and intent, the same is feasible in the cyber space with cyber intelligence. Thus, we identify information sources in the military and civil environment, before we propose to link that traditional information with the technical data for a better situational picture. We give examples of information that can be collected from traditional intelligence for correlation with technical data. Thus, the same intelligence operational picture for the cyber sphere could be developed like the one that is traditionally fed from conventional intelligence disciplines. Finally we propose a way of including intelligence processing in cyber analysis. We finally outline requirements that are key for a successful exchange of information and intelligence between military/civil information providers.