<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE article PUBLIC "-//NLM//DTD JATS (Z39.96) Journal Publishing DTD v1.3 20210610//EN" "JATS-journalpublishing1-3.dtd">
<article article-type="research-article" dtd-version="1.3" xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xml:lang="ru"><front><journal-meta><journal-id journal-id-type="publisher-id">vdgtu</journal-id><journal-title-group><journal-title xml:lang="ru">Вестник Дагестанского государственного технического университета. Технические науки</journal-title><trans-title-group xml:lang="en"><trans-title>Herald of Dagestan State Technical University. Technical Sciences</trans-title></trans-title-group></journal-title-group><issn pub-type="ppub">2073-6185</issn><issn pub-type="epub">2542-095X</issn><publisher><publisher-name>Daghestan State Technical University</publisher-name></publisher></journal-meta><article-meta><article-id pub-id-type="doi">10.21822/2073-6185-2025-52-3-135-151</article-id><article-id custom-type="elpub" pub-id-type="custom">vdgtu-1847</article-id><article-categories><subj-group subj-group-type="heading"><subject>Research Article</subject></subj-group><subj-group subj-group-type="section-heading" xml:lang="ru"><subject>ИНФОРМАЦИОННЫЕ ТЕХНОЛОГИИ И ТЕЛЕКОММУНИКАЦИИ</subject></subj-group><subj-group subj-group-type="section-heading" xml:lang="en"><subject>INFORMATION TECHNOLOGY AND TELECOMMUNICATIONS</subject></subj-group></article-categories><title-group><article-title>Методология выбора критериев эффективности системы информационной безопасности при имитационных атаках Red Team</article-title><trans-title-group xml:lang="en"><trans-title>Methodology for selecting effectiveness criteria of information Security Systems during Red Team simulated attacks</trans-title></trans-title-group></title-group><contrib-group><contrib contrib-type="author" corresp="yes"><contrib-id contrib-id-type="orcid">https://orcid.org/0000-0002-1539-0457</contrib-id><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Резниченко</surname><given-names>С. А.</given-names></name><name name-style="western" xml:lang="en"><surname>Reznichenko</surname><given-names>S. A.</given-names></name></name-alternatives><bio xml:lang="ru"><p>Резниченко Сергей Анатольевич, кандидат технических наук, доцент, доцент кафедры информационной безопасности.</p><p>125167, Москва, Ленинградский пр-т, 49/2; 115409, Москва, Каширское шоссе, 31; 125047, Москва, Миусская площадь, д. 6</p></bio><bio xml:lang="en"><p>Sergey A. Reznichenko - Cand.Sci. (Eng.), Assoc. Prof.; Assoc. Prof., Department of Information Security.</p><p>49 Leningradsky Ave., Moscow 125167; 31, Kashirskoe Highway, Moscow 115409; 6, Miusskaya Square, Moscow 125047</p></bio><email xlink:type="simple">rsa_5@bk.ru</email><xref ref-type="aff" rid="aff-1"/></contrib><contrib contrib-type="author" corresp="yes"><contrib-id contrib-id-type="orcid">https://orcid.org/0009-0008-4465-2998</contrib-id><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Турабов</surname><given-names>Д. Р.</given-names></name><name name-style="western" xml:lang="en"><surname>Turabov</surname><given-names>D. R.</given-names></name></name-alternatives><bio xml:lang="ru"><p>Джавад Ринатович Турабов - студент 4 курса.</p><p>125167, Москва, Ленинградский пр-т, 49/2</p></bio><bio xml:lang="en"><p>49 Leningradsky Ave., Moscow 125167</p></bio><email xlink:type="simple">222331@edu.fa.ru</email><xref ref-type="aff" rid="aff-2"/></contrib></contrib-group><aff-alternatives id="aff-1"><aff xml:lang="ru"><institution>Финансовый университет при Правительстве Российской Федерации; Национальный исследовательский ядерный университет «МИФИ»; Российский государственный гуманитарный университет</institution><country>Россия</country></aff><aff xml:lang="en"><institution>Financial University under the Government of the Russian Federation; National Research Nuclear University "MEPhI", (Moscow Engineering Physics Institute); Russian State University for the Humanities</institution><country>Russian Federation</country></aff></aff-alternatives><aff-alternatives id="aff-2"><aff xml:lang="ru"><institution>Финансовый университет при Правительстве Российской Федерации</institution><country>Россия</country></aff><aff xml:lang="en"><institution>Financial University under the Government of the Russian Federation</institution><country>Russian Federation</country></aff></aff-alternatives><pub-date pub-type="collection"><year>2025</year></pub-date><pub-date pub-type="epub"><day>10</day><month>11</month><year>2025</year></pub-date><volume>52</volume><issue>3</issue><fpage>135</fpage><lpage>151</lpage><permissions><copyright-statement>Copyright &amp;#x00A9; Резниченко С.А., Турабов Д.Р., 2025</copyright-statement><copyright-year>2025</copyright-year><copyright-holder xml:lang="ru">Резниченко С.А., Турабов Д.Р.</copyright-holder><copyright-holder xml:lang="en">Reznichenko S.A., Turabov D.R.</copyright-holder><license xml:lang="ru" license-type="creative-commons-attribution" xlink:href="https://creativecommons.org/licenses/by/4.0/" xlink:type="simple"><license-p>Данная работа распространяется под лицензией Creative Commons Attribution 4.0.</license-p></license><license xml:lang="en" license-type="creative-commons-attribution" xlink:href="https://creativecommons.org/licenses/by/4.0/" xlink:type="simple"><license-p>This work is licensed under a Creative Commons Attribution 4.0 License.</license-p></license></permissions><self-uri xlink:href="https://vestnik.dgtu.ru/jour/article/view/1847">https://vestnik.dgtu.ru/jour/article/view/1847</self-uri><abstract><sec><title>Цель</title><p>Цель. В статье предлагается методология выбора критериев оценки эффективности системы информационной безопасности организации на основе проведения имитационных атак типа Red Team. Актуальность исследования обусловлена ростом сложности кибератак и потребностью в объективной проверке готовности организаций различного масштаба – от объектов критической информационной инфраструктуры до финансового и государственного секторов – противостоять целенаправленным атакам.</p></sec><sec><title>Метод</title><p>Метод. Методология сочетает сравнительный анализ существующих подходов, кейс-стади реальных киберучений, моделирование угроз (с опорой на матрицу MITRE ATT&amp;CK) и экспертные интервью со специалистами по безопасности.</p></sec><sec><title>Результат</title><p>Результат. Проведен обзор нормативных документов (российских ГОСТ и федеральных законов, стандартов ФСТЭК, международных стандартов ISO/IEC 27001, рекомендаций NIST SP 800-53) и современных практик команд Red Team/Blue Team, включая использование систем SIEM, SOAR и XDR. Произведена классификация показателей эффективности защиты (время обнаружения инцидента, скорость реагирования, полнота выявления атак и др.), иллюстрированные примерами из практики и схемами архитектуры центров мониторинга безопасности с интеграцией SIEM/SOAR.</p></sec><sec><title>Вывод</title><p>Вывод. Представлены альтернативные подходы к оценке (аудит без активных атак, пентесты), ограничения и риски Red Team-методов, даны рекомендации по учету результатов имитационных атак в нормативном регулировании и корпоративном аудите.</p></sec></abstract><trans-abstract xml:lang="en"><sec><title>Objective</title><p>Objective. A methodology is proposed for selecting criteria for assessing the effectiveness of an organization's information security system based on conducting simulated Red Team attacks. This urgency is driven by the growing sophistication of cyberattacks and the need to test the readiness of organizations of various sizes from critical information infrastructure facilities to the financial and government sectors to withstand targeted attacks.</p></sec><sec><title>Method</title><p>Method. The methodology combines a comparative analysis of existing approaches, case studies of real cyber exercises, threat modeling (based on the MITRE ATT&amp;CK matrix), and expert interviews with security specialists.</p></sec><sec><title>Result</title><p>Result. A review of regulatory documents (Russian GOST standards and federal laws, FSTEK guidelines, international standards ISO/IEC 27001 and NIST SP 800-53) and modern Red Team/Blue Team practices, including the use of SIEM, SOAR, and XDR systems, is conducted. A classification of security performance indicators (incident detection time, response speed, attack detection rate, etc.) is provided, illustrated with practical examples and architecture diagrams of security monitoring centers with SIEM/SOAR integration.</p></sec><sec><title>Conclusion</title><p>Conclusion. Alternative approaches to assessment (audit without active attacks, pentests), limitations and risks of Red Team methods and recommendations for taking into account the results of simulated attacks in regulatory frameworks and corporate audits are provided.</p></sec></trans-abstract><kwd-group xml:lang="ru"><kwd>информационная безопасность</kwd><kwd>имитационные атаки</kwd><kwd>Red Team</kwd><kwd>Blue Team</kwd><kwd>критерии эффективности</kwd><kwd>SIEM</kwd><kwd>SOAR</kwd><kwd>критическая инфраструктура</kwd><kwd>показатели безопасности</kwd><kwd>оценка защищенности</kwd></kwd-group><kwd-group xml:lang="en"><kwd>information security</kwd><kwd>simulated attacks</kwd><kwd>Red Team</kwd><kwd>Blue Team</kwd><kwd>effectiveness criteria</kwd><kwd>SIEM</kwd><kwd>SOAR</kwd><kwd>critical infrastructure</kwd><kwd>security metrics</kwd><kwd>security assessment</kwd></kwd-group></article-meta></front><back><ref-list><title>References</title><ref id="cit1"><label>1</label><citation-alternatives><mixed-citation xml:lang="ru">Федеральный закон от 27.07.2006 № 152-ФЗ (ред. от 29.12.2022) «О персональных данных» [Электронный ресурс]. – Режим доступа: http://www.consultant.ru/document/cons_doc_LAW_61801/, свободный. – Дата обращения: 28.03.2025.</mixed-citation><mixed-citation xml:lang="en">Federal Law of July 27, 2006 No.152-FZ (as amended on December 29, 2022)"On Personal Data" [Electronic resource]. Access mode:http://www.consultant.ru/document/cons_doc_LAW_61801/free. Date of access:March 28, 2025.</mixed-citation></citation-alternatives></ref><ref id="cit2"><label>2</label><citation-alternatives><mixed-citation xml:lang="ru">Федеральный закон от 26.07.2017 № 187-ФЗ (ред. от 14.07.2022) «О безопасности критической информационной инфраструктуры Российской Федерации» [Электронный ресурс]. – Режим доступа: http://www.consultant.ru/document/cons_doc_LAW_221160/, свободный. Дата обращения: 28.03.2025.</mixed-citation><mixed-citation xml:lang="en">Federal Law of July 26, 2017 No. 187-FZ (as amended on July 14, 2022) "On the Security of Critical Information Infrastructure of the Russian Federation" [Electronic resource]. Access mode: http://www.consultant.ru/document/cons_doc_LAW_221160/, free. Date of access: March 28, 2025.</mixed-citation></citation-alternatives></ref><ref id="cit3"><label>3</label><citation-alternatives><mixed-citation xml:lang="ru">ГОСТ Р 57580.1-2017. Безопасность финансовых (банковских) организаций. Защита информации. Часть 1. Общие положения [Текст]. – М.: Стандартинформ, 2017. – 34 с.</mixed-citation><mixed-citation xml:lang="en">GOST R 57580.1-2017. Security of financial (banking) organizations. Information protection. Part 1. General provisions [Text]. – M.: Standartinform, 2017. 34 p.</mixed-citation></citation-alternatives></ref><ref id="cit4"><label>4</label><citation-alternatives><mixed-citation xml:lang="ru">ISO/IEC 27001:2013. Information technology – Security techniques – Information security management systems – Requirements. – Geneva: ISO, 2013. – 39 p.</mixed-citation><mixed-citation xml:lang="en">ISO/IEC 27001:2013. Information technology – Security techniques – Information security management systems – Requirements. – Geneva: ISO, 2013. 39 p.</mixed-citation></citation-alternatives></ref><ref id="cit5"><label>5</label><citation-alternatives><mixed-citation xml:lang="ru">ISO/IEC 27004:2016. Information technology – Security techniques – Information security management – Monitoring, measurement, analysis and evaluation. – Geneva: ISO, 2016. – 55 p.</mixed-citation><mixed-citation xml:lang="en">ISO/IEC 27004:2016. Information technology – Security techniques – Information security management – Monitoring, measurement, analysis and evaluation. – Geneva: ISO, 2016. – 55 p.</mixed-citation></citation-alternatives></ref><ref id="cit6"><label>6</label><citation-alternatives><mixed-citation xml:lang="ru">NIST SP 800-53 Rev. 5. Security and Privacy Controls for Information Systems and Organizations [Электронный ресурс]/National Institute of Standards and Technology, 2020. – Режим доступа: https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final, свободный. – Дата обращения: 28.03.2025.</mixed-citation><mixed-citation xml:lang="en">NIST SP 800-53 Rev. 5. Security and Privacy Controls for Information Systems and Organizations [Electronic resource]National Institute of Standards and Technology, 2020. –https://csrc.nist.gov/publications/detail/sp/800-53/rev5/final, свободный. – Date of access: 28.03.2025.</mixed-citation></citation-alternatives></ref><ref id="cit7"><label>7</label><citation-alternatives><mixed-citation xml:lang="ru">Hollis R. Red team testing: essential KPIs and metrics. Cyber Security: A Peer-Reviewed Journal. 2024; 7(4): 323–332.</mixed-citation><mixed-citation xml:lang="en">Hollis R. Red team testing: essential KPIs and metrics. Cyber Security: A Peer-Reviewed Journal. 2024;7(4):323–332.</mixed-citation></citation-alternatives></ref><ref id="cit8"><label>8</label><citation-alternatives><mixed-citation xml:lang="ru">CISA. Red Team Shares Key Findings to Improve Monitoring and Hardening of Networks [Электронный ресурс].Cybersecurity Advisory AA23-059A. 2023. https://www.cisa.gov/sites/default/files/2023-03/cisared-team-advisory-aa23-059a.pdf, свободный. – Дата обращения: 28.03.2025.</mixed-citation><mixed-citation xml:lang="en">CISA. Red Team Shares Key Findings to Improve Monitoring and Hardening of Networks [Electronic resource]. – Cybersecurity Advisory AA23-059A. – 2023. https://www.cisa.gov/sites/default/files/2023-03/cisa-red-team-advisoryaa23-059a.pdf, свободный. – Date of access:: 28.03.2025.</mixed-citation></citation-alternatives></ref><ref id="cit9"><label>9</label><citation-alternatives><mixed-citation xml:lang="ru">TechTarget. SIEM vs. SOAR vs. XDR: Evaluate the differences [Электронный ресурс]. – 2024. – Режим доступа: https://www.techtarget.com, свободный. – Дата обращения: 28.03.2025.</mixed-citation><mixed-citation xml:lang="en">TechTarget. SIEM vs. SOAR vs. XDR: Evaluate the differences [Electronic resource]. 2024. https://www.techtarget.com, свободный. – Date of access: 28.03.2025.</mixed-citation></citation-alternatives></ref><ref id="cit10"><label>10</label><citation-alternatives><mixed-citation xml:lang="ru">Secureframe. 110+ Latest Data Breach Statistics [Электронный ресурс]. – 2025. – Режим доступа: https://secureframe.com/blog/data-breach-statistics, свободный. – Дата обращения: 28.03.2025.</mixed-citation><mixed-citation xml:lang="en">Secureframe. 110+ Latest Data Breach Statistics [Electronic resource]. 2025. https://secureframe.com/blog/data-breachstatistics. Date of access:28.03.2025.</mixed-citation></citation-alternatives></ref><ref id="cit11"><label>11</label><citation-alternatives><mixed-citation xml:lang="ru">SentinelOne. What is SIEM Architecture? Components &amp; Best Practices [Электронный ресурс]. – 2024. – Режим доступа: https://www.sentinelone.com/, свободный. – Дата обращения: 28.03.2025.</mixed-citation><mixed-citation xml:lang="en">SentinelOne. What is SIEM Architecture? Components &amp; Best Practices [Electronic resource]. 2024.: https://www.sentinelone.com/Date of access: 28.03.2025.</mixed-citation></citation-alternatives></ref><ref id="cit12"><label>12</label><citation-alternatives><mixed-citation xml:lang="ru">Solar Security. Red Teaming: описание услуги [Электронный ресурс]. – Режим доступа: https://www.solar.ru/services/red-teaming/, свободный. – Дата обращения: 28.03.2025.</mixed-citation><mixed-citation xml:lang="en">Solar Security. Red Teaming: описание услуги [Electronic resource]. https://www.solar.ru/services/red-teaming/, свободный. – Date of access: 28.03.2025.</mixed-citation></citation-alternatives></ref><ref id="cit13"><label>13</label><citation-alternatives><mixed-citation xml:lang="ru">Bank for International Settlements (BIS). Varying shades of red: red team testing frameworks // FSI Insights on Policy Implementation. 2022.No.21.Режим доступа: https://www.bis.org/fsi/publ/insights21.pdf, свободный. – Дата обращения: 28.03.2025.</mixed-citation><mixed-citation xml:lang="en">Bank for International Settlements (BIS). Varying shades of red: red team testing frameworks. FSI Insights on Policy Implementation. – 2022:21. https://www.bis.org/fsi/publ/insights21.pdf. Date of access: 28.03.2025.</mixed-citation></citation-alternatives></ref></ref-list><fn-group><fn fn-type="conflict"><p>The authors declare that there are no conflicts of interest present.</p></fn></fn-group></back></article>
