<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE article PUBLIC "-//NLM//DTD JATS (Z39.96) Journal Publishing DTD v1.3 20210610//EN" "JATS-journalpublishing1-3.dtd">
<article article-type="research-article" dtd-version="1.3" xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xml:lang="ru"><front><journal-meta><journal-id journal-id-type="publisher-id">vdgtu</journal-id><journal-title-group><journal-title xml:lang="ru">Вестник Дагестанского государственного технического университета. Технические науки</journal-title><trans-title-group xml:lang="en"><trans-title>Herald of Dagestan State Technical University. Technical Sciences</trans-title></trans-title-group></journal-title-group><issn pub-type="ppub">2073-6185</issn><issn pub-type="epub">2542-095X</issn><publisher><publisher-name>Daghestan State Technical University</publisher-name></publisher></journal-meta><article-meta><article-id pub-id-type="doi">10.21822/2073-6185-2025-52-3-183-190</article-id><article-id custom-type="elpub" pub-id-type="custom">vdgtu-1851</article-id><article-categories><subj-group subj-group-type="heading"><subject>Research Article</subject></subj-group><subj-group subj-group-type="section-heading" xml:lang="ru"><subject>ИНФОРМАЦИОННЫЕ ТЕХНОЛОГИИ И ТЕЛЕКОММУНИКАЦИИ</subject></subj-group><subj-group subj-group-type="section-heading" xml:lang="en"><subject>INFORMATION TECHNOLOGY AND TELECOMMUNICATIONS</subject></subj-group></article-categories><title-group><article-title>Основные подходы к оценке защищенности информационных систем и перспективы их применения в органах внутренних дел Российской Федерации</article-title><trans-title-group xml:lang="en"><trans-title>Basic approaches to assessing the Security of Information Systems and prospects for their application in the internal affairs agencies of the Russian Federation</trans-title></trans-title-group></title-group><contrib-group><contrib contrib-type="author" corresp="yes"><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Янгиров</surname><given-names>А. И.</given-names></name><name name-style="western" xml:lang="en"><surname>Yangirov</surname><given-names>A. I.</given-names></name></name-alternatives><bio xml:lang="ru"><p>Адиль Илдарович Янгиров - начальник отделения лабораторных исследований и испытаний.</p><p>11539, Москва, Реутовская, 12Б</p></bio><bio xml:lang="en"><p>Adil I. Yangirov - Head of the Laboratory Research and Testing.</p><p>12 B Reutovskaya Str., Moscow 111539</p></bio><email xlink:type="simple">adil-yan@yandex.ru</email><xref ref-type="aff" rid="aff-1"/></contrib><contrib contrib-type="author" corresp="yes"><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Черкасова</surname><given-names>А. С.</given-names></name><name name-style="western" xml:lang="en"><surname>Cherkasova</surname><given-names>A. S.</given-names></name></name-alternatives><bio xml:lang="ru"><p>Анастасия Сергеевна Черкасова - адъюнкт очной формы обучения.</p><p>394065, Воронеж, проспект Патриотов, 53</p></bio><bio xml:lang="en"><p> </p><p>Anastasia S. Cherkasova - full-time Adjunct Student.</p><p>53 Patriotov Ave., Voronezh 394065</p></bio><email xlink:type="simple">cherkasova.30@yandex.ru</email><xref ref-type="aff" rid="aff-2"/></contrib><contrib contrib-type="author" corresp="yes"><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Ефимов</surname><given-names>А. О.</given-names></name><name name-style="western" xml:lang="en"><surname>Efimov</surname><given-names>A. O.</given-names></name></name-alternatives><bio xml:lang="ru"><p>Алексей Олегович Ефимов - преподаватель кафедры автоматизированных информационных систем ОВД.</p><p>394065, Воронеж, проспект Патриотов, 53</p></bio><bio xml:lang="en"><p>Aleksey O. Efimov - Lecturer, Department of Automated Information Systems of Internal Affairs Bodies.</p><p>53 Patriotov Ave., Voronezh 394065</p></bio><email xlink:type="simple">ea.aleksei@yandex.ru</email><xref ref-type="aff" rid="aff-2"/></contrib><contrib contrib-type="author" corresp="yes"><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Рогозин</surname><given-names>Е. А.</given-names></name><name name-style="western" xml:lang="en"><surname>Rogozin</surname><given-names>E. A.</given-names></name></name-alternatives><bio xml:lang="ru"><p>Евгений Алексеевич Рогозин - доктор технических наук, профессор, профессор кафедры автоматизированных информационных систем ОВД.</p><p>394065, Воронеж, проспект Патриотов, 53</p></bio><bio xml:lang="en"><p>Evgeny A. Rogozin - Dr. Sci. (Eng.), Assoc. Prof., Prof., Department of Automated Information Systems of Internal Affairs Bodies.</p><p>53 Patriotov Ave., Voronezh 394065</p></bio><email xlink:type="simple">evgenirogozin@yandex.ru</email><xref ref-type="aff" rid="aff-2"/></contrib><contrib contrib-type="author" corresp="yes"><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Ахлюстин</surname><given-names>С. Б.</given-names></name><name name-style="western" xml:lang="en"><surname>Akhlyustin</surname><given-names>S. B.</given-names></name></name-alternatives><bio xml:lang="ru"><p>Сергей Борисович Ахлюстин - кандидат технических наук, начальник кафедры тактико–специальной подготовки.</p><p>394065, Воронеж, проспект Патриотов, 53</p></bio><bio xml:lang="en"><p>Sergey B. Akhlyustin - Cand. Sci. (Eng.), Head of the Department of Tactical and Special Training.</p><p>53 Patriotov Ave., Voronezh 394065</p></bio><email xlink:type="simple">cerg7676@yandex.ru</email><xref ref-type="aff" rid="aff-2"/></contrib></contrib-group><aff-alternatives id="aff-1"><aff xml:lang="ru"><institution>ФКУ «НИЦ «Охрана» Росгвардии</institution><country>Россия</country></aff><aff xml:lang="en"><institution>FSI «SRC «Okhrana» of the Federal Service of National Guard of Russia</institution><country>Russian Federation</country></aff></aff-alternatives><aff-alternatives id="aff-2"><aff xml:lang="ru"><institution>Воронежский институт МВД России</institution><country>Россия</country></aff><aff xml:lang="en"><institution>FSI «SRC «Okhrana» of the Federal Service of National Guard of Russia</institution><country>Russian Federation</country></aff></aff-alternatives><pub-date pub-type="collection"><year>2025</year></pub-date><pub-date pub-type="epub"><day>10</day><month>11</month><year>2025</year></pub-date><volume>52</volume><issue>3</issue><fpage>183</fpage><lpage>190</lpage><permissions><copyright-statement>Copyright &amp;#x00A9; Янгиров А.И., Черкасова А.С., Ефимов А.О., Рогозин Е.А., Ахлюстин С.Б., 2025</copyright-statement><copyright-year>2025</copyright-year><copyright-holder xml:lang="ru">Янгиров А.И., Черкасова А.С., Ефимов А.О., Рогозин Е.А., Ахлюстин С.Б.</copyright-holder><copyright-holder xml:lang="en">Yangirov A.I., Cherkasova A.S., Efimov A.O., Rogozin E.A., Akhlyustin S.B.</copyright-holder><license xml:lang="ru" license-type="creative-commons-attribution" xlink:href="https://creativecommons.org/licenses/by/4.0/" xlink:type="simple"><license-p>Данная работа распространяется под лицензией Creative Commons Attribution 4.0.</license-p></license><license xml:lang="en" license-type="creative-commons-attribution" xlink:href="https://creativecommons.org/licenses/by/4.0/" xlink:type="simple"><license-p>This work is licensed under a Creative Commons Attribution 4.0 License.</license-p></license></permissions><self-uri xlink:href="https://vestnik.dgtu.ru/jour/article/view/1851">https://vestnik.dgtu.ru/jour/article/view/1851</self-uri><abstract><sec><title>Цель</title><p>Цель. В статье проведен анализ основных подходов к оценке защищенности информационных систем, выделены их преимущества и недостатки, рассмотрена их применимость для органов внутренних дел Российской Федерации. Целью исследования является определение перспектив развития методологических подходов к оценке защищенности органов внутренних дел Российской Федерации. Метод. Исследование опирается на изучение различных методов оценки защищенности информационных систем, а также на анализ научной литературы и публикаций по данной теме.</p></sec><sec><title>Результат</title><p>Результат. Предложен подход к дальнейшему развитию методов оценки защищенности информационных систем с учетом специфики органов внутренних дел Российской Федерации.</p></sec><sec><title>Вывод</title><p>Вывод. Отмечается перспективность исследований в рамках создания специализированного программного обеспечения, объединяющего в себе экспертные знания и количественные алгоритмы, которое могло бы упростить оценку защищенности информационных систем органов внутренних дел, обеспечив точность, доступность и адаптивность к специфике правоохранительной деятельности. Такое программное обеспечение стало бы ценным инструментом для повышения безопасности данных органов внутренних дел, минимизации рисков и оптимизации ресурсов, открывая новые возможности для защиты критически важных информационных систем.</p></sec></abstract><trans-abstract xml:lang="en"><sec><title>Objective</title><p>Objective. The article analyzes the main approaches to assessing the security of information systems, highlights their advantages and disadvantages, and considers their applicability to the internal affairs bodies of the Russian Federation. The aim of the study is to determine the prospects for the development of methodological approaches to assessing the security of internal affairs bodies of the Russian Federation.</p></sec><sec><title>Method</title><p>Method. The present study is based on the study of various methods for assessing the security of information systems, as well as on the analysis of scientific literature and publications on this topic.</p></sec><sec><title>Result</title><p>Result. The authors propose an approach to the further development of methods for assessing the security of information systems, taking into account the specifics of the internal affairs bodies of the Russian Federation.</p></sec><sec><title>Conclusion</title><p>Conclusion. The authors note the prospects of research in the framework of creating specialized software that combines expert knowledge and quantitative algorithms, which could simplify the assessment of the security of information systems of law enforcement agencies, ensuring accuracy, accessibility and adaptability to the specifics of law enforcement activities. Such software would be a valuable tool for improving the data security of law enforcement agencies, minimizing risks and optimizing resources, opening up new opportunities to protect critical information systems.</p></sec></trans-abstract><kwd-group xml:lang="ru"><kwd>информационная система</kwd><kwd>методы оценки</kwd><kwd>органы внутренних дел</kwd><kwd>программное обеспечение</kwd></kwd-group><kwd-group xml:lang="en"><kwd>information system</kwd><kwd>assessment methods</kwd><kwd>internal affairs agencies</kwd><kwd>software</kwd></kwd-group></article-meta></front><back><ref-list><title>References</title><ref id="cit1"><label>1</label><citation-alternatives><mixed-citation xml:lang="ru">Маковский К.Е. Сопоставление методов оценки защищенности корпоративных информационных систем // Современная наука: актуальные проблемы теории и практики. Серия: Естественные и технические науки. – 2021. – № 4. – С. 124–127. – DOI: 10.37882/2223-2966.2021.04.27. – EDN: XUKXKX.</mixed-citation><mixed-citation xml:lang="en">Makovsky K.E. Comparison of Methods for Assessing the Security of Corporate Information Systems. Modern Science: Current Problems of Theory and Practice. Series: Natural and Technical Sciences. 2021; 4:124-127. DOI: 10.37882/2223-2966.2021.04.27. EDN: XUKXKX. (In Russ)</mixed-citation></citation-alternatives></ref><ref id="cit2"><label>2</label><citation-alternatives><mixed-citation xml:lang="ru">Титов Д.В., Филипова Е.Е. Использование метода экспертных оценок при определении уровня защищенности информационной системы // Вопросы защиты информации. – 2022. – № 2(137). – С. 51–53. – DOI: 10.52190/20732600_2022_2_51. – EDN: KYSIHX.</mixed-citation><mixed-citation xml:lang="en">Titov D.V., Filipova E.E. Using the Expert Assessment Method in Determining the Level of Security of an Information System. Information Security Issues. 2022;2(137):51-53. DOI: 10.52190/2073-2600_2022_2_51. EDN: KYSIHX. (In Russ)</mixed-citation></citation-alternatives></ref><ref id="cit3"><label>3</label><citation-alternatives><mixed-citation xml:lang="ru">Борзенкова С.Ю., Казарина Е.Е. Анализ методов оценки уровня защищенности информационных систем в процессе их эксплуатации // Известия Тульского государственного университета. Технические науки. – 2020. – № 5. – С. 93–97. – EDN: OBDQBR.</mixed-citation><mixed-citation xml:lang="en">Borzenkova S.Yu., Kazarina E.E. Analysis of methods for assessing the level of security of information systems during their operation. Bulletin of Tula State University. Technical sciences. 2020; 5:93-97. EDN: OBDQBR. (In Russ)</mixed-citation></citation-alternatives></ref><ref id="cit4"><label>4</label><citation-alternatives><mixed-citation xml:lang="ru">Полянский Д.А. Комплексная защита объектов информатизации. Книга 10. Оценка защищённости: учебное пособие. – Владимир: Изд-во Владим. гос. ун-та, 2005. – 80 с.</mixed-citation><mixed-citation xml:lang="en">Polyansky D.A. Comprehensive protection of information technology objects. Book 10. Security assessment: a tutorial. Vladimir: Publishing house of Vladimir. state University, 2005; 80 p. (In Russ)</mixed-citation></citation-alternatives></ref><ref id="cit5"><label>5</label><citation-alternatives><mixed-citation xml:lang="ru">ГОСТ Р ИСО/МЭК 15408-1–2012. Информационная технология. Методы и средства обеспечения безопасности. Критерии оценки безопасности информационных технологий. Ч. 1. Введение и общая модель [Электронный ресурс]. – Режим доступа: https://docs.cntd.ru/document/1200101777 (дата обращения: 13.04.2025).</mixed-citation><mixed-citation xml:lang="en">GOST R ISO/IEC 15408-1–2012. Information technology. Methods and means of security. Criteria for assessing the security of information technology. Part 1. Introduction and general model [Electronic resource]. – Available at: https://docs.cntd.ru/document/1200101777 (Accessed: 13.04.2025). (In Russ)</mixed-citation></citation-alternatives></ref><ref id="cit6"><label>6</label><citation-alternatives><mixed-citation xml:lang="ru">ГОСТ Р ИСО/МЭК 15408-2–2013. Информационная технология. Методы и средства обеспечения безопасности. Критерии оценки безопасности информационных технологий. Ч. 2. Функциональные компоненты безопасности [Электронный ресурс]. – Режим доступа: https://docs.cntd.ru/document/1200105710 (дата обращения: 13.04.2025).</mixed-citation><mixed-citation xml:lang="en">GOST R ISO/IEC 15408-2–2013. Information technology. Security methods and tools. Information technology security evaluation criteria. Part 2. Security functional components [Electronic resource]. – Available at: https://docs.cntd.ru/document/1200105710 (Accessed: 13.04.2025). (In Russ)</mixed-citation></citation-alternatives></ref><ref id="cit7"><label>7</label><citation-alternatives><mixed-citation xml:lang="ru">ГОСТ Р ИСО/МЭК 15408-3–2013. Информационная технология. Методы и средства обеспечения безопасности. Критерии оценки безопасности информационных технологий. Ч. 3. Требования доверия к безопасности [Электронный ресурс]. – Режим доступа: https://docs.cntd.ru/document/1200105711 (дата обращения: 13.04.2025).</mixed-citation><mixed-citation xml:lang="en">GOST R ISO/IEC 15408-3–2013. Information technology. Security methods and tools. Information technology security evaluation criteria. Part 3. Security assurance requirements [Electronic resource]. – Access mode: https://docs.cntd.ru/document/1200105711 (date accessed: 13.04.2025). (In Russ)</mixed-citation></citation-alternatives></ref><ref id="cit8"><label>8</label><citation-alternatives><mixed-citation xml:lang="ru">Родин, С.В. Математическое моделирование политики безопасности автоматизированной информационной системы вневедомственной охраны / С.В. Родин // Вестник Воронежского института МВД России. – 2009. – № 1. – С. 174-181. – EDN JXUTPX.</mixed-citation><mixed-citation xml:lang="en">Rodin, S.V. Mathematical modeling of the security policy of an automated information system of non-departmental security. Bulletin of the Voronezh Institute of the Ministry of Internal Affairs of Russia. 2009;. 1:174-181. EDN JXUTPX. (In Russ)</mixed-citation></citation-alternatives></ref><ref id="cit9"><label>9</label><citation-alternatives><mixed-citation xml:lang="ru">Сумин, В.И. Разработка сетевой модели целевых установок сложных организационных систем специального назначения / В. И. Сумин, А. С. Кравченко, С. В. Родин // Моделирование систем и процессов. – 2024. – Т. 17, № 3. – С. 79-87. – DOI: 10.12737/2219-0767-2024-77-85. – EDN QIRWOK.</mixed-citation><mixed-citation xml:lang="en">Sumin, V.I. Development of a network model of target settings of complex organizational systems for special purposes. V.I. Sumin, A.S. Kravchenko, S.V. Rodin. Modeling of systems and processes. 2024;17(3): 79-87. – DOI: 10.12737/22190767-2024-77-85. – EDN QIRWOK. (In Russ)</mixed-citation></citation-alternatives></ref><ref id="cit10"><label>10</label><citation-alternatives><mixed-citation xml:lang="ru">Родин, С.В. Анализ влияния уровневого распределения информации на характеристики контроля целостности в автоматизированных информационных системах информационных центров МВД / С.В. Родин, М.А. Жукова // Вестник Воронежского института МВД России. – 2011. – № 2. – С. 80-85. – EDN NUZWEF.</mixed-citation><mixed-citation xml:lang="en">Rodin, S.V. Analysis of the influence of tiered distribution of information on the integrity control characteristics in automated information systems of information centers of the Ministry of Internal Affairs / S. V. Rodin, M. A. Zhukova. Bulletin of the Voronezh Institute of the Ministry of Internal Affairs of Russia. 2011; 2: 80-85. – EDN NUZWEF. (In Russ)</mixed-citation></citation-alternatives></ref><ref id="cit11"><label>11</label><citation-alternatives><mixed-citation xml:lang="ru">Common Vulnerability Scoring System v4.0: Specification Document [Электронный ресурс]. – Режим доступа: https://www.first.org/cvss/specification-document (дата обращения: 13.04.2025).</mixed-citation><mixed-citation xml:lang="en">Common Vulnerability Scoring System v3.1: Specification Document [Electronic resource]. – Access mode: https://www.first.org/cvss/specification-document (accessed: 13.04.2025).</mixed-citation></citation-alternatives></ref><ref id="cit12"><label>12</label><citation-alternatives><mixed-citation xml:lang="ru">Scarfone K., Mell P. An analysis of CVSS version 2 vulnerability scoring // 2009 3rd International Symposium on Empirical Software Engineering and Measurement. – IEEE, 2009. – P. 516–525.</mixed-citation><mixed-citation xml:lang="en">Scarfone K., Mell P. An analysis of CVSS version 2 vulnerability scoring // 2009 3rd International Symposium on Empirical Software Engineering and Measurement. – IEEE, 2009:516–525.</mixed-citation></citation-alternatives></ref><ref id="cit13"><label>13</label><citation-alternatives><mixed-citation xml:lang="ru">Spring J. et al. Time to Change the CVSS? // IEEE Security &amp; Privacy. – 2021. – Vol. 19, № 2. – P. 74–78.</mixed-citation><mixed-citation xml:lang="en">Spring J. et al. Time to Change the CVSS?. IEEE Security &amp; Privacy. 2021;19(2):74–78.</mixed-citation></citation-alternatives></ref><ref id="cit14"><label>14</label><citation-alternatives><mixed-citation xml:lang="ru">Houmb S.H., Franqueira V.N.L., Engum E.A. Quantifying security risk level from CVSS estimates of frequency and impact // Journal of Systems and Software. – 2010. – Vol. 83, № 9. – P. 1622–1634.</mixed-citation><mixed-citation xml:lang="en">Houmb S.H., Franqueira V.N.L., Engum E.A. Quantifying security risk level from CVSS estimates of frequency and impact. Journal of Systems and Software. 2010; 83( 9):1622–1634.</mixed-citation></citation-alternatives></ref><ref id="cit15"><label>15</label><citation-alternatives><mixed-citation xml:lang="ru">Spring J. et al. Towards improving CVSS // SEI, CMU, Tech. Rep. – 2018.</mixed-citation><mixed-citation xml:lang="en">Spring J. et al. Towards improving CVSS. SEI, CMU, Tech. Rep. 2018.</mixed-citation></citation-alternatives></ref><ref id="cit16"><label>16</label><citation-alternatives><mixed-citation xml:lang="ru">Figueroa-Lorenzo S., Añorga J., Arrizabalaga S. A survey of IIoT protocols: A measure of vulnerability risk analysis based on CVSS // ACM Computing Surveys (CSUR). – 2020. – Vol. 53, № 2. – P. 1–53.</mixed-citation><mixed-citation xml:lang="en">Figueroa-Lorenzo S., Añorga J., Arrizabalaga S. A survey of IIoT protocols: A measure of vulnerability risk analysis based on CVSS. ACM Computing Surveys (CSUR). 2020;53(2):1–53.</mixed-citation></citation-alternatives></ref><ref id="cit17"><label>17</label><citation-alternatives><mixed-citation xml:lang="ru">Fruhwirth C., Mannisto T. Improving CVSS-based vulnerability prioritization and response with context information // 2009 3rd International Symposium on Empirical Software Engineering and Measurement. – IEEE, 2009. – P. 535–544.</mixed-citation><mixed-citation xml:lang="en">Fruhwirth C., Mannisto T. Improving CVSS-based vulnerability prioritization and response with context information. 2009 3rd International Symposium on Empirical Software Engineering and Measurement. – IEEE, 2009;535–544.</mixed-citation></citation-alternatives></ref><ref id="cit18"><label>18</label><citation-alternatives><mixed-citation xml:lang="ru">Khazaei A., Ghasemzadeh M., Derhami V. An automatic method for CVSS score prediction using vulnerabilities description // Journal of Intelligent &amp; Fuzzy Systems. – 2015. – Vol. 30, № 1. – P. 89–96.</mixed-citation><mixed-citation xml:lang="en">Khazaei A., Ghasemzadeh M., Derhami V. An automatic method for CVSS score prediction using vulnerabilities description. Journal of Intelligent &amp; Fuzzy Systems. 2015; 30(1):89–96.</mixed-citation></citation-alternatives></ref><ref id="cit19"><label>19</label><citation-alternatives><mixed-citation xml:lang="ru">Costa J. C. et al. Predicting CVSS metric via description interpretation // IEEE Access. – 2022. – Vol. 10. – P. 59125–59134.</mixed-citation><mixed-citation xml:lang="en">Costa J. C. et al. Predicting CVSS metric via description interpretation. IEEE Access. 2022;10:59125–59134.</mixed-citation></citation-alternatives></ref><ref id="cit20"><label>20</label><citation-alternatives><mixed-citation xml:lang="ru">Franklin J. et al. CVSS implementation guidance // National Institute of Standards and Technology, NISTIR-7946. – 2014.</mixed-citation><mixed-citation xml:lang="en">Franklin J. et al. CVSS implementation guidance. National Institute of Standards and Technology, NISTIR-7946; 2014.</mixed-citation></citation-alternatives></ref><ref id="cit21"><label>21</label><citation-alternatives><mixed-citation xml:lang="ru">Wang R. et al. An improved CVSS-based vulnerability scoring mechanism // 2011 Third International Conference on Multimedia Information Networking and Security. – IEEE, 2011. – P. 352–355.</mixed-citation><mixed-citation xml:lang="en">Wang R. et al. An improved CVSS-based vulnerability scoring mechanism. 2011 Third International Conference on Multimedia Information Networking and Security. IEEE, 2011: 352–355.</mixed-citation></citation-alternatives></ref><ref id="cit22"><label>22</label><citation-alternatives><mixed-citation xml:lang="ru">Gallon L., Bascou J.J. Using CVSS in attack graphs // 2011 Sixth International Conference on Availability, Reliability and Security. – IEEE, 2011. – P. 59–66.</mixed-citation><mixed-citation xml:lang="en">Gallon L., Bascou J.J. Using CVSS in attack graphs. 2011 Sixth International Conference on Availability, Reliability and Security. IEEE, 2011:59–66.</mixed-citation></citation-alternatives></ref><ref id="cit23"><label>23</label><citation-alternatives><mixed-citation xml:lang="ru">Aksu M.U. et al. A quantitative CVSS-based cyber security risk assessment methodology for IT systems // 2017 International Carnahan Conference on Security Technology (ICCST). – IEEE, 2017. – P. 1–8.</mixed-citation><mixed-citation xml:lang="en">Aksu M.U. et al. A quantitative CVSS-based cyber security risk assessment methodology for IT systems. 2017 International Carnahan Conference on Security Technology (ICCST). IEEE, 2017;1–8.</mixed-citation></citation-alternatives></ref></ref-list><fn-group><fn fn-type="conflict"><p>The authors declare that there are no conflicts of interest present.</p></fn></fn-group></back></article>
