<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE article PUBLIC "-//NLM//DTD JATS (Z39.96) Journal Publishing DTD v1.3 20210610//EN" "JATS-journalpublishing1-3.dtd">
<article article-type="research-article" dtd-version="1.3" xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xml:lang="ru"><front><journal-meta><journal-id journal-id-type="publisher-id">vdgtu</journal-id><journal-title-group><journal-title xml:lang="ru">Вестник Дагестанского государственного технического университета. Технические науки</journal-title><trans-title-group xml:lang="en"><trans-title>Herald of Dagestan State Technical University. Technical Sciences</trans-title></trans-title-group></journal-title-group><issn pub-type="ppub">2073-6185</issn><issn pub-type="epub">2542-095X</issn><publisher><publisher-name>Daghestan State Technical University</publisher-name></publisher></journal-meta><article-meta><article-id pub-id-type="doi">10.21822/2073-6185-2025-52-4-49-62</article-id><article-id custom-type="elpub" pub-id-type="custom">vdgtu-1905</article-id><article-categories><subj-group subj-group-type="heading"><subject>Research Article</subject></subj-group><subj-group subj-group-type="section-heading" xml:lang="ru"><subject>ИНФОРМАЦИОННЫЕ ТЕХНОЛОГИИ И ТЕЛЕКОММУНИКАЦИИ</subject></subj-group><subj-group subj-group-type="section-heading" xml:lang="en"><subject>INFORMATION TECHNOLOGY AND TELECOMMUNICATIONS</subject></subj-group></article-categories><title-group><article-title>Оптимизация структуры ИСПДн объектов КИИ на основе теории рисков</article-title><trans-title-group xml:lang="en"><trans-title>Optimization of the structure of the information system of personal data of critical information infrastructure objects based on risk theory</trans-title></trans-title-group></title-group><contrib-group><contrib contrib-type="author" corresp="yes"><contrib-id contrib-id-type="orcid">https://orcid.org/0000-0003-4808-9422</contrib-id><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Бирих</surname><given-names>Э. В.</given-names></name><name name-style="western" xml:lang="en"><surname>Birikh</surname><given-names>E. V.</given-names></name></name-alternatives><bio xml:lang="ru"><p>Бирих Эрнест Владимирович - старший преподаватель, кафедра защищенных систем связи.</p><p>193232, Санкт-Петербург, пр. Большевиков, 22, к. 1</p></bio><bio xml:lang="en"><p>Ernest V. Birikh - Senior Lecturer, Department of Secure Communication Systems.</p><p>22 Bolshevikov Ave., build. 1, St Petersburg 193232</p></bio><email xlink:type="simple">be1982@mail.ru</email><xref ref-type="aff" rid="aff-1"/></contrib><contrib contrib-type="author" corresp="yes"><contrib-id contrib-id-type="orcid">https://orcid.org/0009-0003-0256-2330</contrib-id><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Фадеев</surname><given-names>И. И.</given-names></name><name name-style="western" xml:lang="en"><surname>Fadeev</surname><given-names>I. I.</given-names></name></name-alternatives><bio xml:lang="ru"><p>Фадеев Илья Игоревич - ассистент, кафедра защищенных систем связи.</p><p>193232, Санкт-Петербург, пр. Большевиков, 22, к. 1</p></bio><bio xml:lang="en"><p>Ilya I. Fadeev - Assistant, Department of Secure Communication Systems.</p><p>22 Bolshevikov Ave., build. 1, St Petersburg 193232</p></bio><email xlink:type="simple">fadeev.collapse@yandex.ru</email><xref ref-type="aff" rid="aff-1"/></contrib><contrib contrib-type="author" corresp="yes"><contrib-id contrib-id-type="orcid">https://orcid.org/0009-0005-7805-4249</contrib-id><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Николаев</surname><given-names>Е. Н.</given-names></name><name name-style="western" xml:lang="en"><surname>Nikolaev</surname><given-names>E. N.</given-names></name></name-alternatives><bio xml:lang="ru"><p>Николаев Ефим Николаевич - студент, кафедра информационной безопасности компьютерных сетей.</p><p>193232, Санкт-Петербург, пр. Большевиков, 22, к. 1</p></bio><bio xml:lang="en"><p>Efim  N.      Nikolaev - Student,         Department  of          Information Security       of       Computer    Networks.</p><p>22 Bolshevikov Ave., build. 1, St Petersburg 193232</p></bio><email xlink:type="simple">nickolaev.efim@yandex.ru</email><xref ref-type="aff" rid="aff-1"/></contrib><contrib contrib-type="author" corresp="yes"><contrib-id contrib-id-type="orcid">https://orcid.org/0000-0002-6130-5321</contrib-id><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Сахаров</surname><given-names>Д. В.</given-names></name><name name-style="western" xml:lang="en"><surname>Sakharov</surname><given-names>D. V.</given-names></name></name-alternatives><bio xml:lang="ru"><p>Сахаров Дмитрий Владимирович - кандидат технических наук, доцент, доцент, кафедра защищенных систем связи.</p><p>193232, Санкт-Петербург, пр. Большевиков, 22, к. 1</p></bio><bio xml:lang="en"><p>Dmitrii V. Sakharov - Cand. Sci. (Eng.), Assoc. Prof., Assoc. Prof. of the Department of Secure Communication Systems.</p><p>22 Bolshevikov Ave., build. 1, St Petersburg 193232</p></bio><email xlink:type="simple">sguard7@mail.ru</email><xref ref-type="aff" rid="aff-1"/></contrib><contrib contrib-type="author" corresp="yes"><contrib-id contrib-id-type="orcid">https://orcid.org/0009-0000-0693-0960</contrib-id><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Лужнико</surname><given-names>П. А.</given-names></name><name name-style="western" xml:lang="en"><surname>Luzhnikov</surname><given-names>P. A.</given-names></name></name-alternatives><bio xml:lang="ru"><p>Лужников Павел Алексеевич - кандидат технических наук, старший научный сотрудник, доцент, кафедра защищенных систем связи.</p><p>193232, Санкт-Петербург, пр. Большевиков, 22, к. 1</p></bio><bio xml:lang="en"><p>Pavel A. Luzhnikov - Cand. Sci. (Eng.), Assoc. Prof., Assoc. Prof. of the Department of Secure Communication Systems.</p><p>22 Bolshevikov Ave., build. 1, St Petersburg 193232</p></bio><email xlink:type="simple">Pavel_oreshek1@mail.ru</email><xref ref-type="aff" rid="aff-1"/></contrib></contrib-group><aff-alternatives id="aff-1"><aff xml:lang="ru"><institution>Санкт-Петербургский государственный университет телекоммуникаций имени профессора М.А. Бонч-Бруевича</institution><country>Россия</country></aff><aff xml:lang="en"><institution>M.A. Bonch-Bruevich Saint Petersburg State University of Telecommunications</institution><country>Russian Federation</country></aff></aff-alternatives><pub-date pub-type="collection"><year>2025</year></pub-date><pub-date pub-type="epub"><day>04</day><month>02</month><year>2026</year></pub-date><volume>52</volume><issue>4</issue><fpage>49</fpage><lpage>62</lpage><permissions><copyright-statement>Copyright &amp;#x00A9; Бирих Э.В., Фадеев И.И., Николаев Е.Н., Сахаров Д.В., Лужнико П.А., 2026</copyright-statement><copyright-year>2026</copyright-year><copyright-holder xml:lang="ru">Бирих Э.В., Фадеев И.И., Николаев Е.Н., Сахаров Д.В., Лужнико П.А.</copyright-holder><copyright-holder xml:lang="en">Birikh E.V., Fadeev I.I., Nikolaev E.N., Sakharov D.V., Luzhnikov P.A.</copyright-holder><license xml:lang="ru" license-type="creative-commons-attribution" xlink:href="https://creativecommons.org/licenses/by/4.0/" xlink:type="simple"><license-p>Данная работа распространяется под лицензией Creative Commons Attribution 4.0.</license-p></license><license xml:lang="en" license-type="creative-commons-attribution" xlink:href="https://creativecommons.org/licenses/by/4.0/" xlink:type="simple"><license-p>This work is licensed under a Creative Commons Attribution 4.0 License.</license-p></license></permissions><self-uri xlink:href="https://vestnik.dgtu.ru/jour/article/view/1905">https://vestnik.dgtu.ru/jour/article/view/1905</self-uri><abstract><sec><title>Цель</title><p>Цель. Целью исследования является снижение актуальных рисков ИБ важных активов на основе анализа и систематизации значимых недостатков, выявленных в результате аудита ИБ ИСПДн в двадцати организациях КИИ.</p></sec><sec><title>Метод</title><p>Метод. Обобщение и анализ результатов контрольно-надзорной деятельности ИСПДн объектов КИИ, выявление наиболее опасных угроз на основе теории рисков.</p></sec><sec><title>Результат</title><p>Результат. Выявлены опасные угрозы ИБ объектов КИИ, предложены решения по усилению защищенности ИСПДн путем изменения топологии, повышения защищенности сервера с ПДн за счет сегментации сети, многоуровневой фильтрации трафика и комплексного мониторинга. Проведен расчет эффективности предложенных мер.</p></sec><sec><title>Вывод</title><p>Вывод. Выявлены опасные типовые угрозы ИБ объектов КИИ, предложены решения по усилению защищенности в информационных системах персональных данных.</p></sec></abstract><trans-abstract xml:lang="en"><sec><title>Objective</title><p>Objective. The purpose of the study is to reduce the actual risks of information security of important assets based on the analysis and systematization of significant deficiencies identified as a result of the ISPDn information security audit in twenty CII organizations.</p></sec><sec><title>Method</title><p>Method. Generalization and analysis of the results of the control and supervisory activities of ISPs of CII facilities, identification of the most dangerous threats based on risk theory.</p></sec><sec><title>Result</title><p>Result. Dangerous threats to the information security of CII facilities have been identified, and solutions have been proposed to enhance the security of ISPs by changing the topology, increasing the security of the server with PD through network segmentation, multi-level traffic filtering and integrated monitoring. The effectiveness of the proposed measures has been calculated.</p></sec><sec><title>Conclusion</title><p>Conclusion. Dangerous typical threats to the information security of CII facilities have been identified, and solutions have been proposed to enhance security in personal data information systems.</p></sec></trans-abstract><kwd-group xml:lang="ru"><kwd>информационная система персональных данных</kwd><kwd>объекты критической информационной инфраструктуры</kwd><kwd>защита информации</kwd><kwd>модель угроз</kwd><kwd>модель нарушителя</kwd><kwd>информационная безопасность</kwd><kwd>теория рисков</kwd><kwd>сетевая инфраструктура</kwd></kwd-group><kwd-group xml:lang="en"><kwd>рersonal data information system</kwd><kwd>critical objects</kwd><kwd>information protection</kwd><kwd>threat model</kwd><kwd>intruder model</kwd><kwd>information security</kwd><kwd>risk theory</kwd><kwd>network infrastructure</kwd></kwd-group><funding-group><funding-statement xml:lang="ru">Исследование выполнено при финансовой поддержке Минцифры России («Грант ИБ МТУСИ № 40469 №22/21-к и №10/22-к»)</funding-statement><funding-statement xml:lang="en">The study was carried out with the financial support of the Ministry of Digital Development of the Russian Federation (Grant IB MTUCI No. 40469 No. 22/21-k and No. 10/22-k)</funding-statement></funding-group></article-meta></front><back><ref-list><title>References</title><ref id="cit1"><label>1</label><citation-alternatives><mixed-citation xml:lang="ru">Миняев А.А., Красов А.В., Сахаров Д.В. Метод оценки эффективности системы защиты информации территориально-распределенных информационных систем персональных данных. Вестник Санкт-Петербургского государственного университета технологии и дизайна. Серия 1: Естественные и технические науки. 2020. № 1. С. 29-33 (15.08.2024).</mixed-citation><mixed-citation xml:lang="en">Minyaev A.A., Krasov A.V., Sakharov D.V. A method for evaluating the effectiveness of the information protection system of geographically distributed personal data information systems. Bulletin of the St. Petersburg State University of Technology and Design. Series 1: Natural and Technical Sciences. 2020; 1: 29-33. (08/15/2024) (In Russ).</mixed-citation></citation-alternatives></ref><ref id="cit2"><label>2</label><citation-alternatives><mixed-citation xml:lang="ru">Красов А.В., Лансере Н.Н., Фадеев И.И., Гельфанд А.М., Лесневский М.В. Типовые офтальмологические информационные системы, являющиеся объектами критической информационной инфраструктуры. Офтальмохирургия. 2022. № S4. С. 85-91 (15.08.2024).</mixed-citation><mixed-citation xml:lang="en">Krasov A.V., Lancere N.N., Fadeev I.I., Gelfand A.M., Lesnevsky M.V. Typical ophthalmological information systems that are objects of critical information infrastructure. Ophthalmosurgery. 2022; S4: 85-91. (08/15/2024). (In Russ).</mixed-citation></citation-alternatives></ref><ref id="cit3"><label>3</label><citation-alternatives><mixed-citation xml:lang="ru">Миняев А.А. Моделирование угроз безопасности информации в территориально-распределенных информационных системах. Наукоемкие технологии в космических исследованиях Земли. 2021. Т. 13. № 2. С. 52-65.</mixed-citation><mixed-citation xml:lang="en">Minyaev A.A. Modeling of information security threats in geographically distributed information systems. High-tech technologies in space exploration of the Earth. 2021; 13(2):52-65. (In Russ).</mixed-citation></citation-alternatives></ref><ref id="cit4"><label>4</label><citation-alternatives><mixed-citation xml:lang="ru">Lipatnikov V., Tikhonov V., Shevchenko A., Saharov D., Polyanicheva A. Security management in large-scale heterogeneous network systems based on intelligent information security services. В сборнике: ACM International Conference Proceeding Series. 5, The Premier Conference on Smart Next Generation Networking Technologies. Сер. "ICFNDS 2021 5th International Conference on Future Networks and Distributed Systems: The Premier Conference on Smart Next Generation Networking Technologies" 2021. С. 562-567 (19.08.2024).</mixed-citation><mixed-citation xml:lang="en">Lipatnikov V., Tikhonov V., Shevchenko A., Saharov D., Polyanicheva A. Security management in large-scale heterogeneous network systems based on intelligent information security services. In the collection: ACM International Conference Proceeding Series. 5, The Premier Conference on Smart Next Generation Networking Technologies. Cer. "ICFNDS 2021 5th International Conference on Future Networks and Distributed Systems: The Premier Conference on Smart Next Generation Networking Technologies" 2021: 562-567. (08/19/2024).</mixed-citation></citation-alternatives></ref><ref id="cit5"><label>5</label><citation-alternatives><mixed-citation xml:lang="ru">Korshunov G.A., Lipatnikov V.A., Shevchenko A.A. Decision support systems for information protection in the management of the information network. В сборнике: Fuzzy Technologies in the Industry FTI 2018. Proceedings of the II International Scientific and Practical Conference. Сер. "CEUR Workshop Proceedings" 2018. С. 418-426.</mixed-citation><mixed-citation xml:lang="en">Korshunov G.A., Lipatnikov V.A., Shevchenko A.A. Decision support systems for information protection in the management of the information network. In the collection: Fuzzy Technologies in the Industry FTI 2018. Proceedings of the II International Scientific and Practical Conference. Ser. "CEUR Workshop Proceedings" 2018: 418-426.</mixed-citation></citation-alternatives></ref><ref id="cit6"><label>6</label><citation-alternatives><mixed-citation xml:lang="ru">Ковцур М.М., Сахаров Д.В., Бирих Э.В., Дрепа В.Е. Метод обнаружения wlan точек доступа нарушителя в распределенной ИСПДн // Электросвязь. 2024. № 12-2. С. 60-69 (22.08.2024).</mixed-citation><mixed-citation xml:lang="en">Kovtsur M.M., Sakharov D.V., Birikh E.V., Drepa V.E. Method of detecting wlan access points of an intruder in a distributed ISPDn. Telecommunication. 2024;12-2: 60-69 (08/22/2024). (In Russ).</mixed-citation></citation-alternatives></ref><ref id="cit7"><label>7</label><citation-alternatives><mixed-citation xml:lang="ru">Сахаров Д.В., Штеренберг С.И., Левин М.В., Колесникова Ю.А. Разработка модели обеспечения отказоустойчивости сети передачи данных. Известия высших учебных заведений. Технология легкой промышленности. 2016. Т. 34. № 4. С. 14-20 (25.08.2024).</mixed-citation><mixed-citation xml:lang="en">Sakharov D.V., Shterenberg S.I., Levin M.V., Kolesnikova Yu.A. Development of a data transmission network fault tolerance model. News of higher educational institutions. Technology of light industry. 2016; 34(4):14-20. (08/25/2024). (In Russ).</mixed-citation></citation-alternatives></ref><ref id="cit8"><label>8</label><citation-alternatives><mixed-citation xml:lang="ru">Синельщиков В. С., Цветков А. Ю. Защита персональных данных на предприятии //Актуальные проблемы инфотелекоммуникаций в науке и образовании (АПИНО 2021). – 2021. – С. 653-657 (26.08.2024).</mixed-citation><mixed-citation xml:lang="en">Sinelshchikov V. S., Tsvetkov A. Yu. Protection of personal data at the enterprise. Actual problems of infotelec communications in science and education (APINO 2021). 2021:653-657 (08/26/2024). (In Russ).</mixed-citation></citation-alternatives></ref><ref id="cit9"><label>9</label><citation-alternatives><mixed-citation xml:lang="ru">Бирих Э.В. Разработка программного модуля для автоматизации определения уровня защищенности в ИСПДн / Булова М.Д., Казанцев А.А., Миняев А.А. //В сборнике: Актуальные проблемы инфотелекоммуникаций в науке и образовании (АПИНО 2024). Материалы XIII Международной научно-технической и научно-методической конференции. Санкт-Петербург, 2024. С. 122-127 (27.08.2024).</mixed-citation><mixed-citation xml:lang="en">Birikh E.V. Development of a software module for automating the determination of the security level in ISPs / Bulova M.D., Kazantsev A.A., Minyaev A.A. // In the collection: Actual problems of infotelec communications in science and education (APINO 2024). Proceedings of the XIII International Scientific, Technical, Scientific and Methodological Conference. Saint Petersburg, 2024:122-127 (08/27/2024). (In Russ).</mixed-citation></citation-alternatives></ref><ref id="cit10"><label>10</label><citation-alternatives><mixed-citation xml:lang="ru">Лаврова Д.С., Попова Е.А., Штыркина А.А., Штеренберг С.И. Предупреждение Dos-атак путем прогнозирования значений корреляционных параметров сетевого трафика. Проблемы информационной безопасности. Компьютерные системы. – 2018. – №. 3. – С. 70-77.</mixed-citation><mixed-citation xml:lang="en">Lavrova D.S., Popova E.A., Shtyrkina A.A., Shterenberg S.I. Prevention of Dos attacks by predicting the values of correlation parameters of network traffic. Information security issues. Computer systems. 2018;3:70-77. (In Russ).</mixed-citation></citation-alternatives></ref><ref id="cit11"><label>11</label><citation-alternatives><mixed-citation xml:lang="ru">Kovtsur M., Minyaev A., Khramtsov D., Abramenko G. Investigation of attacks and methods of protection of wireless networks during authorization using the ieee 802.1x protocol. В сборнике: ACM International Conference Proceeding Series. 5, The Premier Conference on Smart Next Generation Networking Technologies. Сер. "ICFNDS 2021 5th International Conference on Future Networks and Distributed Systems: The Premier Conference on Smart Next Generation Networking Technologies" 2021. С. 555-561 (4.09.2024).</mixed-citation><mixed-citation xml:lang="en">Kovtsur M., Minyaev A., Khramtsov D., Abramenko G. Investigation of attacks and methods of protection of wireless networks during authorization using the ieee 802.1x protocol.In the collection: ACM International Conference Proceeding Series. 5, The Premier Conference on Smart Next Generation Networking Technologies. Cer. "ICFNDS 2021 5th International Conference on Future Networks and Distributed Systems: The Premier Conference on Smart Next Generation Networking Technologies" 2021:555-561. (094/2024).</mixed-citation></citation-alternatives></ref><ref id="cit12"><label>12</label><citation-alternatives><mixed-citation xml:lang="ru">Minyaev A.A., Krasov A.V., Saharov D.V. The method and methodology of efficiency assessment of protection system of distributed information systems. В сборнике: 12th International Congress on Ultra Modern Telecommunications and Control Systems and Workshops, ICUMT 2020. Brno, 2020. С. 291-295 (6.09.2024).</mixed-citation><mixed-citation xml:lang="en">Minyaev A.A., Krasov A.V., Saharov D.V. The method and methodology of efficiency assessment of protection system of distributed information systems. In the collection: 12th International Congress on Ultra Modern Telecommunications and Control Systems and Workshops, ICUMT 2020. Brno, 2020: 291-295. (09/6/2024).</mixed-citation></citation-alternatives></ref><ref id="cit13"><label>13</label><citation-alternatives><mixed-citation xml:lang="ru">Сахаров Д.В., Ковцур М.М., Бахтин Д.В. Модель защиты от эксплойтов и руткитов с последующим анализом и оценкой инцидентов. Наукоемкие технологии в космических исследованиях Земли. 2019. Т. 11. № 5. С. 22-31.</mixed-citation><mixed-citation xml:lang="en">Sakharov D.V., Kovtsur M.M., Bakhtin D.V. A model of protection against exploits and rootkits with subsequent analysis and assessment of incidents. High-tech technologies in space exploration of the Earth. 2019;11(5):22-31. (In Russ).</mixed-citation></citation-alternatives></ref><ref id="cit14"><label>14</label><citation-alternatives><mixed-citation xml:lang="ru">Федеральный закон «О внесении изменений в Уголовный кодекс Российской Федерации» от 30.11.2024 № 421-ФЗ.</mixed-citation><mixed-citation xml:lang="en">Federal Law "On Amendments to the Criminal Code of the Russian Federation" dated 11/30/2024 No. 421-FZ.</mixed-citation></citation-alternatives></ref><ref id="cit15"><label>15</label><citation-alternatives><mixed-citation xml:lang="ru">Приказ ФСТЭК России "Об утверждении состава и содержания организационных и технических мер по обеспечению безопасности персональных данных при их обработке в информационных системах персональных данных" от 18.02.2013 № 21. URL: https://fstec.ru/dokumenty/vse-dokumenty/prikazy/prikaz-fstek-rossii-ot-18-fevralya2013-g-n-21. 2013 г. с изм. и допол. в ред. от 25.11.2022. (20.09.2024).</mixed-citation><mixed-citation xml:lang="en">Order of the FSTEC of Russia "On Approval of the Composition and Content of Organizational and Technical Measures to Ensure the Security of Personal Data during their Processing in Personal Data Information Systems" dated 02/18/2013 No. 21. URL: https://fstec.ru/dokumenty/vse-dokumenty/prikazy/prikaz-fstek-rossii-ot-18-fevralya-2013-g-n-21 . 2013 with amendments and additions. ed. dated 11/25/2022. (09/20/2024). (In Russ).</mixed-citation></citation-alternatives></ref><ref id="cit16"><label>16</label><citation-alternatives><mixed-citation xml:lang="ru">Приказ ФСТЭК России "Об утверждении требований к обеспечению защиты информации в автоматизированных системах управления производственными и технологическими процессами на критически важных объектах, потенциально опасных объектах, а также объектах, представляющих повышенную опасность для жизни и здоровья людей и для окружающей природной среды" от 14.03.2014 № 31. URL: https://fstec.ru/dokumenty/vsedokumenty/prikazy/prikaz-fstek-rossii-ot-14-marta-2014-g-n-31. 2014 г. с изм. и допол. в ред. от 16.01.2023. (20.09.2024).</mixed-citation><mixed-citation xml:lang="en">Order of the FSTEC of Russia "On Approval of Requirements for Information Security in Automated Control Systems for Production and Technological Processes at Critical Facilities, Potentially Dangerous Facilities, as well as Facilities that pose an Increased Danger to Human Life and Health and to the Environment" dated 03/14/2014 No. 31. URL: https://fstec.ru/dokumenty/vse-dokumenty/prikazy/prikaz-fstek-rossii-ot-14-marta-2014-g-n-31 2014 with amendments and additions. ed. from 01/16/2023. (09/20/2024). (In Russ).</mixed-citation></citation-alternatives></ref><ref id="cit17"><label>17</label><citation-alternatives><mixed-citation xml:lang="ru">Risk management guide for information technology systems. Recommendations of the National Institute of Standards and Technology: NIST 800-30. – Введ. 06.01.2002. – США. – 2002. – 56 с. (22.09.2024).</mixed-citation><mixed-citation xml:lang="en">Risk management guide for information technology systems. Recommendations of the National Institute of Standards and Technology: NIST 800-30. – Introduction. 06.01.2002. – USA. – 2002: 56 (09/22/2024).</mixed-citation></citation-alternatives></ref><ref id="cit18"><label>18</label><citation-alternatives><mixed-citation xml:lang="ru">Информационные технологии. Методы и средства обеспечения безопасности. Ч. 3. Методы менеджмента безопасности информационных технологий: ГОСТ Р ИСО/МЭК ТО 13335-3-2007. – Введ. 01.09.2007. – М.: Стандартинформ, 2007. – 76 с (23.09.2024).</mixed-citation><mixed-citation xml:lang="en">Information technology. Methods and means of ensuring security. Part 3. Methods of information technology security management: GOST R ISO/IEC TO 13335-3-2007. – Introduction. 09/01/2007. Moscow: Standartinform, 2007:76 (09/23/2024). (In Russ).</mixed-citation></citation-alternatives></ref><ref id="cit19"><label>19</label><citation-alternatives><mixed-citation xml:lang="ru">Андрианов В.И., Красов А.В., Липатников В.А. Инновационное управление рисками информационной безопасности. Учебное пособие / Санкт-Петербург, 2012 (24.09.2024).</mixed-citation><mixed-citation xml:lang="en">Andrianov V.I., Krasov A.V., Lipatnikov V.A. Innovative information security risk management. Textbook / Saint Petersburg, 2012 (09/24/2024). (In Russ).</mixed-citation></citation-alternatives></ref><ref id="cit20"><label>20</label><citation-alternatives><mixed-citation xml:lang="ru">Аналитический отчёт: Ландшафт киберугроз для России и СНГ 2024 // Лаборатория Касперского. URL: https://go.kaspersky.com/rs/802-IJN-240/images/Report_Threat_Landscape_RU.pdf (24.01.2025).</mixed-citation><mixed-citation xml:lang="en">Analytical report: The Cyber Threat Landscape for Russia and the CIS 2024 // Kaspersky Lab. URL: https://go.kaspersky.com/rs/802-IJN-240/images/Report_Threat_Landscape_RU.pdf (24.01.2025). (In Russ).</mixed-citation></citation-alternatives></ref><ref id="cit21"><label>21</label><citation-alternatives><mixed-citation xml:lang="ru">Every third cyber incident was due to ransomware, Kaspersky reports // Лаборатория Касперского URL: https://securelist.com/state-of-ransomware-2023/112590/ (дата обращения: 24.10.2024).</mixed-citation><mixed-citation xml:lang="en">Every third cyber incident was due to ransomware, Kaspersky reports // Kaspersky Lab URL: https://securelist.com/stateof-ransomware-2023/112590 / (accessed: 10/24/2024).</mixed-citation></citation-alternatives></ref><ref id="cit22"><label>22</label><citation-alternatives><mixed-citation xml:lang="ru">Отчеты от центров экспертизы «Лаборатории Касперского»: комплексный анализ актуальных угроз, технологий и трендов всё для усиления вашей кибербезопасности. // Лаборатория Касперского URL: https://www.kaspersky.ru/enterprise-security/resources/white-papers (25.01.2025).</mixed-citation><mixed-citation xml:lang="en">Reports from Kaspersky Lab's Expertise Centers: Comprehensive analysis of current threats, technologies, and trends everything to enhance your cybersecurity. // Kaspersky Lab URL: https://www.kaspersky.ru/enterprise-security/resources/white-papers (01/25/2025).</mixed-citation></citation-alternatives></ref><ref id="cit23"><label>23</label><citation-alternatives><mixed-citation xml:lang="ru">Бирих Э.В. К вопросу об аудите персональных данных / Ферапонтова С.С. // В сборнике: Актуальные проблемы инфотелекоммуникаций в науке и образовании (АПИНО 2018). VII Международная научно-техническая и научно-методическая конференция. Сборник научных статей. В 4-х томах. Под редакцией С.В. Бачевского. 2018. С. 111-114. (27.01.2025).</mixed-citation><mixed-citation xml:lang="en">Birikh E.V. On the issue of personal data audit / Ferapontova S.S. In the collection: Actual problems of infotelec communications in science and education (APINO 2018). VII International Scientific, Technical, Scientific and Methodological Conference. Collection of scientific articles. In 4 volumes. Edited by S.V. Bachevsky. 2018:111-114 (01/27/2025). (In Russ).</mixed-citation></citation-alternatives></ref><ref id="cit24"><label>24</label><citation-alternatives><mixed-citation xml:lang="ru">Korshunov G.I., Lipatnikov V.A., Omarov R.G., Varzhapetian A.G. Prevention of attacks with distributed denial of service for information networks of cyberphysical systems. В сборнике: JOP Conference Series: Metrological Support of Innovative Technologies. Krasnoyarsk Science and Technology City Hall of the Russian Union of Scientific and Engineering Associations. Krasnoyarsk, Russia, 2020. С. 32060. (27.01.2025).</mixed-citation><mixed-citation xml:lang="en">Korshunov G.I., Lipatnikov V.A., Omarov R.G., Varzhapetian A.G. Prevention of attacks with distributed denial of service for information networks of cyberphysical systems. In the collection: JOP Conference Series: Metrological Support of Innovative Technologies. Krasnoyarsk Science and Technology City Hall of the Russian Union of Scientific and Engineering Associations. Krasnodar, Russia, 2020. pp. 32060. (01/27/2025).</mixed-citation></citation-alternatives></ref><ref id="cit25"><label>25</label><citation-alternatives><mixed-citation xml:lang="ru">Как устаревшие технологии ставят под угрозу безопасность и эффективность бизнеса // vc.ru — бизнес, технологии, идеи, модели роста, стартапы URL: https://vc.ru/u/2040785-gruppa-kompanii-x-com/1417550-kakustarevshie-tehnologii-stavyat-pod-ugrozu-bezopasnost-i-effektivnost-biznesa (25.10.2024).</mixed-citation><mixed-citation xml:lang="en">How outdated technologies jeopardize business security and efficiency // vc.ru — business, technology, ideas, growth models, startups URL: https://vc.ru/u/2040785-gruppa-kompanii-x-com/1417550-kak-ustarevshie-tehnologii-stavyatpod-ugrozu-bezopasnost-i-effektivnost-biznesa (10/25/2024). (In Russ).</mixed-citation></citation-alternatives></ref><ref id="cit26"><label>26</label><citation-alternatives><mixed-citation xml:lang="ru">Бирих Э.В., Ферапонтова С.С. К вопросу об аудите персональных данных // В сборнике: Актуальные проблемы инфотелекоммуникаций в науке и образовании (АПИНО 2018). VII Международная научно-техническая и научно-методическая конференция. Сборник научных статей. В 4-х томах. Под редакцией С.В. Бачевского. 2018. С. 111-114.</mixed-citation><mixed-citation xml:lang="en">Birikh E.V., Ferapontova S.S. On the issue of personal data audit. In the collection: Actual problems of infotelec communications in science and education (APINO 2018). VII International Scientific, Technical, Scientific and Methodological Conference. Collection of scientific articles. In 4 volumes. Edited by S.V. Bachevsky. 2018:111-114. (In Russ).</mixed-citation></citation-alternatives></ref><ref id="cit27"><label>27</label><citation-alternatives><mixed-citation xml:lang="ru">Yurkin D.V., Livshitz I.I., Minyaev A.A. Formation of the instantaneous information security audit concept. Communications in Computer and Information Science. 2016. Т. 678. С. 314-324. Kashevnik A., Ponomarev A., Krasov A. Human-computer threats classification in intelligent transportation systems. Conference of Open Innovations Association, FRUCT. 2020. № 26. С. 151-157. (27.01.2025).</mixed-citation><mixed-citation xml:lang="en">Yurkin D.V., Livshitz I.I., Minyaev A.A. Formation of the instantaneous information security audit concept. Communications in Computer and Information Science. 2016. Vol. 678. pp. 314-324. Kashevnik A., Ponomarev A., Krasov A. Human-computer threats classification in intelligent transportation systems. Conference of Open Innovations Association, FRUCT. 2020; 26:151-157. (01/27/2025).</mixed-citation></citation-alternatives></ref><ref id="cit28"><label>28</label><citation-alternatives><mixed-citation xml:lang="ru">Doynikova E.V., Fedorchenko A.V., Novikova E.S., Ushakov I.A., Krasov A.V. Security decision support in the control systems based on graph models. В сборнике: Proceedings of 2021 IV International Conference on Control in Technical Systems (CTS). IEEE, 2021. С. 224-227. (28.01.2025).</mixed-citation><mixed-citation xml:lang="en">Doynikova E.V., Fedorchenko A.V., Novikova E.S., Ushakov I.A., Krasov A.V. Security decision support in the control systems based on graph models. In the collection: Proceedings of the 2021 IV International Conference on Control in Technical Systems (CTS). IEEE, 2021: 224-227. (01/28/2025).</mixed-citation></citation-alternatives></ref><ref id="cit29"><label>29</label><citation-alternatives><mixed-citation xml:lang="ru">Balueva A., Desnitsky V., Ushakov I. Approach to detection of denial-of-sleep attacks in wireless sensor networks on the base of machine learning. Studies in Computational Intelligence. 2020. Т. 868. С. 350-355. (2.02.2025).</mixed-citation><mixed-citation xml:lang="en">Balueva A., Desnitsky V., Ushakov I. Approach to detection of denial-of-sleep attacks in wireless sensor networks on the base of machine learning. Studies in Computational Intelligence. 2020; 868: 350-355. (2.02.2025).</mixed-citation></citation-alternatives></ref><ref id="cit30"><label>30</label><citation-alternatives><mixed-citation xml:lang="ru">Vitkova L., Saenko I., Tushkanova O. An approach to creating an intelligent system for detecting and countering inappropriate information on the internet. Studies in Computational Intelligence. 2020. Т. 868. С. 244-254. (4.02.2025).</mixed-citation><mixed-citation xml:lang="en">Vitkova L., Saenko I., Tushkanova O. An approach to creating an intelligent system for detecting and countering inappropriate information on the internet. Studies in Computational Intelligence. 2020; 868: 244-254. (02/14/2025).</mixed-citation></citation-alternatives></ref><ref id="cit31"><label>31</label><citation-alternatives><mixed-citation xml:lang="ru">Krasov A., Vitkova L., Pestov I. Behavioral analysis of resource allocation systems in cloud infrastructure. В сборнике: Proceedings 2019 International Russian Automation Conference, RusAutoCon 2019. 2019. С. 8867699.</mixed-citation><mixed-citation xml:lang="en">Krasov A., Vitkova L., Pestov I. Behavioral analysis of resource allocation systems in cloud infrastructure. In the collection: Proceedings 2019 International Russian Automation Conference, RusAutoCon 2019. 2019:.8867699.</mixed-citation></citation-alternatives></ref><ref id="cit32"><label>32</label><citation-alternatives><mixed-citation xml:lang="ru">Kotenko I., Vitkova L., Saenko I., Tushkanova O., Branitskiy A. The intelligent system for detection and counteraction of malicious and inappropriate information on the internet. AI Communications. 2020. -Т. -33. № 1. -С. 13-25.</mixed-citation><mixed-citation xml:lang="en">Kotenko I., Vitkova L., Saenko I., Tushkanova O., Branitskiy A. The intelligent system for detection and counteraction of malicious and inappropriate information on the internet. AI Communications. 2020; 33(1):13-25.</mixed-citation></citation-alternatives></ref><ref id="cit33"><label>33</label><citation-alternatives><mixed-citation xml:lang="ru">Zhernova K., Chechulin A. Overview of vulnerabilities of decision support interfaces based on virtual and augmented reality technologies. Lecture Notes in Networks and Systems. 2022. Т. 330 LNNS. С. 400-409. (7.02.2025).</mixed-citation><mixed-citation xml:lang="en">Zhernova K., Chechulin A. Overview of vulnerabilities of decision support interfaces based on virtual and augmented reality technologies. Lecture Notes in Networks and Systems. 2022; 330 LNNS:400-409 (02/7/2025).</mixed-citation></citation-alternatives></ref><ref id="cit34"><label>34</label><citation-alternatives><mixed-citation xml:lang="ru">Buinevich M., Izrailov K., Kotenko I., Ushakov I., Vlasov D. Approach to combining different methods for detecting insiders. В сборнике: ACM International Conference Proceeding Series. 4. Сер. "Proceedings of the 4th International Conference on Future Networks and Distributed Systems, ICFNDS 2020" 2020. С. 3442619. (7.02.2025).</mixed-citation><mixed-citation xml:lang="en">Buinevich M., Izrailov K., Kotenko I., Ushakov I., Vlasov D. Approach to combining different methods for detecting insiders. In the collection: ACM International Conference Proceeding Series. 4. Proceedings of the 4th International Conference on Future Networks and Distributed Systems, ICFNDS 2020, 2020: 3442619. (02/7/2025).</mixed-citation></citation-alternatives></ref><ref id="cit35"><label>35</label><citation-alternatives><mixed-citation xml:lang="ru">Бирих Э.В., Паскенова А.У. Комплексная защита объекта информатизации // В сборнике: Технологии информационного общества. Сборник трудов XIX Международной отраслевой научно-технической конференции. Москва, 2025. С. 136-138. (8.02.2025).</mixed-citation><mixed-citation xml:lang="en">Birich E.V., Paskenova A.U. Complex protection of the informatization object // In the collection: Information Society Technologies. Proceedings of the XIX International Industrial Scientific and Technical Conference. Moscow, 2025. pp. 136-138 (02/08/2025). (In Russ).</mixed-citation></citation-alternatives></ref><ref id="cit36"><label>36</label><citation-alternatives><mixed-citation xml:lang="ru">IPS/IDS — системы обнаружения и предотвращения вторжений // Selectel — аренда IT-инфраструктуры для бизнеса URL: https://selectel.ru/blog/ips-and-ids/ (25.10.2024).</mixed-citation><mixed-citation xml:lang="en">IPS/IDS intrusion detection and prevention systems. Selectel rental of IT infrastructure for business URL: https://selectel.ru/blog/ips-and-ids / (10/25/2024). (In Russ).</mixed-citation></citation-alternatives></ref><ref id="cit37"><label>37</label><citation-alternatives><mixed-citation xml:lang="ru">Сегментация сети в парадигме результативной кибербезопасности // Результативная кибербезопасность URL: https://rezbez.ru/article/segmentacziya-seti-v-paradigme-rezultativnoj-kiberbezopasnosti (дата обращения: 25.01.2024).</mixed-citation><mixed-citation xml:lang="en">Network segmentation in the effective cybersecurity paradigm. Effective cybersecurity URL: https://rezbez.ru/article/segmentacziya-seti-v-paradigme-rezultativnoj-kiberbezopasnosti (date of reference: 01/25/2024).</mixed-citation></citation-alternatives></ref><ref id="cit38"><label>38</label><citation-alternatives><mixed-citation xml:lang="ru">Липатников В.А., Сахаров Д.В., Кузнецов И.А. Управление безопасностью распределенной ивс на основе прогноза заражения компьютерным вирусом. Электросвязь. 2017. № 1. С. 53-59. (9.02.2025).</mixed-citation><mixed-citation xml:lang="en">Lipatnikov V.A., Sakharov D.V. Kuznetsov I.A. Security management of a distributed IVS based on the prediction of infection with a computer virus. Telecommunications. 2017;1:53-59. (02/9/2025). (In Russ).</mixed-citation></citation-alternatives></ref><ref id="cit39"><label>39</label><citation-alternatives><mixed-citation xml:lang="ru">Медведева И.М., Бирих Э.В. Методы защиты от утечек конфиденциальной информации и персональных данных // Актуальные проблемы социально-гуманитарного и научно-технического знания. 2025. № 1(41). С. 5-8.</mixed-citation><mixed-citation xml:lang="en">Medvedeva I.M., Birikh E.V. Methods of protection against leaks of confidential information and personal data. Actual problems of socio-humanitarian and scientific-technical knowledge. 2025;1 (41): 5-8. (In Russ).</mixed-citation></citation-alternatives></ref><ref id="cit40"><label>40</label><citation-alternatives><mixed-citation xml:lang="ru">Бирих Э.В., Булова М.Д., Казанцев А.А., Миняев А.А. Разработка программного модуля для автоматизации определения уровня защищенности в ИСПДН // В сборнике: Актуальные проблемы инфотелекоммуникаций в науке и образовании (АПИНО 2024). Материалы XIII Международной научно-технической и научно-методической конференции. Санкт-Петербург, 2024. С. 122-127 (14.02.2025).</mixed-citation><mixed-citation xml:lang="en">Birikh E.V., Bulova M.D., Kazantsev A.A., Minyaev A.A. Development of a software module for automating the determination of the security level in ISPS // In the collection: Current problems of infotelec communications in science and education (APINO 2024). Proceedings of the XIII International Scientific, Technical, Scientific and Methodological Conference. Saint Petersburg, 2024. pp. 122-127 (02/14/2025). (In Russ).</mixed-citation></citation-alternatives></ref><ref id="cit41"><label>41</label><citation-alternatives><mixed-citation xml:lang="ru">Махмутова Н.Ф., Бирих Э.В., Сахаров Д.В., Кривец А.С., Дегтярев М.А. Исследование способов повышения безопасности корпоративных сетей. Вестник Дагестанского государственного технического университета. Технические науки. 2024;51(3):110-116. https://doi.org/10.21822/2073-6185-2024-51-3-110-116 (17.02.2025).</mixed-citation><mixed-citation xml:lang="en">Makhmutova N.F., Birikh E.V., Sakharov D.V., Krivets A.S., Degtyarev M.A. Investigation of ways to improve the security of corporate networks. Herald of Daghestan State Technical University. Technical Sciences. 2024;51(3):110-116. https://doi.org/10.21822/2073-6185-2024-51-3-110-116 (02/17/2025). (In Russ).</mixed-citation></citation-alternatives></ref><ref id="cit42"><label>42</label><citation-alternatives><mixed-citation xml:lang="ru">Ковцур М.М., Сахаров Д.В., Бирих Э.В., Дрепа В.Е. Метод обнаружения wlan точек доступа нарушителя в распределенной ИСПДН // Электросвязь. 2024. № 12-2. С. 60-69. (18.02.2025).</mixed-citation><mixed-citation xml:lang="en">Kovtsur M.M., Sakharov D.V., Birikh E.V., Drepa V.E. A method for detecting an intruder's wlan access points in a distributed ISPDN. Telecommunications. 2024;12-2: 60-69 (02/18/2025). (In Russ).</mixed-citation></citation-alternatives></ref><ref id="cit43"><label>43</label><citation-alternatives><mixed-citation xml:lang="ru">Сахаров Д.В., Красов А.В., Ушаков И.А., Орлов Г.А. Защищенная модель программно-определяемой сети в среде виртуализации KVM. Электросвязь. 2020. № 3. С. 26-32. (23.02.2025).</mixed-citation><mixed-citation xml:lang="en">Sakharov D.V., Krasov A.V., Ushakov I.A., Orlov G.A. A secure model of a software-defined network in a KVM virtualization environment. Telecommunications. 2020; 3:26-32 (02/23/2025). (In Russ).</mixed-citation></citation-alternatives></ref><ref id="cit44"><label>44</label><citation-alternatives><mixed-citation xml:lang="ru">Андрианов В.И., Бухарин В.В., Кирьянов А.В., Липатников В.А., Санин И.Ю., Сахаров Д.В., Стародубцев Ю.И. Способ защиты информационно-вычислительных сетей от компьютерных атак // Патент на изобретение RU 2472211 C1, 10.01.2013. Заявка № 2011147613/08 от 23.11.2011 (24.02.2025).</mixed-citation><mixed-citation xml:lang="en">Andrianov V.I., Bukharin V.V., Kiryanov A.V., Lipatnikov V.A., Sanin I.Yu., Sakharov D.V., Starodubtsev Yu.I. A method for protecting information and computing networks from computer attacks. Patent for invention RU 2472211 C1, 10.01.2013. Application No. 2011147613/08 dated 11/23/2011 (02/24/2025). (In Russ).</mixed-citation></citation-alternatives></ref></ref-list><fn-group><fn fn-type="conflict"><p>The authors declare that there are no conflicts of interest present.</p></fn></fn-group></back></article>
