Calculation of the security level coefficient of the automated system of the internal affairs bodies based on the information security of the information security system with updates of virus and threat signatures

Objective. This paper considers protection against threats that occur more often in the period from the start of the operating system boot. Consideration of various configurations will allow an overview of a fairly wide range of situations that arise. To solve the problem, it is necessary to determine the vulnerabilities, as well as to designate the coefficients that determine the state of the automated system.

Method. Computer facilities are a set of software and hardware components (including information security tools) of data processing systems that can function independently or as part of other systems. Methods for analyzing the process of the impact of computer threats at the stage of loading the operating system are applied.

Result. A technique is proposed for calculating the security factor of automated systems in a secure design, depending on the availability of the necessary security policies and the timely updating of virus and threat signature databases. The vulnerabilities in the process of starting the operating system are summarized, conclusions are drawn on the calculation of the security level coefficient of the automated ATS system based on the information security of the information security system with updates of virus and threat signatures.

Conclusion. The developed methodology makes it possible to assess the security of automated systems, taking into account the situation of information security in the field. 

1. On the approval of the Manual on the technical operation of communications and automation of the territorial bodies of the Ministry of Internal Affairs of the Russian Federation: order of the Ministry of Internal Affairs of Russia dated November 30, 2016;772. Information and legal portal of the ConsultantPlus system. – Access mode: http://base.consultant.ru (date of access: 15.02.2022). (In Russ)

2. On approval of the composition and content of organizational and technical measures to ensure the security of personal data during their processing in personal data information systems: order of the FSTEC of Russia dated February 18, 2013; 21. Information and legal portal of the ConsultantPlus system. – Access mode: http://base.consultant.ru (date of access: 02/27/2022). (In Russ)

3. On approval of the Requirements for the protection of information that is not a state secret contained in state information systems: order of the FSTEC of Russia dated February 11, 2013; 17. Information and legal portal of the ConsultantPlus system. – Access mode: http://base.consultant.ru (date of access: 02/15/2022). (In Russ)

4. Methodology for assessing threats to information security: Methodological document of the FSTEC of Russia dated 02/05/2021 // Information and legal portal of the ConsultantPlus system. – Access mode: http://base.consultant.ru (date of access: 10/27/2022).FSTEC of the Russian Federation. Guidance document. Protection against unauthorized access to information. Terms and definitions. (In Russ)

5. Data bank of information security threats: [Electronic resource]. FSTEC of Russia. URL: https://bdu.fstec.ru/. (Date of access: 27.10.2022). (In Russ)

6. FSTEC RF. Management document. Protection against unauthorized access to information. Terms and Definitions.

7. GOST R 50922-2006. Information protection. Basic terms and definition // Moscow: Federal Agency for Technical Regulation and Metrology. 2006.12 K. (In Russ)

8. GOST R 56546-2015. Information protection. Communications of information systems. Classification of information systems. 2016; 8. (In Russ)

9. FSTEC of the Russian Federation. Guidance document. Automated systems. Protection against unauthorized access to information. Classification of automated systems and information security requirements. (In Russ)

10. GOST R 15408-2013. Methods and means of ensuring security. Criteria for assessing the security of information technologies / / Moscow: Standartinform. 2014;152. (In Russ)

11. GOST R 53114-2008. Information protection. Ensuring information security in the organization. Basic terms and definitions. 2008; 22. (In Russ)

12. Guidance document. Information technology security. The concept of assessing the compliance of automated systems with information security requirements: approved by FSTEC of Russia 2004. (In Russ)

13. The guiding document of the State Technical Commission. Information technology security. Criteria for assessing the security of information technologies: approved. By Order of the State Technical Commission No. 187 dated 06/19/2002. (In Russ)

14. Methodology for determining the risk of information security in information systems: approved by FSTEC of Russia 2015. (In Russ)

15. Kotsynyak M. A., Kuleshov I. A., Kudryavtsev A.M., Lauta O. S. Cyberstability of ITCS. St. Petersburg, 2015. (In Russ)