Preview

Herald of Dagestan State Technical University. Technical Sciences

Advanced search

Optimization of the structure of the information system of personal data of critical information infrastructure objects based on risk theory

https://doi.org/10.21822/2073-6185-2025-52-4-49-62

Abstract

Objective. The purpose of the study is to reduce the actual risks of information security of important assets based on the analysis and systematization of significant deficiencies identified as a result of the ISPDn information security audit in twenty CII organizations.

Method. Generalization and analysis of the results of the control and supervisory activities of ISPs of CII facilities, identification of the most dangerous threats based on risk theory.

Result. Dangerous threats to the information security of CII facilities have been identified, and solutions have been proposed to enhance the security of ISPs by changing the topology, increasing the security of the server with PD through network segmentation, multi-level traffic filtering and integrated monitoring. The effectiveness of the proposed measures has been calculated.

Conclusion. Dangerous typical threats to the information security of CII facilities have been identified, and solutions have been proposed to enhance security in personal data information systems.

About the Authors

E. V. Birikh
M.A. Bonch-Bruevich Saint Petersburg State University of Telecommunications
Russian Federation

Ernest V. Birikh - Senior Lecturer, Department of Secure Communication Systems.

22 Bolshevikov Ave., build. 1, St Petersburg 193232



I. I. Fadeev
M.A. Bonch-Bruevich Saint Petersburg State University of Telecommunications
Russian Federation

Ilya I. Fadeev - Assistant, Department of Secure Communication Systems.

22 Bolshevikov Ave., build. 1, St Petersburg 193232



E. N. Nikolaev
M.A. Bonch-Bruevich Saint Petersburg State University of Telecommunications
Russian Federation

Efim  N.      Nikolaev - Student,         Department  of          Information Security       of       Computer    Networks.

22 Bolshevikov Ave., build. 1, St Petersburg 193232



D. V. Sakharov
M.A. Bonch-Bruevich Saint Petersburg State University of Telecommunications
Russian Federation

Dmitrii V. Sakharov - Cand. Sci. (Eng.), Assoc. Prof., Assoc. Prof. of the Department of Secure Communication Systems.

22 Bolshevikov Ave., build. 1, St Petersburg 193232



P. A. Luzhnikov
M.A. Bonch-Bruevich Saint Petersburg State University of Telecommunications
Russian Federation

Pavel A. Luzhnikov - Cand. Sci. (Eng.), Assoc. Prof., Assoc. Prof. of the Department of Secure Communication Systems.

22 Bolshevikov Ave., build. 1, St Petersburg 193232



References

1. Minyaev A.A., Krasov A.V., Sakharov D.V. A method for evaluating the effectiveness of the information protection system of geographically distributed personal data information systems. Bulletin of the St. Petersburg State University of Technology and Design. Series 1: Natural and Technical Sciences. 2020; 1: 29-33. (08/15/2024) (In Russ).

2. Krasov A.V., Lancere N.N., Fadeev I.I., Gelfand A.M., Lesnevsky M.V. Typical ophthalmological information systems that are objects of critical information infrastructure. Ophthalmosurgery. 2022; S4: 85-91. (08/15/2024). (In Russ).

3. Minyaev A.A. Modeling of information security threats in geographically distributed information systems. High-tech technologies in space exploration of the Earth. 2021; 13(2):52-65. (In Russ).

4. Lipatnikov V., Tikhonov V., Shevchenko A., Saharov D., Polyanicheva A. Security management in large-scale heterogeneous network systems based on intelligent information security services. In the collection: ACM International Conference Proceeding Series. 5, The Premier Conference on Smart Next Generation Networking Technologies. Cer. "ICFNDS 2021 5th International Conference on Future Networks and Distributed Systems: The Premier Conference on Smart Next Generation Networking Technologies" 2021: 562-567. (08/19/2024).

5. Korshunov G.A., Lipatnikov V.A., Shevchenko A.A. Decision support systems for information protection in the management of the information network. In the collection: Fuzzy Technologies in the Industry FTI 2018. Proceedings of the II International Scientific and Practical Conference. Ser. "CEUR Workshop Proceedings" 2018: 418-426.

6. Kovtsur M.M., Sakharov D.V., Birikh E.V., Drepa V.E. Method of detecting wlan access points of an intruder in a distributed ISPDn. Telecommunication. 2024;12-2: 60-69 (08/22/2024). (In Russ).

7. Sakharov D.V., Shterenberg S.I., Levin M.V., Kolesnikova Yu.A. Development of a data transmission network fault tolerance model. News of higher educational institutions. Technology of light industry. 2016; 34(4):14-20. (08/25/2024). (In Russ).

8. Sinelshchikov V. S., Tsvetkov A. Yu. Protection of personal data at the enterprise. Actual problems of infotelec communications in science and education (APINO 2021). 2021:653-657 (08/26/2024). (In Russ).

9. Birikh E.V. Development of a software module for automating the determination of the security level in ISPs / Bulova M.D., Kazantsev A.A., Minyaev A.A. // In the collection: Actual problems of infotelec communications in science and education (APINO 2024). Proceedings of the XIII International Scientific, Technical, Scientific and Methodological Conference. Saint Petersburg, 2024:122-127 (08/27/2024). (In Russ).

10. Lavrova D.S., Popova E.A., Shtyrkina A.A., Shterenberg S.I. Prevention of Dos attacks by predicting the values of correlation parameters of network traffic. Information security issues. Computer systems. 2018;3:70-77. (In Russ).

11. Kovtsur M., Minyaev A., Khramtsov D., Abramenko G. Investigation of attacks and methods of protection of wireless networks during authorization using the ieee 802.1x protocol.In the collection: ACM International Conference Proceeding Series. 5, The Premier Conference on Smart Next Generation Networking Technologies. Cer. "ICFNDS 2021 5th International Conference on Future Networks and Distributed Systems: The Premier Conference on Smart Next Generation Networking Technologies" 2021:555-561. (094/2024).

12. Minyaev A.A., Krasov A.V., Saharov D.V. The method and methodology of efficiency assessment of protection system of distributed information systems. In the collection: 12th International Congress on Ultra Modern Telecommunications and Control Systems and Workshops, ICUMT 2020. Brno, 2020: 291-295. (09/6/2024).

13. Sakharov D.V., Kovtsur M.M., Bakhtin D.V. A model of protection against exploits and rootkits with subsequent analysis and assessment of incidents. High-tech technologies in space exploration of the Earth. 2019;11(5):22-31. (In Russ).

14. Federal Law "On Amendments to the Criminal Code of the Russian Federation" dated 11/30/2024 No. 421-FZ.

15. Order of the FSTEC of Russia "On Approval of the Composition and Content of Organizational and Technical Measures to Ensure the Security of Personal Data during their Processing in Personal Data Information Systems" dated 02/18/2013 No. 21. URL: https://fstec.ru/dokumenty/vse-dokumenty/prikazy/prikaz-fstek-rossii-ot-18-fevralya-2013-g-n-21 . 2013 with amendments and additions. ed. dated 11/25/2022. (09/20/2024). (In Russ).

16. Order of the FSTEC of Russia "On Approval of Requirements for Information Security in Automated Control Systems for Production and Technological Processes at Critical Facilities, Potentially Dangerous Facilities, as well as Facilities that pose an Increased Danger to Human Life and Health and to the Environment" dated 03/14/2014 No. 31. URL: https://fstec.ru/dokumenty/vse-dokumenty/prikazy/prikaz-fstek-rossii-ot-14-marta-2014-g-n-31 2014 with amendments and additions. ed. from 01/16/2023. (09/20/2024). (In Russ).

17. Risk management guide for information technology systems. Recommendations of the National Institute of Standards and Technology: NIST 800-30. – Introduction. 06.01.2002. – USA. – 2002: 56 (09/22/2024).

18. Information technology. Methods and means of ensuring security. Part 3. Methods of information technology security management: GOST R ISO/IEC TO 13335-3-2007. – Introduction. 09/01/2007. Moscow: Standartinform, 2007:76 (09/23/2024). (In Russ).

19. Andrianov V.I., Krasov A.V., Lipatnikov V.A. Innovative information security risk management. Textbook / Saint Petersburg, 2012 (09/24/2024). (In Russ).

20. Analytical report: The Cyber Threat Landscape for Russia and the CIS 2024 // Kaspersky Lab. URL: https://go.kaspersky.com/rs/802-IJN-240/images/Report_Threat_Landscape_RU.pdf (24.01.2025). (In Russ).

21. Every third cyber incident was due to ransomware, Kaspersky reports // Kaspersky Lab URL: https://securelist.com/stateof-ransomware-2023/112590 / (accessed: 10/24/2024).

22. Reports from Kaspersky Lab's Expertise Centers: Comprehensive analysis of current threats, technologies, and trends everything to enhance your cybersecurity. // Kaspersky Lab URL: https://www.kaspersky.ru/enterprise-security/resources/white-papers (01/25/2025).

23. Birikh E.V. On the issue of personal data audit / Ferapontova S.S. In the collection: Actual problems of infotelec communications in science and education (APINO 2018). VII International Scientific, Technical, Scientific and Methodological Conference. Collection of scientific articles. In 4 volumes. Edited by S.V. Bachevsky. 2018:111-114 (01/27/2025). (In Russ).

24. Korshunov G.I., Lipatnikov V.A., Omarov R.G., Varzhapetian A.G. Prevention of attacks with distributed denial of service for information networks of cyberphysical systems. In the collection: JOP Conference Series: Metrological Support of Innovative Technologies. Krasnoyarsk Science and Technology City Hall of the Russian Union of Scientific and Engineering Associations. Krasnodar, Russia, 2020. pp. 32060. (01/27/2025).

25. How outdated technologies jeopardize business security and efficiency // vc.ru — business, technology, ideas, growth models, startups URL: https://vc.ru/u/2040785-gruppa-kompanii-x-com/1417550-kak-ustarevshie-tehnologii-stavyatpod-ugrozu-bezopasnost-i-effektivnost-biznesa (10/25/2024). (In Russ).

26. Birikh E.V., Ferapontova S.S. On the issue of personal data audit. In the collection: Actual problems of infotelec communications in science and education (APINO 2018). VII International Scientific, Technical, Scientific and Methodological Conference. Collection of scientific articles. In 4 volumes. Edited by S.V. Bachevsky. 2018:111-114. (In Russ).

27. Yurkin D.V., Livshitz I.I., Minyaev A.A. Formation of the instantaneous information security audit concept. Communications in Computer and Information Science. 2016. Vol. 678. pp. 314-324. Kashevnik A., Ponomarev A., Krasov A. Human-computer threats classification in intelligent transportation systems. Conference of Open Innovations Association, FRUCT. 2020; 26:151-157. (01/27/2025).

28. Doynikova E.V., Fedorchenko A.V., Novikova E.S., Ushakov I.A., Krasov A.V. Security decision support in the control systems based on graph models. In the collection: Proceedings of the 2021 IV International Conference on Control in Technical Systems (CTS). IEEE, 2021: 224-227. (01/28/2025).

29. Balueva A., Desnitsky V., Ushakov I. Approach to detection of denial-of-sleep attacks in wireless sensor networks on the base of machine learning. Studies in Computational Intelligence. 2020; 868: 350-355. (2.02.2025).

30. Vitkova L., Saenko I., Tushkanova O. An approach to creating an intelligent system for detecting and countering inappropriate information on the internet. Studies in Computational Intelligence. 2020; 868: 244-254. (02/14/2025).

31. Krasov A., Vitkova L., Pestov I. Behavioral analysis of resource allocation systems in cloud infrastructure. In the collection: Proceedings 2019 International Russian Automation Conference, RusAutoCon 2019. 2019:.8867699.

32. Kotenko I., Vitkova L., Saenko I., Tushkanova O., Branitskiy A. The intelligent system for detection and counteraction of malicious and inappropriate information on the internet. AI Communications. 2020; 33(1):13-25.

33. Zhernova K., Chechulin A. Overview of vulnerabilities of decision support interfaces based on virtual and augmented reality technologies. Lecture Notes in Networks and Systems. 2022; 330 LNNS:400-409 (02/7/2025).

34. Buinevich M., Izrailov K., Kotenko I., Ushakov I., Vlasov D. Approach to combining different methods for detecting insiders. In the collection: ACM International Conference Proceeding Series. 4. Proceedings of the 4th International Conference on Future Networks and Distributed Systems, ICFNDS 2020, 2020: 3442619. (02/7/2025).

35. Birich E.V., Paskenova A.U. Complex protection of the informatization object // In the collection: Information Society Technologies. Proceedings of the XIX International Industrial Scientific and Technical Conference. Moscow, 2025. pp. 136-138 (02/08/2025). (In Russ).

36. IPS/IDS intrusion detection and prevention systems. Selectel rental of IT infrastructure for business URL: https://selectel.ru/blog/ips-and-ids / (10/25/2024). (In Russ).

37. Network segmentation in the effective cybersecurity paradigm. Effective cybersecurity URL: https://rezbez.ru/article/segmentacziya-seti-v-paradigme-rezultativnoj-kiberbezopasnosti (date of reference: 01/25/2024).

38. Lipatnikov V.A., Sakharov D.V. Kuznetsov I.A. Security management of a distributed IVS based on the prediction of infection with a computer virus. Telecommunications. 2017;1:53-59. (02/9/2025). (In Russ).

39. Medvedeva I.M., Birikh E.V. Methods of protection against leaks of confidential information and personal data. Actual problems of socio-humanitarian and scientific-technical knowledge. 2025;1 (41): 5-8. (In Russ).

40. Birikh E.V., Bulova M.D., Kazantsev A.A., Minyaev A.A. Development of a software module for automating the determination of the security level in ISPS // In the collection: Current problems of infotelec communications in science and education (APINO 2024). Proceedings of the XIII International Scientific, Technical, Scientific and Methodological Conference. Saint Petersburg, 2024. pp. 122-127 (02/14/2025). (In Russ).

41. Makhmutova N.F., Birikh E.V., Sakharov D.V., Krivets A.S., Degtyarev M.A. Investigation of ways to improve the security of corporate networks. Herald of Daghestan State Technical University. Technical Sciences. 2024;51(3):110-116. https://doi.org/10.21822/2073-6185-2024-51-3-110-116 (02/17/2025). (In Russ).

42. Kovtsur M.M., Sakharov D.V., Birikh E.V., Drepa V.E. A method for detecting an intruder's wlan access points in a distributed ISPDN. Telecommunications. 2024;12-2: 60-69 (02/18/2025). (In Russ).

43. Sakharov D.V., Krasov A.V., Ushakov I.A., Orlov G.A. A secure model of a software-defined network in a KVM virtualization environment. Telecommunications. 2020; 3:26-32 (02/23/2025). (In Russ).

44. Andrianov V.I., Bukharin V.V., Kiryanov A.V., Lipatnikov V.A., Sanin I.Yu., Sakharov D.V., Starodubtsev Yu.I. A method for protecting information and computing networks from computer attacks. Patent for invention RU 2472211 C1, 10.01.2013. Application No. 2011147613/08 dated 11/23/2011 (02/24/2025). (In Russ).


Review

For citations:


Birikh E.V., Fadeev I.I., Nikolaev E.N., Sakharov D.V., Luzhnikov P.A. Optimization of the structure of the information system of personal data of critical information infrastructure objects based on risk theory. Herald of Dagestan State Technical University. Technical Sciences. 2025;52(4):49-62. (In Russ.) https://doi.org/10.21822/2073-6185-2025-52-4-49-62

Views: 321

JATS XML


Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.


ISSN 2073-6185 (Print)
ISSN 2542-095X (Online)