Methodology of information security risk analysis based on quantitative assessment of damages in information and technical systems bodies of the internal affairs

Objective. Assessment of the consequences of the occurrence of damage cases in the information and technical systems (ITS) of the internal affairs bodies (ATS) requires the use of an analysis of the risks of damage as a result of the implementation of information security threats.
Method. In order to analyze the processes occurring in the ITS, as a rule, mathematical modeling is used. For ITS, due to the high technological complexity, high costs for the acquisition, maintenance of equipment and payment of wages to employees, it is necessary to apply the procedure for analyzing the risks of ITS ITS. The security of the functioning of the ITS ITS is normative, since at the moment the method of quantitative assessment of damages is insufficiently developed. The development of this scientific application would make it possible to establish the appropriate value of the indicator of the permissible risk of the implementation of threats to information security. Analytical and mathematical modeling using the apparatus of queuing systems.
Result. A technique for analyzing the risks of information security violations based on a quantitative assessment of the damages of the ITS of ATS is given.
Conclusion. The direction of this study is relevant and requires further elaboration in order to improve the method for assessing the occurrence of damage in the ITS of the internal affairs bodies.

1. Astakhov AM Art of information risk management. Moscow: DMK Press, 2010;312 (In Russ)

2. Yazov Yu. K., Soloviev SV Organization of information protection in information systems from unauthorized access. Monograph. Voronezh: [Kvarta] Quarta, 2018; 588. (In Russ)

3. URL:https://news.mail.ru/politics/36045077.

4. Order of the FSTEC of Russia dated 11.02.2013 No. 17 "On approval of the Requirements for the protection of information that does not constitute a state secret contained in state information systems." (In Russ)

5. Decree of the Government of the Russian Federation of 01.11.2012 No. 1119 "On approval of requirements for the protection of personal data during their processing in personal data information systems." (In Russ)

6. Order of the FSTEC of Russia dated February 18, 2013 N 21 "On approval of the composition and content of organizational and technical measures to ensure the security of personal data during their processing in the personal data information system." (In Russ)

7. National standard of the Russian Federation GOST R ISO / IEC 27005-2010 "Information technology. Methods and means of ensuring security. Information security risk management" (approved by order of the Federal Agency for Technical Regulation and Metrology of November 30. 2010; 632(In Russ)

8. URL:https://news2.ru/story/520757/.

9. Golubinsky A. N. On mathematical models of damages and risks of threats in information and technical systems / A. N. Golubinsky, I. V. Alekhin // International Scientific and Practical Conference " Security, safety, communications - 2015": Collection materials. Part 3. Voronezh: Voronezh Institute of the Ministry of Internal Affairs of Russia, 2016; 109–115. (In Russ)

10. URL:https://store.softline.ru/kaspersky/kl4646raafs-4300

11. Alekhin I. V. To the question of the probability of damage as a result of an attack on an information resource of information and technical systems of internal affairs bodies of the "denial of service" type Alekhin I. V., Bokova O. I., Rogozin E. A., Korobkin D.I. [Vestnik Dagestanskogo gosudarstvennogo tekhnicheskogo universiteta. Tekhnicheskiye nauki.]Herald of the Dagestan State Technical University. Technical Science. 2018; 45( 4): 68-77. DOI:10.21822/2073-6185-2018-45-4-68-77 (In Russ)

12. Organizational and economic modeling: textbook: in 3 hours . / AI Orlov. Publishing house of MSTU im. N.E.Bauman. 2009 Part 2: Expert assessments. 2011; 486. (In Russ)

13. Goliusov A.A., Dubrovin A.S., Lavlinsky V.V., Rogozin E.A. Methodological foundations for the design of software information security systems. Voronezh: VRE, 2002; 96. (In Russ)

14. Expert assessments in an innovative environment of the optimization of the information security process in the digital educational environment Alekhin I. V., Rogozin E. A., Vorobyov E. I., Belyaev R. V. In the collection: Journal of Physics: Conference Series. Krasnoyarsk Science and Technology City Hall. Krasnoyarsk, Russian Federation, 2020; 12060. (In Russ)