Open AccessНЕЧІТКА ІЄРАРХІЧНА ОЦІНКА ЯКОСТІ КОМПЛЕКСНИХ СИСТЕМ ЗАХИСТУ ІНФОРМАЦІЇ
Author(s) -
Ігор Володимирович Шелехов,
Наталія Леонідівна Барченко,
Вадим Володимирович Кальченко,
Віктор Корнелійович Ободяк
Publication year - 2020
Publication title -
radìoelektronnì ì komp'ûternì sistemi
Language(s) - English
Resource type - Journals
eISSN - 2663-2012
pISSN - 1814-4225
DOI - 10.32620/reks.2020.4.10
Subject(s) - documentation , computer science , information security , technical documentation , computer security , risk analysis (engineering) , field (mathematics) , legislation , normative , mandatory access control , government (linguistics) , fuzzy logic , set (abstract data type) , information system , process management , access control , business , role based access control , engineering , philosophy , linguistics , mathematics , epistemology , electrical engineering , artificial intelligence , political science , pure mathematics , law , programming language
Changes in the legislation of Ukraine lead to a gradual transition to international standards in the field of ensuring the protection of information in information and communication systems of government authorities. However, the latest regulatory framework is based on the regulatory documents of the past. In this regard, it became necessary to develop new approaches to assessing the security of information and communication systems. One of the options for solving this problem is the use of penetration testing methods. During this procedure, the parameters of the complex protection tools are tested using publicly available tools used by cybercriminals. After completing this procedure, three options for the results are possible, which are described by fuzzy terms: the system meets the requirements of regulatory documents, the system does not comply with the requirements of regulatory documents, the system partially meets the requirements of regulatory documents and needs to be improved. As a result, the problem arises of developing a model that allows obtaining an integral indicator of security based on a fuzzy knowledge base. The article analyzes international documents in the field of cybersecurity and normative documentation of the system of technical protection of information in Ukraine. As the criteria for evaluating the system, the criteria of security against unauthorized access were selected, which in turn are defined in the existing national regulatory documents. A model of a fuzzy hierarchical system for assessing the security profile has been developed, which sets a set of assessment criteria and the sequence of their use. The proposed hierarchical model makes it possible to present the assessment process in an explicit form and implement the process of checking the criteria, indicating the degree of confidence of the expert in the relevance of the assessment criteria. The system was implemented in the Fuzzy Logic Toolbox environment of the Matlab application package. Computer experiments have shown the possibility of applying the developed model in practice.