Факультет електроніки та інформаційних технологій (ЕлІТ)
Permanent URI for this communityhttps://devessuir.sumdu.edu.ua/handle/123456789/20
Browse
Search Results
Item Нечітка ієрархічна оцінка якості комплексних систем захисту інформації(Національний аерокосмічний університет "Харківський авіаційний інститут", 2020) Шелехов, Ігор Володимирович; Шелехов, Игорь Владимирович; Shelekhov, Ihor Volodymyrovych; Барченко, Наталія Леонідівна; Барченко, Наталья Леонидовна; Barchenko, Nataliia Leonidivna; Кальченко, Вадим Володимирович; Кальченко, Вадим Владимирович; Kalchenko, Vadym Volodymyrovych; Ободяк, Віктор Корнелійович; Ободяк, Виктор Корнелиевич; Obodiak, Viktor KorneliiovychChanges in the legislation of Ukraine lead to a gradual transition to international standards in the field of ensuring the protection of information in information and communication systems of government authorities. However, the latest regulatory framework is based on the regulatory documents of the past. In this regard, it became necessary to develop new approaches to assessing the security of information and communication systems. One of the options for solving this problem is the use of penetration testing methods. During this procedure, the parameters of the complex protection tools are tested using publicly available tools used by cybercriminals. After completing this procedure, three options for the results are possible, which are described by fuzzy terms: the system meets the requirements of regulatory documents, the system does not comply with the requirements of regulatory documents, the system partially meets the requirements of regulatory documents and needs to be improved. As a result, the problem arises of developing a model that allows obtaining an integral indicator of security based on a fuzzy knowledge base. The article analyzes international documents in the field of cybersecurity and normative documentation of the system of technical protection of information in Ukraine. As the criteria for evaluating the system, the criteria of security against unauthorized access were selected, which in turn are defined in the existing national regulatory documents. A model of a fuzzy hierarchical system for assessing the security profile has been developed, which sets a set of assessment criteria and the sequence of their use. The proposed hierarchical model makes it possible to present the assessment process in an explicit form and implement the process of checking the criteria, indicating the degree of confidence of the expert in the relevance of the assessment criteria. The system was implemented in the Fuzzy Logic Toolbox environment of the Matlab application package. Computer experiments have shown the possibility of applying the developed model in practice.