Safety of critical infrastructure objects from the positions of risk effectiveness reduction

Authors

  • Yu.S. Tarasenko
  • V.Iu. Klym

DOI:

https://doi.org/10.34185/1562-9945-4-141-2022-13

Keywords:

protection and security systems, security risk assessment systems

Abstract

In the Ukrainian standards of general risk assessment, according to analogues within ISO, safety aspects are mainly informative. Therefore, both the quality of risk as-sessment and the reduction of its negative consequences (risk effectiveness) depend on the proper use of methods and techniques. that is why in order to prevent unauthorized physical and information access, ie any damage and interference with loss of confiden-tiality, integrity, accessibility, observation, authenticity and reliability of both official information of the organization and the integrity of the production system of the organi-zation with their facilityes of obtaining, processing and storing information, it is neces-sary to make the correct choice of risk assessment method and further ensure the proper implementation of protection in accordance with the reduction of risk effectiveness. The purpose of the work is to substantiate and analyze the proposed structural and linguistic scheme of the methodology of construction of the System of protection and safety of critical infrastructure objects (CIO) from the standpoint of risk effectiveness. From the point of view of reduction of hypothetical negative consequences from risks for regular of CIO the conditions for potential risk criteria are given and the Sys-tem of risk assessment of the security of the set of critical infrastructure objects (SCIO) is considered with access to it, which includes subsystems of: the Ukrainian standards of general risk assessment, declared methods of general risk assessment; assessment of se-curity losses according to confidentiality, integrity, accessibility, observation, authen-ticity, reliability and stability of protection boundaries; filtering of these risks and sup-porting decision-making on access control to SCIO. The advisability of the increased obligations concerning reliability and safety of measuring instruments is proved in order to strict requirements for cybersecurity risk assessment in terms of realization the prin-ciple of uncertainty while ensuring the metrological reliability of measurements.

References

Tarasenko Yu.S. Metodolohyia pobudovy poznavatelnoi modely bezopasnosty krytycheskoi ynfrastrukturы. The methodology of building the cognitive model of critical infrastructure’s security/Yu.S.Tarasenko, V.Iu. Klym//Materials of International scientific symposium: “Prospektive globale wissenschaftliche Trends '2022/Prospective global scientific trends' 2022”,Karlsruhe, Germany, May,2022.10 s.

DSTU ISO Guide 73:2013. Keruvannia ryzykom. Slovnyk terminiv (ISO Guide 73:2009, IDT). [Chynnyi vid 2014–07–01]. Vyd. ofits. Kyiv : Minekonomrozvytku Ukrainy, 2014. 17 s.

DSTU ISO 9000:2015 (ISO 9000:2015,IDT) Systemy upravlinnia yakistiu. Osnovni polozhennia ta slovnyk terminiv. Kyiv DP «UkrNDNTs», 2016. 51 s.

DSTU IEC/ISO 31010:2013 Keruvannia ryzykom. Metody zahalnoho otsiniuvannia ryzyku (IEC/ISO 31010:2009, IDT). [Chynnyi vid 2014–07–01]. Vyd. ofits. Kyiv : Minekonomrozvytku Ukrainy, 2015. 80 s.

DSTU ISO 31000:2018 Menedzhment ryzykiv. Pryntsypy ta nastanovy (ISO 31000:2018 Risk Management – Principles and guidelines on implementation, IDT). [Chynnyi vid 2019–01–01]. [Electronic resource] – Access mode: https://www.iso.org/obp/ui/#iso:std:iso:31000:ed– 2:v1:en

DSTU ISO/TR 31004:2013 Upravlinnia ryzykamy – Kerivnytstvo z vprovadzhennia ISO 31000 (Risk management – Guidance for the implementation of ISO 31000, IDT). [Chynnyi vid 2019–01–01]. [Electronic resource] – Access mode: https://www.iso.org/ standard/56610.html?browse=tc

DSTU ISO/IEC 27000:2019 (ISO/IEC 27000:2018, IDT) Informatsiini tekhnolohii. Metody zakhystu. Systemy keruvannia informatsiinoiu bezpekoiu. Ohliad i slovnyk terminiv. Kyiv DP «UkrNDNTs». Nakaz vid 16.10.2019 № 312.

ISO/IEC 27001:2013 Informatsyonnye tekhnolohyy — Metody obespechenyia bezopasnosty — Systemы menedzhmenta ynformatsyonnoi bezopasnosty — Trebovanyia /Information technology — Security techniques — Information security management systems —Requirements/ Vtoraia redaktsiia. 2013.10.01.

Zakon Ukrainy Pro krytychnu infrastrukturu № 1882 - IX vid 16.11.2021r. // Holos Ukrainy. № 236 (14.12.2021).

ISO/IEC Guide 98– 1:2009, Uncertainty of measurement – Part 1: Introduction to the expression of uncertainty in measurement, IDT. M. Standartynform. 2017.

Tarasenko Yu.S. Informatsiini systemy z pozytsii zabezpechennia nadiinosti ta nevyznachenosti vymiriuvan /Yu.S.Tarasenko, V.H. Soliannikov // Zbirnyk materialiv mizhnarodnoi naukovo-praktychnoi internet-konferentsii «Innovatsiini tekhnolohii, modeli upravlinnia kiberbezpekoiu – «ITMK– 2021», Dnipro, 2021. S.29 – 30.

Vorona V.A. Systemy kontrolia y upravlenyia dostupom / V.A.Vorona, V.A.Tykhonov. M.: Horiachaia lynyia – Telekom, 2010. 272 s.

Vostretsova E. V. Osnovy informatsyonnoi bezopasnosty: uchebnoe posobye dlia studentov vuzov /E. V. Vostretsova. Ekaterynburh: yzd- vo Ural. un- ta, 2019. 204 s.

Tarasenko Yu.S. Fizychni osnovy radiolokatsii: navch. posib. / Yu.S.Tarasenko . D.: «Porohy», 2011. 487s.

Published

2022-03-28