Abstract
This article proposes an information security management system (ISMS) model for automated data processing systems of critical applications (ADPS-CAs). The model allows users to carry out an assessment of the risk level for information security (IS) purposes and provides support for decision-making related to countering unauthorized access to the information circulating in an ADPS-CA. Further, this article analyzes the effect of a control parameter on the probability of launching an information integrity monitoring service (IMS) during a procedure that launches a typical ADPS-CA and its IS subsystem. The results present system quality indicators for protecting information from unauthorized access. The simulation was performed in relation to automated workstations as part of the ADPS-CA of a large enterprise.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Sommestad, T., Karlzén, H., Hallberg, J.: A meta-analysis of studies on protection motivation theory and information security behaviour. IJISP 9, 26–46 (2015)
Woon, C.: Principles of secure information systems design. Comput. Secur. 91, 13–24 (2010)
Valenzuela, J., Wang, J., Bissinger, N.: Real-time intrusion detection in power system operations. IEEE Trans. Power Syst. 28, 1052–1062 (2013). https://doi.org/10.1109/TPWRS.2012.2224144
Al-Jarrah, O., Arafat, A.: Network intrusion detection system using attack behavior classification. In: Information and Communication Systems (ICICS) 5th International Conference, pp. 1–6 (2014). https://doi.org/10.1109/iacs.2014.6841978
Lakhno, V.: Creation of the adaptive cyber threat detection system on the basis of fuzzy feature clustering. East.-Eur. J. Enterp. Technol. 2, 18–25 (2016). https://doi.org/10.15587/1729-4061.2016.66015
Ericsson, G.N.: Cyber security and power system communication-essential parts of a smart grid infrastructure. IEEE Trans. Power Deliv. 25, 1501–1507 (2010). https://doi.org/10.1109/TPWRD.2010.2046654
Li-Yun, C., Zne–Jung, L.: Applying fuzzy expert system to information security risk assessment – a case study on an attendance system. In: 2013 International Conference on Fuzzy Theory and its Applications (iFUZZY), pp. 346–351 (2013). https://doi.org/10.1109/ifuzzy.2013.6825462
Linda, O., Manic, M., Vollmer, T., Wright, J.: Fuzzy logic based anomaly detection for embedded network security cyber sensor. In: IEEE Symposium on Computational Intelligence in Cyber Security (CICS), pp. 202–209 (2011). https://doi.org/10.1109/cicybs.2011.5949392
Atymtayeva, L., Kozhakhmet, K., Bortsova, G.: Building a knowledge base for expert system in information security. In: Cho, Y., Matson, E. (eds.) Soft Computing in Artificial Intelligence, vol. 270, pp. 57–76. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-05515-2_7
Kanatov, M., Atymtayeva, L., Yagaliyeva, B.: Expert systems for information security management and audit. Implementation phase issues. In: 15th International Symposium on Soft Computing and Intelligent Systems (SCIS) Joint 7th International Conference on and Advanced Intelligent Systems (ISIS), pp. 896–900 (2014). https://doi.org/10.1109/scis-isis.2014.7044702
Lakhno, V., Kazmirchuk, S., Kovalenko, Y., Myrutenko, L., Zhmurko, T.: Design of adaptive system of detection of cyber-attacks, based on the model of logical procedures and the coverage matrices of features. East.-Eur. J. Enterp. Technol. 3(9), 30–38 (2016). https://doi.org/10.15587/1729-4061.2016.71769
Ben-Asher, N., Gonzalez, C.: Effects of cyber security knowledge on attack detection. Comput. Hum. Behav. 48, 51–61 (2015). https://doi.org/10.1016/j.chb.2015.01.039
Goztepe, K.: Designing fuzzy rule based expert system for cyber security. IJISS 1, 13–19 (2012)
Gamal, M.M., Hasan, B., Hegazy, A.F.: A security analysis framework powered by an expert system. IJCSS 4, 505–527 (2011)
Thai, M.T., Xuan, Y., Shin, I., Znati T.: On detection of malicious users using group testing techniques. In: 28th International Conference on Distributed Computing Systems (ICDCS), pp. 206–213 (2008). https://doi.org/10.1109/icdcs.2008.75
Wood, C.C., Banks, W.W., Guarro, S.B., Garcia, A.A., Hampel, V.E., Sartorio, H.P.: Computer Security: A Comprehensive Controls Checklist. Wiley, New York (1987)
Lakhno, V.A., Petrov, O.S., Hrabariev, A.V., Ivanchenko, Y.V., Beketova, G.S.: Improving of information transport security under the conditions of destructive influence on the information-communication system. J. Theor. Appl. Inf. 89, 352–361 (2016)
Al Hadidi, M.M., Ibrahim, Y.K., Lakhno, V., Korchenko, A., Tereshchuk, A., Pereverzev, A.: Intelligent systems for monitoring and recognition of cyber attacks on information and communication systems of transport. IRECOS 11, 1167–1177 (2016)
Lakhno, V., Petrov, A., Petrov, A.: Development of a support system for managing the cyber security of information and communication environment of transport. In: International Conference on Information Systems Architecture and Technology, pp. 113–127 (2017)
Akhmetov, B., Lakhno, V., Boiko, Y., Mishchenko, A.: Designing a decision support system for the weakly formalized problems in the provision of cyber security. East.-Eur. J. Enterp. Technol. 1, 4–15 (2017)
Savola, R.M.: Towards a taxonomy for information security metrics. In: Proceedings of the 2007 ACM Workshop on Quality of Protection, pp. 28–30 (2007)
Rostami, M., Koushanfar, F., Karri, R.: A primer on hardware security: models, methods, and metrics. Proc. IEEE 2014(102), 1283–1295 (2014)
Takahashi, T., Kadobayashi, Y., Fujiwara, H.: Ontological approach toward cyber security in cloud computing. In: Proceedings of the 3rd International Conference on Security of Information and Networks, pp. 100–109 (2010)
Ben-Asher, N., Gonzalez, C.: Effects of cyber security knowledge on attack detection. Comput. Hum. Behav. 48, 51–61 (2015)
Zhekambayeva, M., Al Hadidi, M., Al-Azzeh, J.S., Akhmetov, B., Korchenko, O., Kazmirchuk, S.: Methods of risk assessment for information security management. IRECOS 11, 81–91 (2016)
Lakhno, V., Malyukov, V., Parkhuts, L., Buriachok, V., Satzhanov, B., Tabylov, A.: Funding model for port information system cyber security facilities with incomplete hacker information available. J. Theor. Appl. Inf. 96, 4215–4225 (2018)
Petrov, O., Borowik, B., Karpinskyy, M., Korchenko, O., Lakhno, V.: Immune and Defensive Corporate Systems with Intellectual Identification of Threats. Śląska Oficyna Drukarska, Pszczyna (2016)
Akhmetov, B., Lakhno, V.: System of decision support in weakly formalized problems of transport cyber security ensuring. J. Theor. Appl. Inf. 96, 2184–2196 (2018)
Lakhno, V., Zaitsev, S., Tkach, Y., Petrenko, T.: Adaptive expert systems development for cyber attacks recognition in information educational systems on the basis of signs’ clustering. In: International Conference on Theory and Applications of Fuzzy Systems and Soft Computing, Advances in Intelligent Systems and Computing, vol. 754, pp. 673–682 (2018). https://doi.org/10.1007/978-3-319-91008-6_66
Rees, L.P., Deane, J.K., Rakes, T.R., Baker, W.H.: Decision support for cyber security risk planning. Decis. Support Syst. 51, 493–505 (2011). https://doi.org/10.1016/j.dss.2011.02.013
Medhat, K., Ramadan, R.A., Talkhan, I.: Security in mission critical communication systems. In: Multimedia Services and Applications in Mission Critical Communication Systems, vol. 270 (2017). https://doi.org/10.4018/978-1-5225-2113-6.ch012
Nugraha, Y., Brown, I., Sastrosubroto, A.S.: An adaptive wideband delphi method to study state cyber-defence requirements. IEEE Trans. Emerg. Top. Comput. 4, 47–59 (2016). https://doi.org/10.1109/TETC.2015.2389661
Beketova, G.S., Akhmetov, B.S., Korchenko, A.G., Lakhno, A.V.: Optimization backup model for critical important information systems. Bull. Nat. Acad. Sci. Repub. Kaz. 5, 37–44 (2017)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Alhussain, T., AlZubi, A.A., AlFarraj, O., Alkhalaf, S., Alkhalaf, M.S. (2020). Development of an Information Security Management Model for Enterprise Automated Systems. In: Barolli, L., Amato, F., Moscato, F., Enokido, T., Takizawa, M. (eds) Advanced Information Networking and Applications. AINA 2020. Advances in Intelligent Systems and Computing, vol 1151. Springer, Cham. https://doi.org/10.1007/978-3-030-44041-1_108
Download citation
DOI: https://doi.org/10.1007/978-3-030-44041-1_108
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-44040-4
Online ISBN: 978-3-030-44041-1
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)