| Author(s) | Collection number | Pages | Download abstract | Download full text |
|---|---|---|---|---|
| Lysa N. K., Хиляк Н. A., Sikora L. S., Лисий Ю. М., Tupychak L. L. | № 2 (69) | 29-45 |
|
|
The problem of classifying information security threats in the context of the rapid development of information technologies is considered, which is accompanied by an increasing dependence of organizations on information systems and a significant growth in data volumes. The shortcomings of existing approaches to risk assessment and prevention are analyzed, as they often focus on narrow aspects of security without considering the interconnections between different types of threats and elements of the information infrastructure. A universal ontological model is proposed, which allows systematizing knowledge about information security threats and provides tools for their identification, analysis, forecasting, and prevention.
The model is based on a multi-level hierarchical structure that includes both general categories of threats and specific manifestations, in particular: the classification of threats by aspects of information security (confidentiality, integrity, availability); the probability of occurrence (likely, unlikely threats); the components of information systems targeted by threats (infrastructure, hardware, software, data); the severity of losses (critical, significant, minor); the location of threat sources (internal, external); the method of realization (accidental actions, intentional actions, natural phenomena, technogenic factors); the nature of damage caused (material, moral). Instances have been created to detail the classification through real threat scenarios. The main tool of the model is an ontological graph that represents the hierarchy and interconnections between classes and instances.
The proposed approach ensures a comprehensive analysis of threats and allows identifying potential risks based on their classification characteristics. The use of the ontological graph facilitates the visualization and analytical processing of threats, enhancing decision-making efficiency in the field of information security management. The model can be integrated into software tools for threat monitoring and forecasting and adapted for practical application in corporate security systems.
Keywords: ontology, information security, threat, class, instance, graph.
doi: 10.32403/1998-6912-2024-2-69-21-28
- 1. Kudriashova, A., Pikh, I., Senkivskyy, V., Merenych, Y. (2024). Evaluation of prototyping methods for interactive virtual systems based on fuzzy preference relation. Eastern-European Journal of Enterprise Technologies, 5(4 (131), 71–81 (in English).
- 2. Kudriashova A. V., Selmenskyi R. A. (2022). Rol ontolohii v otsiniuvanni kompetentnosti ekspertiv. Metodyka opratsiuvannia ekspertnykh vysnovkiv shchodo faktoriv vplyvu na yakist pisliadrukarskoho opratsiuvannia knyzhkovykh vydan. Polihrafiia i vydavnycha sprava, 2 (84), 36–43 (in Ukrainian).
- 3. Hloba L. S., Novogrudska R. L., Zadoienko B. O. (2020). Ontolohichna model otsinky efektyvnosti funktsionuvannia naukovykh ustanov. Visnyk Kharkivskoho natsionalnoho universytetu imeni V. N. Karazina, seriia «Matematychne modeliuvannia. Informatsiini tekhnolohii. Avtomatyzovani systemy upravlinnia», 45, 21–34 (in Ukrainian).
- 4. Hladun A. Ya., Rohushyna Yu. V. (2016). Ontolohichnyi pidkhid do problem pidvyshchennia yakosti rozroblennia natsionalnykh standartiv Ukrainy. Standartyzatsiia. Sertyfikatsiia. Yakist, 2, 19–28 (in Ukrainian).
- 5. Hovorushchenko T. O., Ivanov O. V., Pavlova O. O. (2016). Metod otsiniuvannia dostatnosti informatsii dlia vyznachennia yakosti prohramnoho zabezpechennia na osnovi zvaszhenoi ontolohii. Visnyk Khmelnytskoho natsionalnoho universytetu. Tekhnichni nauky, 5, 146–155 (in Ukrainian).
- 6. Hovorushchenko T. O., Pomorova O. V. (2016). Metod otsinky dostatnosti informatsii dlia vyznachennia skladnosti ta yakosti prohramnoho zabezpechennia na osnovi porivnialnoho analizu ontolohii. Radioelektronni i kompiuterni systemy, 6, 59–68 (in Ukrainian).
- 7. Silahin O., Silahin Ye., Denysiuk V., Denysiuk A. (2023). Rozrobka ontolohichnoi modeli bazy znan «Biblioteka» na bazi seredovyshcha Protege. Informatsiini tekhnolohii ta kompiuterna inzheneriia, 3, 12–21 (in Ukrainian).
- 8. Kormych B. A. (2008). Informatsiina bezpeka: orhanizatsiino-pravovi osnovy: navch. posib. K.: Kondor, 382 (in Ukrainian).
- 9. Lipkan V. A., Maksymenko Yu. Ye., Zhelikhovskyi V. M. (2006). Informatsiina bezpeka Ukrainy v umovakh yevrointehratsii: Navchalnyi posibnyk. K.: KNT, 280 (in Ukrainian).