Expert and fuzzy systems application for information security risks assessment of information and telecommunication systems

Authors

  • S. M. Kushch National Technical University of Ukraine, Kyiv Politechnic Institute, Kiev
  • V. O. Shutovskyi National Technical University of Ukraine, Kyiv Politechnic Institute, Kiev

DOI:

https://doi.org/10.20535/RADAP.2012.50.114-120

Keywords:

information security, risks assessment, expert systems, fuzzy logic

Abstract

The risks assessment is one of the main stages during the development and maintenance processes of the secure information and telecommunication systems (ITS). The expert and fuzzy systems application for information security risks assessment of information-telecommunication systems is considered in this paper. The risks assessment is held for the sample ITS using CRAMM and MSAT expert systems and fuzzy expert system. The results are compared. Recommendations are given for expert and fuzzy systems application during information security risks assessment.

Author Biographies

S. M. Kushch, National Technical University of Ukraine, Kyiv Politechnic Institute, Kiev

Кущ С.М.

V. O. Shutovskyi, National Technical University of Ukraine, Kyiv Politechnic Institute, Kiev

Шутовський В.О.

References

Архипов О.Є. Оцінювання ризиків інформаційної безпеки: міжнародні стандарти та українське законодавство / Архипов О.Є., Кущ С.М., Шутовський В.О. // Інформаційні технології та комп’ютерна інженерія, №3, 2011. – С. 60–68.

Wayne Jansen. Directions in Security Metrics Research , NISTIR 7564, April 2009 [Електронний ресурс] // NIST.gov - Computer Security Division - Computer Security Resource Center [сайт] / Wayne Jansen ; Computer Security Division , Information Technology Laboratory , National Institute of Standards and Technology – Режим доступу: http://csrc.nist.gov/publications/nistir/ir7564/nistir-7564_metrics-research.pdf (16.04.2012). – Назва з екрану.

Ручкин В.Н. Универсальный искусственный интеллект и экспертные системы / В.Н. Ручкин, В.А. Фулин. – С-П.: «БХВ-Петербург», 2009. – 240 с.

Питер Джексон. Введение в экспертные системы / Питер Джексон. – М.: «Вильямс», 2001. – 624 c.

Information technology – Security techniques – Information security management systems – Requirements: ISO/IEC 27001:2005. – [Чинний від 15-10-2005]. – Женева: [б.в.], 2005. – 42 с. – (Міжнародні стандарти ISO/IEC).

CRAMM User Guide. Issue 5.1 July 2005 / [інструкція / б.а.] – [б.в.], 2005. – 459 c.

Microsoft Security Assessment Tool [Електронний ресурс] // Microsoft Corporation [сайт] – Режим доступу: http://www.microsoft.com/download/en/details.aspx?id=12273#overview (16.04.2012). – Назва з екрану.

Корченко А.Г. Построение систем защиты информации на нечетких множествах / Корченко А.Г. – К.:«МК-Пресс», 2006. – 316 с.

Gary Stoneburner. Risk Management Guide for Information Technology Systems. Recommendations of the National Institute of Standards and Technology: NIST SP 800-30 [Електронний ресурс] // NIST.gov - Computer Security Division - Computer Security Resource Center [сайт] / Gary Stoneburner, Alice Goguen, and Alexis Feringa; Computer Security Division, Information Technology Laboratory, National Institute of Standards and Technology – Режим доступу: http://csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdf (16.04.2012). – Назва з екрану.

Шутовський В.О. Розробка адаптативного алгоритму кількісної оцінки ризиків з використанням методів нечіткої логіки / Шутовський В.О. // VІ Всеукраїнська науково-практична конференція студентів, аспірантів та молодих вчених «Теоретичні і прикладні проблеми фізики, математики та інформатики». Збірка тез доповідей. Частина 2. – К.: 2008. – С. 71 – 72.

Downloads

How to Cite

Кущ, С. and Шутовський, В. (2012) “Expert and fuzzy systems application for information security risks assessment of information and telecommunication systems”, Visnyk NTUU KPI Seriia - Radiotekhnika Radioaparatobuduvannia, 0(50), pp. 114-120. doi: 10.20535/RADAP.2012.50.114-120.

Issue

No. 50 (2012)

Section

Information Security

License

Authors who publish with this journal agree to the following terms:

  1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
  2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
  3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).