MATHEMATICAL MODEL OF EMERGENCY SAFETY OPK
Keywords:
Personal data, security threats, expert analysis
Abstract
The purpose of this article is to substantiate the indicator for evaluating the effectiveness of
measures to ensure the security of personal data of the personnel body of an industrial complex
enterprise (hereinafter - the defense industry). To build a mathematical model of the probability of
a threat, the methodological apparatus for assessing current threats to information security,
formed on the basis of regulatory and methodological documents of the FSTEC of Russia, is used.
The article presents the author's interpretation of the main methodological provisions presented in
the documents under consideration in relation to the assessment of threats to the security of personal
data (hereinafter - PD) of the personnel body of the defense industry enterprise. The peculiarity
of identifying vulnerabilities of information resources of the personnel body of the defense
industry enterprise, through which it is possible to implement threats to the security of PD, is the
use of calculation methods that allow to establish the fact of the potential possibility of a threat. o
determine the vulnerabilities of the information resources of the personnel body of the defense
industry enterprise to the implementation of threats to the security of PD, an expert analysis of the
information environment of the IP is carried out. As a result, a set is formed, the elements of which
determine vulnerabilities. Thus, it is necessary to consider a mathematical model of the probabilistic
characteristics of the occurrence of a threat to the security of the PD of the personnel body of
the defense industry enterprise as a product of the probabilities of preventing unauthorized copying,
unauthorized modification and blocking access to the information resources of the IS of the
personnel body of the defense industry enterprise
References
1. Available at: https://ru.wikipedia.org/wiki/Effektivnost'_(filosofiya).
2. Zakon Rossiyskoy Federatsii «O personal'nykh dannykh» ot 27 iyulya 2006 g. № 152-FZ [The
Law of the Russian Federation "On Personal Data" dated July 27, 2006 No. 152-FZ], Ros. gaz.
[Russian Gas], 29 iyulya 2006.
3. Pokusov V.V. Otsenka effektivnosti sistemy obespecheniya IB. Ch. 1. Pokazateli i modeli
predstavleniya [Evaluation of the effectiveness of the information security system. Part 1. Indicators
and presentation models], Zashchita informatsii. Insayd [Information protection. Inside],
2019, No. 2 (86), pp. 54-60.
4. Yazov Yu.K., Avsent'ev O.S., Rubtsova I.O. K voprosu ob otsenke effektivnosti zashchity
informatsii v sistemakh elektronnogo dokumentooborota [On the issue of evaluating the effectiveness
of information protection in electronic document management systems], Voprosy
kiberbezopasnosti [Cybersecurity issues], 2019, No. 1 (29), pp. 25-34.
5. Kondakov S.E., Chudin K.S. Razrabotka issledovatel'skogo apparata otsenki effektivnosti mer
obespecheniya zashchity personal'nykh dannykh [Development of a research apparatus for
evaluating the effectiveness of measures to ensure the protection of personal data], Voprosy
kiberbezopasnosti [Issues of cybersecurity], 2021, No. 5 (45), pp. 45-51.
6. Miroshnichenko E.L., Pasechnik R.M., Bolychev M.V. Algoritm postroeniya diagrammy
dostizhimosti modeli sostoyaniya rabotosposobnosti informatsionnoy sistemy [Algorithm for
constructing a diagram of the reachability of an information system health state model],
Voprosy kiberbezopasnosti [Questions of cybersecurity], 2019, No. 6 (34), pp. 79-91.
7. Shcheglov A.Yu., Shcheglov K.A. Matematicheskie modeli i metody formal'nogo
proektirovaniya sistem zashchity informatsionnykh sistem: ucheb. posobie po distsipline
«Bezopasnost' vychislitel'nykh sistem i setey» [Mathematical models and methods of formal
design of information systems protection systems: a textbook on the discipline "Security of
computing systems and networks"]. St. Petersburg, 2015.
8. Probabilistic Modeling in System Engineering, by ed. A. Kostogryzov. London: IntechOpen,
2018, 278 p. 10.5772/ intechopen.71396. DOI: 10.5772/intechopen.71396.
9. Buldakova T.I., Mikov D.A. Obespechenie soglasovannosti i adekvatnosti otsenki fakto-rov
riska informatsionnoy bezopasnosti [Ensuring consistency and adequacy of information security
risk factors assessment], Voprosy kiberbezopasnosti [Cybersecurity Issues], 2017, No. 3
(21), pp. 8-15. DOI: 10.21681/2311-3456-2017-3-08-15.
10. Metodicheskiy dokument. Metodika opredeleniya aktual'nykh ugroz bezopasnosti
personal'nykh dannykh pri ikh obrabotke v informatsionnykh sistemakh personal'nykh
dannykh, utv. FSTEK Rossii 14.02.2008 [Methodical document. Methodology for determining
the actual threats to the security of personal data when they are processed in personal data information
systems, approved by the FSTEC of Russia on 02/14/2008].
11. Metodicheskiy dokument. Metodika otsenki ugroz bezopasnosti informatsii. Mery zashchity
informatsii v gosudarstvennykh informatsionnykh sistemakh. Metodicheskiy dokument
FSTEK Rossii. Utverzhden 11 fevralya 2014 g. ii, utv. FSTEK Rossii 05.02.2021 [Methodical
document. Methodology for assessing information security threats. Information protection
measures in state information systems. Methodological document of the FSTEC of Russia.
Approved on February 11, 2014 by the ai, approved by the FSTEC of Russia 05.02.2021].
12. Meshcheryakova T.V., Skryl' S.V., Firyulin M.E. Matematicheskie modeli informatsionnykh
protsessov v avtomatizirovannykh informatsionnykh sistemakh organov vnutrennikh del v
usloviyakh prosteyshey modeli narusheniya bezopasnosti informatsii: monografiya [Mathematical
models of information processes in automated information systems of internal affairs
bodies in the conditions of the simplest model of information security violations: monograph].
Voronezh: Voronezhskiy institut MVD Rossii, 2017, 124 p.
13. Skryl' S.V., Kondakov S.E., Chudin K.S. Obosnovanie pokazatelya dlya otsenki effektivnosti mer
obespecheniya zashchity personal'nykh dannykh v deyatel'nosti kadrovogo organa sluzhby
zashchity gosudarstvennoy tayny [Substantiation of the indicator for evaluating the effectiveness of
measures to ensure the protection of personal data in the activities of the personnel body of the state
secret protection service], Informatsionnaya bezopasnost' – aktual'naya problema sovremennosti.
Sovershenstvovanie obrazovatel'nykh tekhnologiy podgotovki spetsialistov v oblasti informatsionnoy
bezopasnosti: Mater. XXI Vserossiyskoy mezhvedomstvennoy nauchno-tekhnicheskoy konferentsii
[Information security is an urgent problem of our time. Improving educational technologies for
training specialists in the field of information security: Materials of the XXI All-Russian Interdepartmental
Scientific and Technical Conference]. Vol. 1. Krasnodar: KVVU, 2020, pp. 19-24.
14. Kazarin O.V., Kondakov S.E., Troitskiy I.I. Podkhody k kolichestvennoy otsenke
zashchishchennosti informatsionnykh resursov avtomatizirovannykh sistem [Approaches to
quantifying the security of information resources of automated systems], Voprosy
kiberbezopasnosti [Cybersecurity Issues], 2015, No. 2 (10), pp. 31-35.
15. Skryl' S.V., Gayfulin V.V., Sychev V.M., Gracheva Yu.V. [i dr.]. Aktual'nye voprosy
problematiki otsenki ugroz komp'yuternykh atak na informatsionnye resursy znachimykh
ob"ektov kriticheskoy informatsionnoy infrastruktury [Topical issues of the problem of assessing
threats of computer attacks on information resources of significant objects of critical
information infrastructure], Bezopasnost' informatsionnykh tekhnologiy [Information technology
security], 2021, No. 1, pp. 24-33.
16. Kondakov S.E., Meshcheryakova T.V., Skryl' S.V., Stadnik A.N., Suvorov A.A. Veroyatnostnoe
predstavlenie usloviy svoevremennogo reagirovaniya na ugrozy komp'yuternykh atak [Probabilistic
representation of conditions for timely response to threats of computer attacks],
Voprosy kiberbezopasnosti [Questions of cybersecurity], 2019, No. 6 (34), pp. 59-68. DOI:
10.21681/2311-3456-2019-6-59-68.
17. Maksimova E.A., Kuznetsova M.A., Topilin Ya.N., Fedonyuk N.I., Petrishcheva T.S.
Vnutrenniy kontrol' sootvetstviya obrabotki PDn trebovaniyam k ikh zashchite [Internal control
of compliance of PD processing with the requirements for their protection], Zashchita
informatsii. Insayd [Information protection. Inside], 2019, No. 6 (90), pp. 5-9.
18. Terent'eva L.V. Kriteriy «napravlennoy deyatel'nosti» primenitel'no k otnosheniyam,
svyazannym s zashchitoy personal'nykh dannykh [Criterion of "directed activity" in relation to
relations related to the protection of personal data], Pravovaya informatika [Legal Informatics],
2021, No. 1, pp. 61-69. DOI: 10.21681/1994-1404-2021-1-61-69.
19. Livshits I.I. Otsenka stepeni vliyaniya General Data Protection Regulation na bezopasnost'
predpriyatiy v Rossiyskoy Federatsii [Assessment of the impact of General Data Protection
Regulation on the security of enterprises in the Russian Federation], Voprosy
kiberbezopasnosti [Cybersecurity Issues], 2020, No. 4 (38), pp. 66-75.
20. Khasin E.V., Astrakhov A.V., Kondakov S.E. [i dr.]. Bezopasnost' operatsionnykh sistem:
ucheb. posobie dlya sistemy vysshego professional'nogo obrazovaniya [Security of operating
systems: a textbook for the system of higher professional education], ed. by S.V. Skrylya.
Moscow: Izdatel'skiy tsentr «Akademiya», 2021, 256 p.
21. Skryl' S.V., Shelupanov A.A. Osnovy sistemnogo analiza v zashchite informatsii: ucheb.
posobie dlya studentov vysshikh uchebnykh zavedeniy [Fundamentals of system analysis in
the protection of information: a textbook for students of higher educational institutions]. Moscow:
Mashinostroenie, 2008, 138 p.
2. Zakon Rossiyskoy Federatsii «O personal'nykh dannykh» ot 27 iyulya 2006 g. № 152-FZ [The
Law of the Russian Federation "On Personal Data" dated July 27, 2006 No. 152-FZ], Ros. gaz.
[Russian Gas], 29 iyulya 2006.
3. Pokusov V.V. Otsenka effektivnosti sistemy obespecheniya IB. Ch. 1. Pokazateli i modeli
predstavleniya [Evaluation of the effectiveness of the information security system. Part 1. Indicators
and presentation models], Zashchita informatsii. Insayd [Information protection. Inside],
2019, No. 2 (86), pp. 54-60.
4. Yazov Yu.K., Avsent'ev O.S., Rubtsova I.O. K voprosu ob otsenke effektivnosti zashchity
informatsii v sistemakh elektronnogo dokumentooborota [On the issue of evaluating the effectiveness
of information protection in electronic document management systems], Voprosy
kiberbezopasnosti [Cybersecurity issues], 2019, No. 1 (29), pp. 25-34.
5. Kondakov S.E., Chudin K.S. Razrabotka issledovatel'skogo apparata otsenki effektivnosti mer
obespecheniya zashchity personal'nykh dannykh [Development of a research apparatus for
evaluating the effectiveness of measures to ensure the protection of personal data], Voprosy
kiberbezopasnosti [Issues of cybersecurity], 2021, No. 5 (45), pp. 45-51.
6. Miroshnichenko E.L., Pasechnik R.M., Bolychev M.V. Algoritm postroeniya diagrammy
dostizhimosti modeli sostoyaniya rabotosposobnosti informatsionnoy sistemy [Algorithm for
constructing a diagram of the reachability of an information system health state model],
Voprosy kiberbezopasnosti [Questions of cybersecurity], 2019, No. 6 (34), pp. 79-91.
7. Shcheglov A.Yu., Shcheglov K.A. Matematicheskie modeli i metody formal'nogo
proektirovaniya sistem zashchity informatsionnykh sistem: ucheb. posobie po distsipline
«Bezopasnost' vychislitel'nykh sistem i setey» [Mathematical models and methods of formal
design of information systems protection systems: a textbook on the discipline "Security of
computing systems and networks"]. St. Petersburg, 2015.
8. Probabilistic Modeling in System Engineering, by ed. A. Kostogryzov. London: IntechOpen,
2018, 278 p. 10.5772/ intechopen.71396. DOI: 10.5772/intechopen.71396.
9. Buldakova T.I., Mikov D.A. Obespechenie soglasovannosti i adekvatnosti otsenki fakto-rov
riska informatsionnoy bezopasnosti [Ensuring consistency and adequacy of information security
risk factors assessment], Voprosy kiberbezopasnosti [Cybersecurity Issues], 2017, No. 3
(21), pp. 8-15. DOI: 10.21681/2311-3456-2017-3-08-15.
10. Metodicheskiy dokument. Metodika opredeleniya aktual'nykh ugroz bezopasnosti
personal'nykh dannykh pri ikh obrabotke v informatsionnykh sistemakh personal'nykh
dannykh, utv. FSTEK Rossii 14.02.2008 [Methodical document. Methodology for determining
the actual threats to the security of personal data when they are processed in personal data information
systems, approved by the FSTEC of Russia on 02/14/2008].
11. Metodicheskiy dokument. Metodika otsenki ugroz bezopasnosti informatsii. Mery zashchity
informatsii v gosudarstvennykh informatsionnykh sistemakh. Metodicheskiy dokument
FSTEK Rossii. Utverzhden 11 fevralya 2014 g. ii, utv. FSTEK Rossii 05.02.2021 [Methodical
document. Methodology for assessing information security threats. Information protection
measures in state information systems. Methodological document of the FSTEC of Russia.
Approved on February 11, 2014 by the ai, approved by the FSTEC of Russia 05.02.2021].
12. Meshcheryakova T.V., Skryl' S.V., Firyulin M.E. Matematicheskie modeli informatsionnykh
protsessov v avtomatizirovannykh informatsionnykh sistemakh organov vnutrennikh del v
usloviyakh prosteyshey modeli narusheniya bezopasnosti informatsii: monografiya [Mathematical
models of information processes in automated information systems of internal affairs
bodies in the conditions of the simplest model of information security violations: monograph].
Voronezh: Voronezhskiy institut MVD Rossii, 2017, 124 p.
13. Skryl' S.V., Kondakov S.E., Chudin K.S. Obosnovanie pokazatelya dlya otsenki effektivnosti mer
obespecheniya zashchity personal'nykh dannykh v deyatel'nosti kadrovogo organa sluzhby
zashchity gosudarstvennoy tayny [Substantiation of the indicator for evaluating the effectiveness of
measures to ensure the protection of personal data in the activities of the personnel body of the state
secret protection service], Informatsionnaya bezopasnost' – aktual'naya problema sovremennosti.
Sovershenstvovanie obrazovatel'nykh tekhnologiy podgotovki spetsialistov v oblasti informatsionnoy
bezopasnosti: Mater. XXI Vserossiyskoy mezhvedomstvennoy nauchno-tekhnicheskoy konferentsii
[Information security is an urgent problem of our time. Improving educational technologies for
training specialists in the field of information security: Materials of the XXI All-Russian Interdepartmental
Scientific and Technical Conference]. Vol. 1. Krasnodar: KVVU, 2020, pp. 19-24.
14. Kazarin O.V., Kondakov S.E., Troitskiy I.I. Podkhody k kolichestvennoy otsenke
zashchishchennosti informatsionnykh resursov avtomatizirovannykh sistem [Approaches to
quantifying the security of information resources of automated systems], Voprosy
kiberbezopasnosti [Cybersecurity Issues], 2015, No. 2 (10), pp. 31-35.
15. Skryl' S.V., Gayfulin V.V., Sychev V.M., Gracheva Yu.V. [i dr.]. Aktual'nye voprosy
problematiki otsenki ugroz komp'yuternykh atak na informatsionnye resursy znachimykh
ob"ektov kriticheskoy informatsionnoy infrastruktury [Topical issues of the problem of assessing
threats of computer attacks on information resources of significant objects of critical
information infrastructure], Bezopasnost' informatsionnykh tekhnologiy [Information technology
security], 2021, No. 1, pp. 24-33.
16. Kondakov S.E., Meshcheryakova T.V., Skryl' S.V., Stadnik A.N., Suvorov A.A. Veroyatnostnoe
predstavlenie usloviy svoevremennogo reagirovaniya na ugrozy komp'yuternykh atak [Probabilistic
representation of conditions for timely response to threats of computer attacks],
Voprosy kiberbezopasnosti [Questions of cybersecurity], 2019, No. 6 (34), pp. 59-68. DOI:
10.21681/2311-3456-2019-6-59-68.
17. Maksimova E.A., Kuznetsova M.A., Topilin Ya.N., Fedonyuk N.I., Petrishcheva T.S.
Vnutrenniy kontrol' sootvetstviya obrabotki PDn trebovaniyam k ikh zashchite [Internal control
of compliance of PD processing with the requirements for their protection], Zashchita
informatsii. Insayd [Information protection. Inside], 2019, No. 6 (90), pp. 5-9.
18. Terent'eva L.V. Kriteriy «napravlennoy deyatel'nosti» primenitel'no k otnosheniyam,
svyazannym s zashchitoy personal'nykh dannykh [Criterion of "directed activity" in relation to
relations related to the protection of personal data], Pravovaya informatika [Legal Informatics],
2021, No. 1, pp. 61-69. DOI: 10.21681/1994-1404-2021-1-61-69.
19. Livshits I.I. Otsenka stepeni vliyaniya General Data Protection Regulation na bezopasnost'
predpriyatiy v Rossiyskoy Federatsii [Assessment of the impact of General Data Protection
Regulation on the security of enterprises in the Russian Federation], Voprosy
kiberbezopasnosti [Cybersecurity Issues], 2020, No. 4 (38), pp. 66-75.
20. Khasin E.V., Astrakhov A.V., Kondakov S.E. [i dr.]. Bezopasnost' operatsionnykh sistem:
ucheb. posobie dlya sistemy vysshego professional'nogo obrazovaniya [Security of operating
systems: a textbook for the system of higher professional education], ed. by S.V. Skrylya.
Moscow: Izdatel'skiy tsentr «Akademiya», 2021, 256 p.
21. Skryl' S.V., Shelupanov A.A. Osnovy sistemnogo analiza v zashchite informatsii: ucheb.
posobie dlya studentov vysshikh uchebnykh zavedeniy [Fundamentals of system analysis in
the protection of information: a textbook for students of higher educational institutions]. Moscow:
Mashinostroenie, 2008, 138 p.
