Degree
|
Dr. Sci. (Eng.), Professor, Professor of Applied Informatics and Information Security Department, Plekhanov Russian University of Economics |
---|---|
E-mail
|
Sizov.VA@rea.ru |
Location
|
Moscow, Russia |
Articles
|
Development of models for the automated formation of competencies of a cybersecurity specialist based on a scenario approachThe work is devoted to the development of models for the automated formation of competencies of a cybersecurity specialist based on a scenario approach. The relevance of the work is determined by the need to timely update the requirements for professional competencies of a cybersecurity specialist in the context of the development of methods and tools for information warfare and the lack of a theoretical apparatus that allows automating this process. The purpose of this work is to develop models for the automated formation of competencies of a cybersecurity specialist based on a scenario approach, which allow analyzing information about the actions of a cybersecurity violator and, based on this information, determining the current set of professional competencies of a cybersecurity specialist. The task of developing models for the automated formation of competencies of a cybersecurity specialist based on a scenario approach is to develop a model of actions of a cybersecurity violator and an associated model of a countermeasure system that determines the actual set of competencies of a cybersecurity specialist. In contrast to existing expert approaches to determining the professional competence model of a cybersecurity specialist, this paper uses a scenario approach that allows describing scenarios of actions of a cybersecurity violator at a formalized level, integrating the data obtained into the appropriate graph model and forming an activity professional model of a cybersecurity specialist based on optimizing the structure of the system counteraction. The set of developed models for the automated formation of competencies of a cybersecurity specialist based on a scenario approach takes into account many factors of information confrontation, such as: techniques and tactics of cybersecurity offenders, their corresponding methods and tools of counteraction. The proposed approach of structuring the countermeasure system in the form of a set of interrelated modules based on the results of the analysis of attack scenarios, techniques and corresponding tactics used by the violator of cybersecurity allows taking into account the features of attacks that are most often implemented, forming a set of professional actions of a cybersecurity specialist based on the use of appropriate methods and tools to counter these techniques grouped by functional modules. Analysis of the results of the conducted computer experiment showed the operability of the proposed models for the automated formation of competencies of a cybersecurity specialist based on the scenario approach. Read more... Method of two-stage cybersecurity incidents fuzzy clustering for economic entitiesThe work is aimed at improving the efficiency of cybersecurity management (CS) of economic entities (SED) by organizing effective CB monitoring, taking into account such features of its process as the heterogeneity of sources of initial CB monitoring data, their presentation in different data formats, their inaccuracy, and largely uncertainty and noisiness, as well as a large number of KB events processed by heterogeneous components of the ERMS KB monitoring system. In this paper, in contrast to existing methods, a complex two-stage method for fuzzy clustering of SI events is proposed, taking into account the assessment of the criticality of SI events and the functionality of the ES IS monitoring system. At the first stage, the KB event clustering model based on the fuzzy c-means method is used. This model allows splitting the set of CI events into several fuzzy clusters according to the a priori probability that the CI event is an incident. At the second stage, to refine the results of the clustering of SI events obtained at the first stage, the model of clustering of SI incidents based on the method of extracting α-kernels of fuzzy clusters is used. This model allows you to manually select the thresholds for the degree of belonging of SI incidents to fuzzy clusters, taking into account additional information and features of processing SI incidents in the SI monitoring system of a particular EDMS. The paper evaluates the effectiveness of the two-stage method of fuzzy clustering of KB incidents in the EDMS KB monitoring system. The proposed approach makes it possible to increase the efficiency of ERMS CM monitoring and reduce the period of time required to make a decision on the ERMS CM management due to the complex consideration of the features of CM event processing in the ERMS CM monitoring system. Read more... |