III bob bo’yicha xulosa
Ushbu bobda:
1. korxona tizimi uchun axborot xavfsizligi riskini baholash modeli keltirilgan bo’lib, uni tashkil etish va foydalanish uchu zarur barcha ta’riflar keltirib berilgan.
2. korxona axborot tizimining axborot xavfsizligi risklarini baholash algoritmining bosqichlari batafsil yoritilgan.
3. Bayes ehtimollik yondashuvi asosida korxona axborot tizimining axborot xavfsizligi risklarini baholash algoritminining amalga oshirish ketma-ketligi hamda uni optimallashtirish usuli ham berilgan bo’lib, uni uni korxona tarmoqlarida qo’llash orqali tarmoqqqa bo’ladigan risklar tabiatini o’rganish va qarshi chora-tadbirlar aniqlash maqsadga muvofiq bo’ladi.
XULOSA
Ushbu tadqiqod ishini va undagi vazifalarni bajarishda quyidagi xulosalarga kelindi:
1. Kompyuter tarmoqlarida axborot xavfsizligini ta’minlash duch kelinadigan muammolar, tarmoqlarga bo’ladigan tahdidlar va hujumlar turlari juda ham ko’p bo’lib, ushbu tahdidlar va hujumlarning manbalari va xususiyatlari aniqlash hujumlardan himoyalanish choralarini aniq belgilab olishga imkon beradi.
2. Lokal tarmoqlarda axborot himoyasini ta’minlash usullari va vositalarining birini qo’llash orqali to’liq himoyani ta’minlab bo’lmaydi. Shuning uchun ularni kombinatsiyalangan holda ishlatish maqsadga muvofiq.
3. Risk, uning mohiyati va konseptual tahlili amalga oshirilib, risklarni boshqarish va ularni baholash hujumlardan himoyalanish darajasini oshirishi aniqlandi. Shu bilan birga, mavjud risklarni baholash usullari, ularning xususiyatlari tahlili keltirib o’tilgan.
4. Bayes ehtimollik yondashuvi asosida korxona axborot tizimining axborot xavfsizligi risklarini baholash algoritminining amalga oshirish ketma-ketligi hamda uni optimallashtirish usuli ham berilgan bo’lib, uni uni korxona tarmoqlarida qo’llash orqali tarmoqqqa bo’ladigan risklar tabiatini o’rganish va qarshi chora-tadbirlar aniqlash maqsadga muvofiq bo’ladi.
FOYDALANILGAN ADABIYOTLAR RO’YHATI
“2022 – 2026 - yillarga mo‘ljallangan Yangi O‘zbekistonning taraqqiyot strategiyasi to‘g‘risida” 28.01.2022 yildagi PF-60 sonli O‘zbekiston Respublikasi Prezidentining farmoni.
Axborot-Kommunikatsiya texnologiyalari sohasida loyiha boshqaruvi tizimini yanada takomillashtirish chora-tadbirlari to‘g‘risida O‘zbekiston Respublikasi Prezidentining 29.08.2017. PQ-3245-son qarori.
S.K. Ganiyev, M.M. Karimov, K.A. Tashev. Axborot xavfsizligi. – T.: “Fan va texnologiya”, 2017.
S.K. Ganiyev, A.A. Ganiyev, Z.T. Xudayqulov. Kiberxavfsizlik asoslari: O‘quv qo‘llanma. – T.: “Iqtisodiyot-Moliya”, 2021.
Макаренко С. И. Аудит информационной безопасности: основные этапы, концептуальные основы, классификация мероприятий. Системы управления, связи и безопасности. 2018;(1):1–29.
Mahfuth A., Bakar A. A., Yussof S., Ali N. A systematic literature review: Information security culture. In: 2017 International Conference on Research and Innovation in Information Systems (ICRIIS). DOI: 10.1109/ ICRIIS.2017.8002442
И.М. Ажмухамедов, О.Н. Выборнова, Ю.М. Брумштейн. Управление рисками информационной безопасности в условиях неопределенности. Проблемы информационной безопасности. Компьютерные системы. – 2016. – Т. 1. – С. 7-14.
И.М. Ажмухамедов, О.Н. Выборнова. Формализация понятий приемлемого и толерантного риска. Инженерный вестник Дона. – 2015. – Т. 37. – № 3. – С. 63.
Астахов А. Актуальные вопросы выявления сетевых атак URL:http://www.infosecurity.ru/030211/article07.html#art6. (дата обращения 21.12.2021)
Брумштейн, Ю.М. Анализ некоторых моделей группового управления рисками / Ю.М. Брумштейн, О.Н. Выборнова // Прикаспийский журнал: управление и высокие технологии. – 2015. – № 4 (32). – С. 64-72.
Выборнова О.Н. Онтологическая модель процесса оценки рисков. Вестник Астраханского государственного технического университета. Серия: Управление, вычислительная техника и информатика. – 2015. – № 2. – С. 97102.
О.Ю. Губарева, О.В. Осипов, А.О. Почепцов, В.В. Пугин. Средства анализа сетевого трафика в инфокоммуникационных сетях. XXIV Российской научно-технической конференции профессорско-преподавательского состава, научных сотрудников и аспирантов: тезисы докладов – Самара, 2017. – С. 111.
P. Shamala, R. Ahmad, A. Zolait and M. Sedek, "Integrating information quality dimensions into information security risk management (ISRM)", Journal of Information Security and Applications, vol. 36, pp. 1-10, 2017. Available: 10.1016/j.jisa.2017.07.004.
A. Gupta, "Strategic Dimensions of Information Security Risk Management", Journal of Business Management and Information Systems, vol. 6, no. 2, pp. 1-9, 2019. Available: 10.48001/jbmis.2019.0602001.
Yevseiev, Serhii & Shmatko, Oleksandr & Romashchenko, Nataliia. (2019). Algorithm of information security risk assessment based on fuzzy-multiple approach. Advanced Information Systems. 3. 73-79. 10.20998/2522-9052.2019.2.13.
Wang Meng*, Zhou Shiyuan and Dong Zhankui. A Support Subset Algorithm and Its Application to Information Security Risk Assessment. Recent Patents on Engineering. Volume 11, Issue 3, 2017. Page: [188 - 193]. DOI: 10.2174/1872212111666170221164622.
Olga Vybornova and Igor Pidchenko and Iskandar Azhmukhamedov. Information Security Risk Assessment Methodology and Software “Rubikon”. Proceedings of the 21st International Workshop on Computer Science and Information Technologies (CSIT 2019). 2019/12. Pp - 230-235.
Abhishek Sharma, Umesh Kumar Singh. Modelling of Smart Risk Assessment Approach for Cloud Computing Environment using AI & supervised machine-learning algorithms. Global Transitions Proceedings. 2022. ISSN 2666-285X, https://doi.org/10.1016/j.gltp.2022.03.030.
Olusola Akinrolabu, Jason R.C. Nurse, Andrew Martin, Steve New. Cyber risk assessment in cloud provider environments: Current models and future needs. Computers & Security. Volume 87. 2019. 101600. ISSN 0167-4048. https://doi.org/10.1016/j.cose.2019.101600.
Max van Haastrecht, Injy Sarhan, Alireza Shojaifar, Louis Baumgartner, Wissam Mallouli, and Marco Spruit. 2021. A Threat-Based Cybersecurity Risk Assessment Approach Addressing SME Needs. In The 16th International Conference on Availability, Reliability and Security (ARES 2021), August 17–20, 2021, Vienna, Austria. ACM, New York, NY, USA 12 Pages. https://doi.org/10.1145/3465481.3469199
Q. Hong et al., "An information security risk assessment algorithm based on risk propagation in energy internet," 2017 IEEE Conference on Energy Internet and Energy System Integration (EI2), 2017, pp. 1-6, doi: 10.1109/EI2.2017.8245703.
G. Erdogan, A. Gonzalez, A. Refsdal and F. Seehusen, "A Method for Developing Algorithms for Assessing Cyber-Risk Cost," 2017 IEEE International Conference on Software Quality, Reliability and Security (QRS), 2017, pp. 192-199, doi: 10.1109/QRS.2017.29.
Shameli-Sendi, A., Aghababaei-Barzegar, R. & Cheriet, M., Taxonomy of information security risk assessment (isra). Computers & Security, 57, pp. 14–30, 2016.http://dx.doi.org/10.1016/j.cose.2015.11.001.
https://web.snauka.ru/issues/2012/11/18524
https://www.geeksforgeeks.org/risk-management-for-information-security-set-1/
"Information Security Risk Assessment- 7-Step Guide - CISO Portal", CISO Portal, 2022. [Online]. Available: https://www.ciso-portal.com/information-security-risk-assessment-7-step-guide/. [Accessed: 07- Jun- 2022].
"Performing an Information Security and Privacy Risk Assessment| Industry News | ISACA", ISACA, 2022. [Online]. Available: https://www.isaca.org/resources/news-and-trends/industry-news/2022/performing-an-information-security-and-privacy-risk-assessment. [Accessed: 07- Jun- 2022].
https://finacademy.net/materials/article/metody-upravleniya-riskami
https://safe-surf.ru/specialists/article/5193/587932/
Do'stlaringiz bilan baham: |