|A TECHNIQUE FOR EVALUATION OF INFORMATION PROTECTION LEVEL (Continue3)
It is necessary to note, that the given algorithm is applicable in those conditions of system functioning, when the threats are realized on elements of system in time, i.e. at the moment, when the information is processed in the given elements by consideration of threats implementation to confidentiality and integrity of the information and before as the information will be processed in elements or at the moment of processing at threats implementation of denial in access service of the information.
3.3.2 Formation of threats models with to take into consideration of rational distribution of threats implementation means on system elements
For an estimation of the information security in IT system it is necessary to consider various modes of operations, script of use and various variants of system construction. At various use of various variants of system construction, the models of threats also will be various. It is clear, that in such cases of the characteristic of elements of system can change, the purposes of system, its topology, connections between elements and even architecture of system also can change. Thus the rational assignment of threats implementation means available at the threats agent on elements of system will vary. In the previous item 3.3.1 we considered rational distribution of means at the given mode of system operations. It is possible to tell, that for this case, such rational distribution and will be model of threats. However threats model can be formed for various combinations of the given modes of operations, scripts of use and variants of system construction. As we form models of threats on rational algorithm, we can speak about a degree of the importance for the given application of system of that or other threat. Thus, in a structure of protection for the given system we have an opportunity to take into account valuable for system of threat and to prove them. Thus also we have opportunity to prove sufficiency of expenses of the threats agent for drawing the maximal damage to system. In turn it gives us an opportunity in structures of protection for systems to speak about a maximum level of threats and in general about levels of threats for some classes of systems. According to submitted in subsection 5.3 “The risk assessment” by estimated levels and having calculated value of function (184.108.40.206), after rational distribution of means, it is possible to determine an opportunity of processing in system of the information with the given level of its importance A(td). If at the given level of threats we have defined, that the information with the given level of importance cannot be processed, showing to system additional restrictions, assumption, requirement and including requirement for realization in system of various formal models of protection of the information, we can achieve an opportunity of processing in system of the information with the given level of its importance A(td). To trace that level, when the given information can be processed in system, we should every time at entering a set of the additional requirements to expect achievement of the given level on algorithm submitted in a general view in the given item of work. In more detail this algorithm will be submitted in the following subsection 3.4.
For correct process of formation of threats models it is necessary to us to take into account also time dynamic of distribution of threats implementation means on system elements. In other words, we should consider the problem of rational distribution of means in time for system. Let's construct algorithm (220.127.116.11.1) so that in it the temporary factor both for importance of the information in system, and for the account of time of passage of the information through the given element of system, and also for the account of an opportunity of realization of the given threat in the given time could be taken into account. Thus, we can construct model of functioning of IT system in conditions as much as possible approached to real.
18.104.22.168 Algoritm of rational distribution of threats implementation means on system elements in dynamics of its functioning
|Последнее обновление ( 15.07.2014 г. )