Сообщение

A Methodological Approach to Determining the Reliability of the Executor of the Computer Incident Response Plan at Significant Facilities of Critical Information Infrastructure

 
 orcid Valery Komarov

Moscow Research Institute of Healthcare Organization and Medical Management of the Moscow Health Department,
Moscow, 115088, Russian Federation

DOI 10.31854/2307-1303-2025-13-4-15-30

EDN TTTFWO

 Full text

XML JATS

Abstract

The purpose of the study is to determine the reliability of an employee of a critical information infrastructure entity involved in implementing measures to respond to computer incidents and eliminate the consequences of computer attacks on significant objects of the specified infrastructure, as well as to assess the feasibility of using this parameter to characterize the employee in decision support systems. As part of the solution to the problem of assigning responsible employees to implement measures to respond to computer incidents and eliminate the consequences of computer attacks, a methodological approach has been proposed to determine the reliability of the employee responsible for implementing the computer incident response plan. Practical experimental studies have been conducted to assess the effectiveness of the actions of employees of critical information infrastructure entities with different qualifications and skills. As a result of the study, an approach is proposed to calculate the main indicators of the performer's qualifications and skills, as well as to use the obtained indicators when solving the task of assigning performers (the assignment problem), which will reduce the time required to respond to a computer incident and eliminate the consequences of a computer attack. The obtained results allow for the reasonable formation of requirements for the qualifications and skills of personnel in the security forces of significant critical information infrastructure facilities and ensure the interchangeability of performers. The practical significance lies in solving the problem of optimal distribution (assignment) of an executor, taking into account their qualifications and skills, when responding to computer incidents and eliminating the consequences of computer attacks.

Keywords

critical information infrastructure, object of critical information infrastructure, computer incident, model, computer attack

Reference for citation

Komarov V. A Methodological Approach to Determining the Reliability of the Executor of the Computer Incident Response Plan at Significant Facilities of Critical Information Infrastructure // Telecom IT. 2025. Vol. 13. Iss. 4. PP. 15‒30 (in Russian). DOI: 10.31854/2307-1303-2025-13-4-15-30. EDN: TTTFWO
References

1. Talashmanova K. A. To the Problem of Understanding the Professional Reliability of a Subject // Chelovecheskij Kapital. 2020. Iss. № 3 (135). PP. 239-245. (in Russian) DOI: 10.25629/HC.2020.03.28. EDN: TQLYSF

2. Tabakaeva V. A., Karmanov I. N., An V. R. Features of Intelligent Information Security Management Systems for Critical Information Infrastructure Objects // Interexpo Geo-Siberia. 2020. Vol. 6. Iss. 2. PP. 99-104. (in Russian) DOI: 10.33764/2618-981X-2020-6-2-99-104. EDN: AVQHQD

3. Vasiliev N. P., Skvortsov R. R. Using a Decision-Making System to Ensure Information Security // Current Research. 2023. Iss. 24-1 (154). PP. 43-49. (in Russian) EDN: DHBWDY

4. Fisun V. V. Expert System for Support and Decision-Making on the Management of Information Security of Objects of Critical Information Infrastructure // Globus: Technical Sciences. 2022. Vol. 8. Iss. 1 (42). PP. 17-21. (in Russian) DOI: 10.52013/2713-3079-42-1-4. EDN: IZALNY

5. Khranilov V. P., Burago P. N. Mathematical Support of a Decision Support System for Information Security Risk Management Purposes // Mathematical Methods in Technologies and Technics. 2024. Iss. 6. PP. 107-110. (in Russian) EDN: DZQSPY

6. Goldobina A. S., Isaeva Ju. A., Selifanov V. V., Klimova A. M., Zenkin P. S. Building an Adaptive Three-Tier Model of Management Processes for the Information Security System of Critical Information Infrastructure Objects // Proceedings of the TUSUR University. 2018. Vol. 21. Iss. 4. PP. 51-58. (in Russian) DOI: 10.21293/1818-0442-2018-21-4-51-58. EDN: YYSUPZ

7. Medvedev D., Matveev A. Algorithms for Intelligent Support of Management Decisions in Case of Threats from Forest Fires // Scientific and Analytical Journal "Vestnik Saint-Petersburg University of State Fire Service of Emercom of Russia". 2025. № 2. PP. 35-48. (in Russian) DOI: 10.61260/2218-13Х-2025-2-35-48. EDN: OKGHLE

8. Mikidenko N. L., Storozheva S. P., Strukova E. G. Staff Assistance of Educational Programs in the Sphere of Information Security: Design and Development Problems // Vestnik SibGUTI. 2022. Iss. 3 (59). PP. 84-100. (in Russian) DOI: 10.55648/1998-6920-2022-16-3-84-100. EDN: INPJMX

9. Akhmedzhanov F. M., Krymsky V. G. HEART Algorithm for Assessment of Human Operator Reliability Based on Modified Heart Methodology // Electrical Engineering and Information Complexes and Systems. 2019. Vol. 15. Iss. 1. PP. 60-69. (in Russian) DOI: 10.17122/1999-5458-2019-15-1-60-69. EDN: PNGLWR

10. Berberova M., Chuenko V., Zolotarev O., Andreev V., Karpushin E., et al. Assessment of Personnel Actions in the Most Dangerous Accidents. Development of a NPP Safety Monitoring Program // Automation and Modeling in Design and Management. 2020. Iss. 2 (8). PP. 42-49. (in Russian) DOI: 10.30987/2658-6436-2020-2-42-49. EDN: SIBZER

11. Kondratyev A. Yu., Kovalenko O. V., Usov A. V., Eroshkina I. V. Methodological Approach for Assessing the Risks of Erroneous Actions of Personnel Structural Divisions of the Ministry of Defense of the Russian Federation, Operating Nuclear and Radiation Hazardous Facilities // Defense Technology Issues. Series 16: Technical Means of Countering Terrorism. 2022. Iss. 7-8 (169-170). PP. 3-11. (in Russian) EDN: OFZQAH

12. Kovalkovskaya N. O., Kuleshov V. V., Serdyuk V. S., Bakiko E. V. Human Factor Parameters Influence Scaling on Professional Risk Level at Engineering Facilities // Omsk Scientific Bulletin. 2020. Iss. 6 (174). PP. 15-21. (in Russian) DOI: 10.25206/1813-8225-2020-174-15-21. EDN: GYSRHG

13. Speranskiy D. About Search of Optimal Paths in Fuzzy Graphs // Automation in Transport. 2022. Vol. 8. Iss. 4. PP. 418-426. (in Russian) DOI: 10.20295/2412-9186-2022-8-04-418-426. EDN: DEACCM

14. Bolshakov A. S., Zhila A. I., Osin A. V. Fuzzy Logic Data Protection Management // High Technologies in Earth Space Research. 2021. Vol. 13. Iss. 4. PP. 37-47. (in Russian) DOI: 10.36724/2409-5419-2021-13-4-37-47. EDN: AGYPHZ

15. Ryabova V. A. Fuzzy Model of Enterprise Information Security Threats // Proceedings of the All-Russian Scientific and Practical Conference of Young Scientists, Postgraduates and Students, Dedicated to the Decade of Science and Technology in the Russian Federation "Youth Science ‒ 2023: Technologies and Innovations" (April 10-14, 2023, Perm). Perm, 2023. PP. 103-106. EDN: KGHWKN (in Russian)

16. Carlos Eduardo Rodriguez. Evaluating the impact of human factors on aircraft maintenance errors: A risk-based analysis framework for business aviation. World Journal of Advanced Engineering Technology and Sciences, 2024, 13(02), 764-777. DOI: https://doi.org/10.30574/wjaets.2024.13.2.0647.

17. Zarei E., Khan F., Abbassi R. Importance of Human Reliability in Process Operation: A Critical Analysis // Reliability Engineering & System Safety. 2021. Vol. 211. P. 107607. DOI: 10.1016/j.ress.2021.107607. EDN: EWNXCL

18. Goncharova N. Method for Determining Dynamic Priorities of Cargo Operations for Optimizing the Use of Self-Propelled Units in Railway Industrial Transport and Technological Systems // Automation in Transport. 2023. Vol. 9. Iss. 3. PP. 274-282. (in Russian) DOI: 10.20295/2412-9186-2023-9-03-274-282. EDN: DIKMUC

19. Zhuravlev N. M. Decision-Making Algorithm for a Firefighting Command Officer under Uncertainty // Innovative Research as a Locomotive for the Development of Modern Science: From Theoretical Paradigms to Practice: Electronic Collection of Scientific Articles Based on the XIII International Scientific and Practical Conference Materials (October 12, 2019, Moscow). Moscow: MISI University Publ., 2019. PP. 193-196. (in Russian)

20. Zhuravlev N. M. Support Decision-Making of Head of Fire Extinguishing Based on System-Dynamic Models Frontal Fire Fighting // Proceedings of the IV All-Russian Scientific and Practical Conference on Priority Areas for the Development of Russian Science (July 14, 2020, St. Petersburg). St. Petersburg, 2020. PP. 17-21. (in Russian) EDN: VXJJDZ

21. Krymsky V., Akhmedzanov F. Application of Interval Models of Uncertainties to Assessing Human Operator Reliability by SLIM Method // Electrical Engineering and Information Complexes and Systems. 2022. Vol. 18. Iss. 2. PP. 128-138. (in Russian) DOI: 10.17122/1999-5458-2022-18-2-128-138. EDN: IHMGQL

 

cc-by This article is distributed under a license Creative Commons Attribution 4.0 License.

cc0  The metadata of the article is distributed under a license CC0 1.0 Universal


 

Modeling the Interface of an Information System and Instructions for Working with It, Taking into Account the Deviation of User Behavior

 
 orcid Grigory Moiseenko

Ministry of Defense of the Russian Federation,
Moscow, 119160, Russian Federation

DOI 10.31854/2307-1303-2025-13-4-1-14

EDN SFRRWR

 Full text

XML JATS

Abstract

Problem statement. Unintentional violations by a user of instructions for working with an information system, leading to information security threats (unintentional insider incidents), are a serious issue in the field of information security. The main cause of such violations is that, due to a certain psycho-emotional state of the user, a deviation in behavior occurs, and the user may make mistakes both in choosing and in working with system interface elements: for example, entering confidential data into "open" fields. The aim of this work is to describe a software tool for modeling, developed based on the author's system interface model and instructions. Research methods: computer modeling, software engineering, experiment. The result: in addition to the very fact of creating a software tool, its operability has been proven in terms of modeling the interface in an information system and instructions for working with it, as well as the visibility of the resulting graphical representation. The practical significance lies in the fact that this tool allows you to implement a method to counteract the deviation of user behavior by solving the optimization problem of clarifying instructions in terms of the specification of the description of interface elements; at the same time, this task is multi-criteria, since increasing the content of instructions leads to the opposite effect – complicating its perception by humans.

Keywords

unintentional insider, behavior deviation, modeling, software tool, experiment

Reference for citation

Moiseenko G. Modeling the Interface of an Information System and Instructions for Working with It, Taking into Account the Deviation of User Behavior // Telecom IT. 2025. Vol. 13. Iss. 4. PP. 1‒14 (in Russian). DOI: 10.31854/2307-1303-2025-13-4-1-14. EDN: SFRRWR
References

1. Buinevich M., Moiseenko G. Threat to information resources security by violating the rules of work with the information system // Proceedings of the St. Petersburg International Conference and the St. Petersburg Interregional Conference "Regional Informatics and Information Security" (Saint Petersburg, October 23–25, 2024). St. Petersburg, 2024. PP. 78–79. EDN: JRRYNA

2. Kovtunovich M. G., Markachev K. E. Information stress // Psychological Science and Education. 2008. Vol. 13. Iss. 5. PP. 83–91. EDN: JXDPBX

3. Moiseenko G. Review of methods of formalizing job descriptions (according to domestic research) // National Security and Strategic Planning. 2024. Iss. 4 (48). PP. 35–42. DOI: 10.37468/2307-1400-2024-4-35-42. EDN: EVKBGL

4. Buinevich M. V., Moiseenko G. Yu. The instructions "resistant" increasing as a way to counter unintentional insiding // Voprosy Kiberbezopasnosti. 2024. Iss. 6 (64). PP. 108–116. DOI: 10.21681/2311-3456-2024-6-108-116. EDN: HRNCWF

5. Tsaregorodtsev A. V., Romanovskiy S. V., Volkov S. D., Samoylov V. E. Digital products' information security risk management in the organization financial ecosystem // Modeling, Optimization and Information Technology. 2020. Vol. 8. Iss 4 (31). DOI: 10.26102/2310-6018/2020.31.4.038. EDN: SKZBBF

6. Kurta P. A. Interaction of the user with the information system. Part 1. Scheme of interaction and classification of disadvantages // News of ETU. 2020. Iss. 8–9. PP. 35–45. EDN: VLVMXL

7. Abdullin T. I., Baev V. D., Buinevich M. V., Burzunov D. D., Vasilieva I. N., et al. Digital Technologies and Information Security Issues. St. Petersburg: Saint Petersburg State Economic University Publ., 2021. 163 p. EDN: NXZPBQ

8. Buynevich M. V., Izrailov K. E. Author's metric for assessing proximity of programs: application for vulnerability search using genetic de-evolution // Software & Systems. Vol. 38. Iss. 1. PP. 89–99. DOI: 10.15827/0236-235X.149.089-099. EDN: RAPDHK

9. Vostryh A. Algorithm for assessing the efficiency of visual aesthetics of interfaces of specialized software products used by emergency services // National Security and Strategic Planning. 2024. Iss. 3 (47). PP. 77–89. DOI: 10.37468/2307-1400-2024-3-77-89. EDN: BEEHGJ

10. Danilova M. V., Mollon J. D. Color discrimination and color categories // Experimental Psychology (Russia). 2010. Vol. 3. Iss. 3. PP. 39–56. EDN: MWKCAD

11. Buinevich M., Moiseenko G. Combining of heterogeneous destructive impact on the information system and countering attacks (on Example by Insider Activity and DDoS-attack) // Telecom IT. 2023. Vol. 11. Iss. 3. PP. 27‒36. (in Russian) DOI: 10.31854/2307-1303-2023-11-3-27-36. EDN: LWQWNX

 

cc-by This article is distributed under a license Creative Commons Attribution 4.0 License.

cc0  The metadata of the article is distributed under a license CC0 1.0 Universal


 
 
войти

Авторизация