ERP-SYSTEM RISK ASSESSMENT METHODS AND MODELS
DOI:
https://doi.org/10.15588/1607-3274-2020-4-15Keywords:
Information security, fuzzy logic, risk assessment, security, ERB-system.Abstract
Context. Because assessing information security risks is a complex and complete uncertainty process, and non-appearance is a major factor influencing the effectiveness of the assessment, is advisable use vague methods and models that are adaptive to noncomputed data. The formation of vague assessments of risk factors is subjective, and risk assessment depends on the practical results obtained in the process of processing the risks of threats that have already arisen during the functioning of the organization and experience of information security professionals.
Objective. The object of the study are neural models that combine methods of fuzzy logic and artificial neural net-works and systems, that is, human-like style considerations of fuzzy systems with training and simulation of mental phi novena of neural networks.
Method. The paper analyzes modern areas of research in the field of information protection in information systems, methods and technologies of information security risk Assessments, use of vague models to solve problems of information security risk assessment, as well as concept and con-struction of ERP systems and analyze problems of their security and vulnerability.
Results. Identified factors influencing risk assessment suggest the use of linguistic variables to describe them and use fuzzy variables to assess their qualities, as well as a system of qualitative assessments. The choice of parameters for the development of the structure of a fuzzy product model of risk assessment and the basis of the rules of fuzzy logical conclusion justified.
Conclusions. A vague risk assessment model of ERP systems is considered. You have selected a list of factors that affect information security risk. The methods of assessment of risks of information resources and ERP-systems in general, assessment of financial losses from the implementation of threats, determination of the type of risk according to its assessment for the formation of recommendations for their processing in order to maintain the level of protection of the ERP-system are considered. The list of linguistic variable models is considered. The structure of the database of fuzzy product rules – MISO-structure is selected. Fuzzy variable models are considered.
References
Methody zahysty systemy upravlinnia informaciinoiu Bezpekoiu [Tekst], DSTU ISO/IES 27001, 2015. Chyn. 2017.01.01. Kyiv, DP “UkrNDNC”, 2016, 22 p.
Informaciini tehnolohii. Metody zahystu. Zvid praktyk shchodo zahodiv informaciinoi bezpeky [Tekst], ISO/IES 27002:2015. 2015. Chyn. 2017.01.01. Kyiv, DP “UkrNDNC”, 2016.
Informaciini tehnolohii. Metody zahystu. Systemy keruvannia informaciinoiu bezpekoiu. Nastanova [Tekst]: DSTU ISO/IES 27003: 2018. Chyn. 2018.01. 01. Kyiv, DP “UkrNDNC”, 2018.
Informaciini tehnolohii. Metody zahystu. Systemy кeruvannia informaciinoiu bezpekoiu. Monitoring, Vymiriuvannia, analisuvannia ta ociniuvannia [Tekst]: DSTU ISO/IES 27004: 2015.–2018. Chyn. 2018.01.01. Kyiv: DP “UkrNDNC”, 2018.
Informaciini tehnolohii. Metody zahystu. Upravlinnia Rysykamy informaciinoi bezpeku [Tekst]: DSTU ISO / IES 27001: 2015 Chyn. 2015.01.01. Kyiv, DP “Ukr-NDNC”, 2016.
Ehlakov Yu. P. Nechyotkaya model ocenki riskov Prodvizheniya prohramnyh produktov, Biznes-informatika, 2014, No. 3 (29), pp. 69–78.
Gladysh S. V. Predstavlenie znanii ob upravlenii in- Cyndentami informacionnoj bezopasnosti posredstvom Nechyotkich vremennyh raskrashennyh Setei Petri, Mizhnarodnyi naukovo-tehnichnyi zhurnal “Informaciini tehnolohii ta kompyuterna inzheneriia”, 2010, No. 1 (17), pp. 57–64.
Nieto-Morote A. A., Ruz-Vila F. Fuzzy approach to construction Project risk assessment, International Journal of Project Management, 2011, Vol. 29, Issue 2, pp. 220– 231.
Korchenko A. G. Postroenie system zashchity Infor-macii na nechetkikh mnozhestvakh. Teoriya i Prakticheskiie resheniia. K., MK-Press, 2006, 320 p.
Teoriia alhoritmiv ta matematychna lohika [Elektronnyi resurs] / materialy dystanciinnogo Navchannia Sumskogo derzhavnogo universytetu, Rezhim dostupu: https://dl. Sum d u. edu.ua /textbooks/ 85292/354091/index.html.
Karpenko A. C. Lohika Lukaсevicha i prostye chisla. Moscow, Nauka, 2000, 319 p.
Zade L. Ponyatie lingvisticheskoi peremennoi i ego primenenie k ponyatiyu priblizhyonnykh reshenii, Per. s Angl. Moscow, Mir, 1976, 166 p.
Nechyotkaya i lingvisticheskaya peremennye [Elektronnyi resurs], Project Neuronus.com Portal Znanii Ob iskusstvennom intelekte. Rezhim dostupu: https://neuronus.com/theory/fl/310-chast-3-nechetkaya-ilingvisticheskaya-eremennye.html.
Neiro-nechitki merezhi. Nechitka logika v Matlab [Elektronnyi resurs] Yevropeiskii universitet Finansiv, informaciinykh system, menedzhmentu i Biznesu. Kurs lekcii “Ekspertni systemy. Intelektualni Informaciini systemy”, 2016, Rezhim dostupu: https://studfile.net/preview/5474324/page:3/.
Shutovskii V. O. Rozrobka adaptyvnogo algoritmu kilkisnoi ocinky ryzykiv z vykorystanniam metodiv nechitkoi logiky, Teoretychni i Prykladni problemy fizyky, mathematyky ta Informatyky. Zbirka tez dopovidei uchasnyki, 2008, P. 146.
Kruglov V. V., Borisov V. V., Fedulov A. C. Nechitki modeli i seti. Moscow, Goriachaya linia, Telekom, 2012, 284 s. Il.
Hayashi Y., Imura A. Fuzzy neural expert system with automated extraction of fuzzy If-Then rules from a trained neural network, Proceedings. First International Symposium on Uncertainty Mode Ling and Analysis, 1990, pp. 489–494.
Kruglov V. V., Borysov V. V. Iskusstvennye neironnye seti. Teoriya i praktika. Moscow, Goriachaya liniya – Telekom, 2002, 382 p.: Il.
Zagalna kharakterystyka ta vlastyvosti neiro-nechitkykh merezh [Elektronnyi resurs] //Informaciinyi sait nechitkoi logiky. Rezhym dostupu: https://sites.google.com/site/ ne4itkalogika, Nejro-necitki merezhi, zagalna harakteristika ta vlastivosti nejro-necitkih merezh.
Subbotin S. O. Podannia i obrobka znan u Systemach Shtuchnogo intelektu ta pidtrymky Pryiniattia Rishen: Navch. Posibnyk. Zaporizhzhia, ZNTU, 2008, 341 p.
Buckleya J. J., Hayashi Y. Fuzzy neural networks: asurvey, Fuzzy sets and systems, 1994, Vol. 66, Issue 1, pp. 1–13.
ERP-sistema (planuvannia resursiv pidpryemstva) [Elektronnyi resurs], Navchalni materialy onlain (pidruchniki-website). Rezhym dostupu: https://-pidruchniki. com / 1171062647760 / informatika Pidpriyemstva.
Zyryanov Yu. Informacionnaya bezopasnost ERP-sistem. CITforum. Rezhim dostupu: http://citforum.ru/gazeta/49/.
Hendrawirawan D., Tanriverdi H., Zetterlund C. ERP Security and Segregation Of duties Audit: A Framework for Building an utomated Solution, Information systems control journal, 2007, Vol. 2, 4 p.
Security issues in ERP. Security, Audit and Control Features SAP ERP 4th Edition, Audit Program. Isaca, 2015, 574 p.
Polyakov A. ERP Security Deserves Our Attention Now More than Ever [Elektronnyi resurs], Forbes, 2017. Rezhym dostupu: https://www.forbes.com/ sites / forbestechcouncil /2017/07/07/ erp-security-deserves-our-attention-now-more than-ever/.
Polyakov A. Bezopasnost SAP v cyfrakh [Elektronnyi resurs], Blog kompanii Digital Security. Khabrakhabar, 2012, Rezhym dostupu: https://habr.com/ru/company/ Dsec/blog/146967/.
Jang J.-S.R. ANFIS: Adaptive Network –based Fuzzy Inference System, IEEE Trans. On Syst., Man and Cybernetics, 1993, Vol. 23, No. 3, pp. 665–685.
Goel S., Kiran R., Carg D. Vulnerability Management for an Enterprise Resource Planning System, International Journal Of Computer Applications, 2012, Vol. 53,No. 4, pp. 19–22.
National vulnerability database Release [Elektronnyi resurs], National Institute of Standards and Technology. Rezhym dostupu: https://nvd.nist.gov/vuln-metrics/cvss.
Downloads
How to Cite
Issue
Section
License
Copyright (c) 2020 A. D. Kozhukhivskyi, O. A. Kozhukhivska
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Creative Commons Licensing Notifications in the Copyright Notices
The journal allows the authors to hold the copyright without restrictions and to retain publishing rights without restrictions.
The journal allows readers to read, download, copy, distribute, print, search, or link to the full texts of its articles.
The journal allows to reuse and remixing of its content, in accordance with a Creative Commons license СС BY -SA.
Authors who publish with this journal agree to the following terms:
-
Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License CC BY-SA that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
-
Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
-
Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work.