Международная научно-техническая конференция «Практическое применение технических и цифровых технологий и их инновационных решений», татуфф, Фергана, 4 мая 2023 г

Muqobil energiya manbaalari va telekommunikatsiya texnologiyalarini rivojlantirishing yangi bosqichilari 
Международная научно-техническая конференция «Практическое применение технических и 
цифровых технологий и их инновационных решений», ТАТУФФ, Фергана, 4 мая 2023 г. 
105
METHODS FOR IDENTIFYING CURRENT THREATS TO 
INFORMATION SECURITY AT THE ENTERPRISE. 
T.M.Okhunov
Deputy dean for work with youth, "Software engineering and digital economy", 
Fergana branch, Tashkent University of Information Technologies named after 
Muhammad al-Khorazmi 
K.Z.Muminov 
Master's degree The Ferghana Branch Tashkent university of information 
technologies named Mukhammad al-Horazmy 
The concept of information security management defines system of 
provisions in the problems of regulation and coordination information security 
management in the tax service, as well as in the interaction of tax authorities 
with the public authorities and in the process of providing services.
Information security management process in the tax service of the 
Uzbekistan is regulated by a variety of legal and regulatory documents 
representing a complex hierarchical system organizational and administrative 
documents.
Information security management system concept defines ways to achieve 
the required level of management information security in the course of the 
activities of the Tax Service of Uzbekistan. The purpose of identifying 
information security threats is determination of the possibility of violation of the 
basic properties of information in work process. The process of identifying and 
defining threats to information security should be regular and systematic, and 
should be carried out not only at the stage of creating a system information 
security, but also at the operational stage. Necessary establish a process of 
timely detection and neutralization of threats information security, which could 
prevent possible damage. 
1. Expert method. 
Assessment of possible security threats is carried out by formation of an 
expert group that analyzes vulnerabilities. Thanks to the qualitative formation of 
an expert group, it is possible to reduce the level of subjectivity in assessing 
threats. Composition of the expert group is formed in accordance with the 

Новые этапы развития альтернативных источников энергии и телекоммуникационных технологий
Международная научно-техническая конференция «Практическое применение технических и 
цифровых технологий и их инновационных решений», ТАТУФФ, Фергана, 4 мая 2023 г. 
106
questions posed in the field information security and cannot be less than three 
humans. Also, this method is characterized by low material costs, because the 
experts involved are employees of the service. Despite the advantages of this 
method, this method can be attributed also a number of significant 
shortcomings. First of all, it is human factor that implies a certain level of 
subjectivity that may lead to overestimation or underestimation of forecasts by 
experts and assumptions in the process of identifying threats to information 
security. It should be noted that the composition of the expert group cannot 
make up employees who are directly subordinate, since this may increase the 
likelihood of a dependent estimate. Also, experts should not have a personal, 
commercial or other interest in deciding that is also difficult to define.
2. Systematic method. 
A systematic method for identifying threats to information security 
involves a continuous process aimed at identification and definition of threats, 
subsequent identification of the source threats and assessment of possible 
damage in the event of a threat. On regular review and reassessment of threats to 
information security. Providing automated monitoring can carried out both by 
the management of the tax authorities and specialized department for 
information security. Monitoring and control of personnel actions also applies to 
systematic method of identifying threats. Attempted unauthorized access of an 
employee of one level or another to confidential information will be recorded in 
the system of the Republic Information Resource, after which the process of 
identifying this violation will follow. 
During the operation of the information system, the corresponding the 
employee has the ability to change its basic configuration in such a way in a 
manner to ensure reprioritization of significance processed information in 
accordance with the emergence of new threats or new legal requirements. Need 
for reassessment information security threats also appear in cases of change the 
composition of the main components of the information system that could 
provoke the emergence of new vulnerabilities, new information about possible 
offenders and identifying vulnerabilities. 

Muqobil energiya manbaalari va telekommunikatsiya texnologiyalarini rivojlantirishing yangi bosqichilari 
Международная научно-техническая конференция «Практическое применение технических и 
цифровых технологий и их инновационных решений», ТАТУФФ, Фергана, 4 мая 2023 г. 
107
Information security threat identification process involves systematic 
identification of sources of threats, assessment opportunities and, based on this, 
the identification of current threats information security. To identify threats 
information security in the information system of the Tax Service is necessary 
identify the following criteria: 
- type and potential of violators who can carry out information security 
threat; 
- ways to implement threats; 
- Vulnerabilities that can be exploited to violations, including program 
bookmarks; 
- objects of influence to which the threat is directed. 
- consequences of the implementation of threats to information security. 

Download 6,64 Mb.