Used literature
1. GOST R 50922-96 “Information security. Basic terms and
definitions"
2. Streltsov A.A. The content of the concept of "providing information
security” // Information Society No. 4. P.12 2015
3. International scientific journal "Symbol of Science" No. 10/2018 -
[Electronic resource]. – https://os- Uzbekistan.com/sn (accessed
20.04.2020);
4. Dashyan M.S. Information Highway Law – Law of Information
Highways: issues of legal regulation in the field of the Internet. M.:
VoltersKluver,
20171963
-
[Electronic
resource].
-
http://www.telecomlaw.ru/monograph/Dashyan.pdf
(accessed
04/28/2020);
OVERVIEW OF CURRENT THREATS TO INFORMATION SECURITY
ON ENTERPRISE
T.M.Okhunov, K.Z.Muminov
Fergana branch, Tashkent University of Information Technologies named after
Muhammad al-Khorazmi
An array of information that is processed in the information the
telecommunications system of the Tax Service of Uzbekistan provides a
potential ability to identify security threats, which in turn can be caused by
Новые этапы развития альтернативных источников энергии и телекоммуникационных технологий
Международная научно-техническая конференция «Практическое применение технических и
цифровых технологий и их инновационных решений», ТАТУФФ, Фергана, 4 мая 2023 г.
108
phenomena, processes or actions, provoking damage to the Tax Service of
Uzbekistan.
For objects of informatization of the Tax Service, relevant and basic
sources of external anthropogenic threats to information security are:
- technical intelligence of foreign origin, aimed at information containing
state secrets and on the key information infrastructure system above third level;
- attackers who deliberately the impact of a destructive nature on
information resources;
- criminal and terrorist elements;
- contractors performing installation and commissioning works technical
equipment of information systems of the Tax Service;
- suppliers of software and hardware and services.
The main sources of internal anthropogenic threats are:
- employees of the Tax Service acting outside the regulated powers that
carry the deliberate nature of threats;
- employees of the Tax Service acting within the framework of regulated
powers that carry the unintentional nature of threats.
The main man-made sources of threats include adverse man-made events,
including accidents at means of telecommunication infrastructure, on means
engineering communications, equipment failures and failures. For FTS objects,
the actual vulnerabilities are:
- mistakes made in the process of designing objects informatization of tax
authorities
and
telecommunications
infrastructure,
including
physical
deterioration of equipment, relatively short period of time hardware and
software failure;
- insufficient technical strength and insufficient the level of organization
of the system of protection of tax authorities, including violations of the
operation of technical means, such as: life support and energy supply;
Muqobil energiya manbaalari va telekommunikatsiya texnologiyalarini rivojlantirishing yangi bosqichilari
Международная научно-техническая конференция «Практическое применение технических и
цифровых технологий и их инновационных решений», ТАТУФФ, Фергана, 4 мая 2023 г.
109
- features of employees of the moral and physical plan, which may be
prerequisites for criminal or terrorism, which include:
dissatisfaction with position, dissatisfaction with actions leadership, the
psychological incompatibility of some employees, psychosomatic and physical
condition;
- software susceptibility to viruses and malware;
- the possibility of unauthorized modification of software calls, code, use
of the programming environment automated information system;
- vulnerabilities of SIS (information protection systems);
- inappropriate configuration of the software provision with a regulatory
legal framework, including means of information protection, their
uncontrollability changes, undeclared actions of employees when software
equipment management;
- incomplete regulation of the responsibility of interaction in contracts
with contractors;
- discrepancy between the activity and the current state of the object
protection, lack of appropriate control over the execution employees of the Tax
Service of Uzbekistan of the regulations of activities, including installation of
third-party software, violation regulations in the process of information
exchange, destruction industrial waste and information carriers. Based on the
considered sources and vulnerabilities of the Tax Service of Uzbekistan in in a
broader sense, it is possible to form a more specific list threat. The number of
such threats for the Tax Service of Uzbekistan is more than 200 units, therefore,
we will consider the most relevant ones, using the method of identifying threats
described in the previous section, taking into account the possibility and
probability of implementation, relevance, level of initial security of the IT
infrastructure, indicated by the coefficient Y1. degree of initial security is
defined using seven technical and performance indicators of system
characteristics, for each of which have several possible values. From these
Новые этапы развития альтернативных источников энергии и телекоммуникационных технологий
Международная научно-техническая конференция «Практическое применение технических и
цифровых технологий и их инновационных решений», ТАТУФФ, Фергана, 4 мая 2023 г.
110
values, with queue, you must choose one that is more suitable for the rest
operating information system. Selected value equivalent to a certain level of
security: low, medium or tall. Table 2 presents the threats with the highest-level
relevance and high level of possible implementation.
|
