Abstract: The dynamic development of IT - the industry, increasing the automation and technicality of business processes, the growth of the number of enterprise companies implementing cloud infrastructure, as well as widespread digitalization, creates a favorable environment for scaling hacker attacks in the field of cybersecurity. At the same time, the vectors of targeted attacks are: social engineering, unskilled users of digital services, the operation of vulnerabilities of basic systems and related infrastructure. Issues of timely response, localization and detection of cyber-incidents were urgent, requiring time and financial costs. To minimize the risk of loss of critical assets of the company, it is necessary to build effective organizational and technical measures, continuous adaptation to the threat landscape and changes in the protection object. Measures to prevent intrusions into the protected system directly depend on the accuracy of identifying vulnerabilities, the introduction of new monitoring and countermeasures. The present study discusses a method for assessing the security of cyberphysical systems based on an oriented attack graph. The authors propose an algorithm for determining sequences of vertices, finding the maximum number of transitions and identifying possible connections between them. Security metrics and attack vectors are described, five groups of hazard categories for new and existing vulnerabilities are defined in accordance with the current version of CVSS 3.1. The risk of potential loss of information assets in case of fatal threats to information security was assessed. Special attention is paid to improvement of systems of monitoring and detection of intrusions into protected objects of informatization.
Index terms: intrusion graph, information security, cybersecurity, cybersystem, critical asset, vulnerability assessment.

Contacts

Russia, 659305, Altai region, Biysk,
Trofimova Street, 27, room 404B
Tel. + 7-923-162-93-27
(executive secretary -
Golykh Roman Nikolayevich)
e-mail: info@s-sibsb.ru

The certificate