Кафедра безпеки інформаційних технологій (БІТ)
Постійний URI для цієї колекції
Перегляд
Перегляд Кафедра безпеки інформаційних технологій (БІТ) за темою "CVSS"
Зараз показано 1 - 2 з 2
Результатів на сторінку
Варіанти сортування
Публікація Використання системи cvss для відображення впливу вразливостей на ФПБ(ХНУРЕ, 2020) Поддубний, В. О.The purpose of this work is to propose a model of the relationship between vulnerabilities and security services implemented in the information and telecommunications system. Such a model would allow to evaluate the impact of each of the vulnerable situations on each of the security services implemented in the information and telecommunication systems with a comprehensive information security system. This is model is needed to assess the risks to existing systems and to mitigate the transition to international standards. Alternatively, it is suggested to use an existing Common Vulnerability Scoring System model, which is quite сommon. The works presents the advantages this system and usability for security task. In the work are considered basic principles of system operation. In conclusion, CVSS is a fairly flexible widespread system and suitable for further work.Публікація Вплив вразливостей на функціональні послуги безпеки КСЗІ(ХНУРЕ, 2019) Поддубний, В. О.; Заболотний, В. І.; Бойко, А. О.While creating IT system, it is not impossible to make mistakes, sometimes they can be almost useless, but some of them can be used to attack the software or the system. An exploit is a piece of software, a chunk of data, or a sequence of commands that takes advantage of a bug or vulnerability to cause unintended or unanticipated behavior to occur on computer software, hardware. Such behavior frequently includes things like gaining control of a computer system, allowing privilege escalation, or a denial-of-service (DoS or related DDoS) attack. Nowadays there are several standards of information security management, such as ISO ISO/IEC 27000 series standards. The purpose of this work is to offer a model of the relationship between vulnerabilities and security services implemented in information and telecommunication systems. Such a system would allow assessing the impact of each of the vulnerabilities on each of the security services implemented in information and telecommunication systems with a comprehensive information security system. Such a model is needed to assess the risks to existing systems and to mitigate the transition to international standards.