Model of the Protected Information Infrastructure for Assessing the Level of Information Security

Model of the Protected Information Infrastructure for Assessing the Level of Information Security

연구 분야: Safety

학회: 2025 International Russian Smart Industry Conference (SmartIndustryCon)

As the number of information infrastructure objects and security measures increases, the likelihood of incorrect security level assessment also rises, leading to a higher risk of successful cyberattacks. The key challenges affecting assessment accuracy include data fragmentation across different security monitoring systems, data inconsistency or loss during integration, and difficulties in aggregating heterogeneous data over time. This paper proposes an ontological approach to modeling the protected information infrastructure, providing a formalized and structured description of internal security indicators. The developed ontology enables the representation of infrastructure components, their interrelations, security measures, and associated evidence and artifacts, such as vulnerability reports and event logs. The use of a knowledge graph allows for semantic analysis, identification of security control gaps, and risk assessment of vulnerabilities affecting critical components.