Персона:
Милославская, Наталья Георгиевна

Организационные подразделения

Организационная единица

Институт интеллектуальных кибернетических систем

Цель ИИКС и стратегия развития - это подготовка кадров, способных противостоять современным угрозам и вызовам, обладающих знаниями и компетенциями в области кибернетики, информационной и финансовой безопасности для решения задач разработки базового программного обеспечения, повышения защищенности критически важных информационных систем и противодействия отмыванию денег, полученных преступным путем, и финансированию терроризма.

Фамилия

Милославская

Имя

Наталья Георгиевна

Полная страница элемента

Результаты поиска

Теперь показываю 1 - 10 из 35

Только метаданные
On the assessment of compliance with the requirements of regulatory documents to ensure information security
(2020) Tolstaya, S.; Miloslavskaya, N.; Милославская, Наталья Георгиевна
© The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Switzerland AG 2020.Examples of different types of assessments are all around us, providing our assurance that the goods we use won’t harm us, that the system components will work correctly, that services are being delivered consistently, that manufacturers are effectively managing the impact of their activities on health, safety, and the environment, etc. One of the essential forms of assessment is a compliance assessment designed to check how the requirements of regulatory documents to ensure information security (IS) are fulfilled or not on the assessment object, for example, a product, process, system, or service. This short paper discusses work-in-progress results as a part of research aimed at determining the ways of possible improvement, unification and greater formalization of an objective assessment of compliance with the mandatory requirements of regulatory documents on ensuring IS for the selected assessment objects based on the development of recommendations for applying a risk-based approach.
Только метаданные
IoTBlockSIEM for information security incident management in the internet of things ecosystem
(2020) Miloslavskaya, N.; Tolstoy, A.; Милославская, Наталья Георгиевна; Толстой, Александр Иванович
The Internet unfolded enormous opportunities to the modern computing world where not only humans but also computers and machines, as well as any tiny sensing devices, can communicate and collaborate. The Internet of Things (IoT) is still a new concept in its early stages after 20 years of successful usage in various application domains. Nowadays, the "Internet of Things Ecosystem" term is being used more often that emphasizes its complex internal structure and functionality. Based on the available standards on the IoT's generalized architecture and reference model, the IoT ecosystem is presented as a security object to be protected. Numerous security controls, collecting raw data for complex and multi-stage processing and further detection of events related to information security (IS), are located on its layers. The IS incident management process with different routine actions for the IoT ecosystems needs automation, for which Security Information and Event Management (SIEM) systems are the best applicable solutions. But modern challenges require modifying two previously known generations of these systems, especially for the IoT ecosystems. A new blockchain-based system called the IoTBlockSIEM is proposed to solve this problem. An example of constructing transactions in the IoTBlockSIEM for the case of its use in managing IS incidents in the IoT ecosystem is provided. Further research concludes the article.
Только метаданные
Designing Competency Models for Cybersecurity Professionals for the Banking Sector
(2020) Vybornov, A.; Miloslavskaya, N.; Tolstoy, A.; Милославская, Наталья Георгиевна; Толстой, Александр Иванович
© 2020, IFIP International Federation for Information Processing.The research results for the main stages of designing competency models (CMs) for cybersecurity (CS) professionals are presented. A strategy for designing such models was formulated. The CS-related terminology and conceptual framework were clarified. Areas, objects, and types of professional activity (PA) as a whole for CS professionals and the banking sector, in particular, were determined. It is proposed to use the role and process models to determine the tasks that employees of banking organizations should solve. The practical issues of developing CMs, which allowed to determine the order of their development and the typical structure, as well as to formulate recommendations on the content of a specific CM, are considered.
Только метаданные
New SIEM system for the internet of things
(2019) Miloslavskaya, N.; Tolstoy, A.; Милославская, Наталья Георгиевна; Толстой, Александр Иванович
© Springer Nature Switzerland AG 2019. Based on the available standards, the generalized architecture and the reference model of the IoT as a security object to be protected are presented. On the IoT layers, different security controls collecting data for further detection of security-related events are located. The security incident management process for the IoT needs automation, for which Security Information and Event Management (SIEM) systems are the best applicable solutions. But modern challenges dictate the need to modify these systems for the IoT. A new blockchain-based SIEM system for the IoT is proposed.
Только метаданные
Andragogy as a Scientific Basis for Training Professionals in Information Security
(2019) Tolstoy, A.; Miloslavskaya, N.; Толстой, Александр Иванович; Милославская, Наталья Георгиевна
© 2019, IFIP International Federation for Information Processing.The paper presents the results of research on the use of the basic provisions of andragogy to improve modern systems of training professionals in a particular professional field (information security). To do this, the characteristics of such systems were determined, the classification of trainees according to the criteria of adulthood was carried out, the possibilities of applying the basic provisions of andragogy to the object (an educational system) and the subject (processes, methods, and technologies of training) of research in the selected area were considered.
Только метаданные
Standardization issues for the internet of things
(2019) Miloslavskaya, N.; Nikiforov, A.; Plaksiy, K.; Tolstoy, A.; Милославская, Наталья Георгиевна; Никифоров, Андрей Александрович; Плаксий, Кирилл Валерьевич; Толстой, Александр Иванович
© Springer Nature Switzerland AG 2019. The development of the Internet of Things (IoT) entails the emergence of new security threats and risks. The daily promotion of using more devices in more areas of life requires the development of new security standards. Interactions with and within the IoT have to be regulated by the documents of leading international organizations. At the same time, the problems of ensuring IoT security are not yet fully worked out because of the constantly expanding methods, tools, and devices involved in these processes. The paper discusses existing standards in the field of IoT’s information security (IS). This research is focused on how the IS issues are addressed in these standards. An assumption on the significance and prospects of the progress in this field is made on the basis of the analysis performed.
Только метаданные
Blockchain and Its Security: Ignore or Insert into Academic Training?
(2019) Miloslavskaya, N.; Tolstoy, A.; Милославская, Наталья Георгиевна; Толстой, Александр Иванович
© 2019, IFIP International Federation for Information Processing.At present, the blockchain technologies (BCT) cause a serious burst of interest of young people in the first place. Not to meet the rising demand and not to pay attention to the BCT during the training means not to be modern. Any educational institution, which doesn’t offer courses in the BCT, is going to be left behind as a non-competitive. The paper analyzes a state of the current training in the BCT worldwide, paying special attention to security issues. It also lists standards and books, which can support this training. On these bases, the desired competencies after mastering a full-time BCT course and an exemplary structure of this course are proposed.
Только метаданные
Applying graph theory to detect cases of money laundering and terrorism financing
(2019) Miloslavskaya, N. G.; Nikiforov, A.; Plaksiy, K.; Tolstoy, A.; Милославская, Наталья Георгиевна; Никифоров, Андрей Александрович; Плаксий, Кирилл Валерьевич; Толстой, Александр Иванович
© 2020, IGI Global.A technique to automate the generation of criminal cases for money laundering and financing of terrorism (ML/FT) based on typologies is proposed. That will help an automated system from making a decision about the exact coincidence when comparing the case objects and their links with those in the typologies. Several types of subgraph changes (mutations) are examined. The main goal to apply these mutations is to consider other possible ML/FT variants that do not correspond explicitly to the typologies but have a similar scenario. Visualization methods like the graph theory are used to order perception of data and to reduce its volumes. This work also uses the foundations of information and financial security. The research demonstrates possibilities of applying the graph theory and big data tools in investigating information security incidents. A program has been written to verify the technique proposed. It was tested on case graphs built on the typologies under consideration.
Только метаданные
Network Security Intelligence Centres for Information Security Incident Management
(2021) Furnell, S.; Miloslavskaya, N.; Милославская, Наталья Георгиевна
© 2021, The Author(s), under exclusive license to Springer Nature Switzerland AG.Intensive IT development is driving current information security (IS) trends and require sophisticated structures and adequate approached to manage IS for different businesses. The wide range of threats is constantly growing in modern intranets; they have become not only numerous and diverse but also more disruptive. In such circumstances, organizations realize that IS incidents’ timely detection and prevention in the future (what is more important) are not only possible but imperative. Any delay leaves only reactive actions to IS incidents, putting assets at risk as a result. A properly designed IS incident management system (ISIMS), operating as an integral part of the whole organization’s governance system, reduces IS incidents’ number and limits damage caused by them. To maximally automate IS incident management (ISIM) within one organization and to deepen its knowledge of IS level, this research proposes to unite together all advantages of a Security Intelligence Centre (SIC) and a Network Operations Centre (NOC) with their unique and joint toolkits and techniques in a unified Network SIC (NSIC). This paper presents the research, which is focused upon the designing and evaluating the concept of NSICs, and represents a novel advancement beyond existing concepts of security and network operations centres in current security monitoring scenarios. Key contributions are made in relation to underlying taxonomies of threats and attacks, leading to the requirements for NSICs, the related design, and then evaluation in a practical context and the implications arising from this (e.g. training requirements).
Только метаданные
Cyber Polygon Site Project in the Framework of the MEPhI Network Security Intelligence Center
(2021) Miloslavskaya, N.; Tolstoy, A.; Милославская, Наталья Георгиевна; Толстой, Александр Иванович
© 2021, The Author(s), under exclusive license to Springer Nature Switzerland AG.At present, the market for information protection tools (IPTs) is much wider than a couple of years ago. But not only technology protects and carries a threat. People are still at the forefront as the most common cause of errors is the lack of experience and low competency. The only right solution is the creation of cyber polygons as specially equipped and controlled network infrastructures for developing practical skills to combat information security (IS) threats. The National Research Nuclear University MEPhI (Moscow Engineering Physics Institute) could not remain aloof from this process as the leading institute for IS training in Russia. Therefore, it was decided to create such a cyber polygon within the framework of the educational and research Network Security Intelligence Center (NSIC) for intelligent network security management established at the MEPhI Institute of Cyber Intelligence Systems in 2016. The paper describes the first results achieved in making this project a reality. It introduces the “Cyber Polygon” term, briefly analyzes a state of the current cyber polygons development worldwide, and introduces the MEPhI Cyber Polygon objectives and provision to be used within the framework of the “Business Continuity and Information Security Maintenance” Master’s degree programme. Further activities in its development conclude the paper.