CC BY
165
Section 7. Information Technology
Normatov Sherbek, Ph D., student, Tashkent University of Information Technologies named after Muhammad al-Khwarizmi Tashkent, Uzbekistan E-mail: shb.normatov@gmail.com
SYSTEM APPROACH TO THE PROBLEM OF PROTECTION SCIENTIFIC AND EDUCATIONAL INFORMATION RESOURCES
Abstract: The purpose of this article is to develop a method for identifying and evaluating of scientific and educational information resources on the basis of a systematic approach to the problem of ensuring the security of library information resources. The results show that the degree of importance of information is a decisive factor when choosing measures to ensure its security.
Keywords Digital library, security, protection, system approach, identification and valuing of information.
Introduction. The formation and use of scientific and educational information (SEI) is important not only for science, education, but also for the economy and business, as well as society as a whole. Informational scientific and educational resources - separate documents and separate arrays of documents, in information and library and archival institutions (libraries, archives, funds, data banks, other information systems) of value for science and education. These are, basically, licensed electronic information resources of libraries, patents for inventions, scientific and educational databases, etc.
The development of ICT has led to the activation of the use of electronic sources of information and this trend is increasingly growing. This is facilitated by the availability of information exchange at a distance, a sharp increase in the speed of their data retrieval, storage of processing a large amount of information. But these opportunities also gave rise to problems such as the security of library resources, the protection of users' personal information [5]. Increasing the volume and value of the SEI leads to increased threats of unauthorized access. And this, in turn, requires the creation of reliable means of protecting the sources of the SEI.
As is known, information resources are available both for open access and for limited use, including paid sources. Such resources must be protected from unauthorized access, that is, it is necessary to ensure their confidentiality. Even ifthe information is free, you still need to ensure its integrity. In addition, some resources may not be intended for all users, but for individual user groups. Breach of information security can lead to a breach
of the integrity of the stored data, which in turn can lead to a relaxation of trust in the owners, founders, employees of institutions that own sources and economic losses [1].
Below is an approach to solving the problem of ensuring the safety of an SEI based on a systematic approach, taking into account the multitude of factors that affect not only access to data but also the cost of the source of the SEI.
The SEI security problem. Let's consider a number of tasks that are directly related to the SEI security problem: a) identification of the problem of ensuring the security of the SEI and assessing its relevance; b) formulating a common goal and objectives of the system for protecting the SEI; c) identification and evaluation of the SEI in terms of information security.
The above tasks require the creation of information security systems in libraries. This system may be subject to general requirements ensuring the supply and permanent preservation of the following properties of library information:
a) providing legal users with free use of library resources;
b) the integrity and accessibility of library information resources reproduced in information systems, stored, and sent through communication channels; c) confidentiality of information; e) inviolability of personal documents.
Most libraries are often not ready to manage computer networks and new technologies, they should be well informed about information security. Nowadays, libraries in using their private system, should provide for measures to convince clients of the inviolability of their privacy and personal information
security. To the security of information, considering the large number of users, there are also a number of requirements, each class of users has their own different security measures [2].
Protection objects. To obtain permission to use multiple library services, visitors must create their own registration records, they must include the address, telephone numbers and other personal data. This further increases the security requirements [3]. In this case, it is appropriate to mention all protected objects in the library. Library system includes such total assets as a database, Web sites, devices, and software to manage administrators [7]. Nowadays, many libraries organize the interactive services carried out for a fee [4].
The tangible and intangible types of security objects of libraries in general form can be divided as shown in (Table 1).
Table 1. - Types of protected objects of libraries
Protection objects
Tangible Intangible
Equipment, servers and network devices, information carriers and means of protection. Electronic resources of libraries, personal data, software, reputation, knowledge and skill.
Modeling is an effective tool at the design and improvement stages in the study of information security systems. The success of creating security systems depends on the optimality
Table 2. - Model of
The effective ensuring of information security for the SEI depends to a large extent on the choice of protective equipment and the methods of the corresponding price of information resources. Currently, there are many ways and means ofprotecting information. But the task of measuring prices, SEI in terms of information security, remains a little studied area. Evaluation of information resources in terms of security gives the information
of the model. To build the optimal model, information about the protection object is required.
The proposed structural verbal model of the protection object includes objects of protection of four types: information assets, hardware, software and network devices. The model proposes structuring the resources of the protection object of each type.
So, the protection object model can be presented in the form of the table 2. In the mode column of using information assets, users who have access to the assets (F) and their login rights (R), as well as the asset use time (t), are indicated. The initial value column is populated with the initial costs for developing and assigning assets. Assets need to be classified by confidentiality, integrity, accessibility and by the degree of other qualities. The grouping of similar and related assets facilitates the assessment process.
Using the proposed approach, can build a model of a particular security object. Evaluation of the sei in terms of information security. Until now, a number of researches on the evaluation of information assets have been carried out. Nicole Laskowski (2014) gives six ways to assess the information assets, these methods are divided into economic and non-economic categories [8]. In this article we will consider the issue of SEI assessment in terms of non-economic information security.
protection objects
owner the opportunity to pay much attention to tasks related to its protection, allocation of funds or to save costs.
The difficulty of assessing information is that it is considered an unphysical, intangible asset. Information can be evaluated in terms of quantity and quality. It is necessary to distinguish the difference between the cost of information and price. The actual value of information is determined on the
№ Type of assets
1 Inf ormation resources
Elements of assets Asset name Type Registration time Using Basic cost
1.1 Resource name 1 Articles F1 (R1, R2, t1)
2 Hardware
Elements of assets Asset name Level of physical use Place of installation Vulnerability Basic cost
2.1 Computer L1 Employee Workplace The weakness of physical protection
3 Software
Elements of assets Asset name Level of confidentiality Using Place of installation Basic cost
3.1 System software Very high F3 (R4, R5,) In the server
4 Network equipment
Elements of assets Asset name Supportive technologies Level of ensuring integrity Place of installation Basic cost
4.1 Router Gigabit Ethernet Very high Inside the building
basis of the costs of its acquisition, creation and maintenance. And the price of an asset is determined by its importance for the owner, authorized and unauthorized users.
Also to need confirm that the price of information is dynamic. That is, its price over time can vary. Usually there is a reduction in the price of information over time. In fact, if no one uses information, it is nothing. The exchange of information raises its price. That is, the more people use information, the more its economic profit may increase. But the increase in the number of copies of information, its price does not increase (may increase costs). Because it does not create "new" information [6]. It should also be emphasized that from "outdated" information there is only no benefit, but one can get a loss from its preservation. This means that enterprises, if they want to preserve their prestige before users and society, they must correctly manage the prices of stored information or services.
Table 3. - Verbal model identifying, structuring
The price of information depends not only on the party that represents it, but also on the side that accepts it. Information can be of great value, but if it is of poor quality or users have low information literacy, then the price of information will be low.
In the proposed SEI estimation model, a, /3,Y scale on the confidentiality, integrity and availability of the information resource are introduced first. Also taken into account are indicators such as the Basic cost (BC) consisting of acquisition or production costs, reproduction, preservation of the information resource and the Access activity (AA) of use of information in the time interval T. Proceeding from the foregoing, the cognitive model identifying, structuring and determining the degree of importance of SEI can be described in the (Table 3).
and determining the degree of importance of SEI
Type of resource
Name of resource BC CS IS AS AA
Scientific information
Monograph A B1 Y1
Monograph 1 a1 ß Y/ u\
Monograph l1 cl d\ ß Y1
Scientific paper A2 B2 Y2
Scientific paper 1 Cl2 a2 ß2 Y2 u2
Scientific paper l2 < al ß y2 ul
Educational information
Textbook A4 B4 Y4
Textbook 1 Cl4 „4 a1 ß4 Y14 u4
Lecture note A5 B5 Y5
Lecture note 1 Cl5 „5 a1 ß5 u 5
< al i6 ß Y uf l6
License documents
Invention A7 B7 Y7
A n B n Y n
cn n a. ßnn Yn un
cj - basic coast (BC), acquisition or production costs of information;
a1- , |l, a - confidentiality scale (CS), here 1 < a< a * ; P]t,[l,P*\ - integrity scale (IS), here 1 < (( < ft*; y\ ,[l,/*] - accessibility scale (AS), here 1 <y'. <y*; uj. - activity of using ^U) i = (l...n, j = 1...l; );
Ai, Bi, Yi are the expert coefficients on the confidentiality, integrity and availability of the information resource of the i type, in the interval [0.1].
x1,..., x¡l, x¡l+l,..., xln - types of resources. xi (i = 1...ln )
n
Then the number of all resources is equal to ^^.
i=1
The level of importance of the information is:
LI) = (i = 1...n, j = 14)
Then the security price of type resource (Security Price), is calculated by the following formula:
SLL ■ cl ■ ul .
SP ' T ((=!...«)
Most of the information does not have a high level of confidentiality. For example, electronic catalogs do not require confidentiality, but integrity and accessibility of information. But at the same time there are data with high confidentiality, such as paid resources or personal data of the user. Based on the above, can be estimate the cost of resources of a certain type or a particular department.
Conclusion. Thus, the result of the analysis of the issue of ensuring the information security of scientific and educational resources shows worthy of the significance of these data and requires protection from unauthorized access. The
article, based on the system analysis, justifies the relevance of the problem of ensuring the security of the SEI and the reasons for its origin. Existing studies show that the SEI can be viewed as information asset, and to ensure their confidentiality, integrity, and accessibility. To do this, it is first necessary to identify, classify and assessment in terms of security. Here, the degree of influence on the price of information, not only such as the initial costs of information associated with its acquisition or reproduction, the costs associated with its preservation, but also the number of access for information in a certain time period. Here can be see that the price of information value has a dynamic character. Estimation of information resources in term of security can be applied not only when making decisions on adequate means of protection, but also when comparing information in terms of importance and in the long-term planning of business processes.
References:
1. Edward Fox and Noha ElSherbiny. "Security and Digital Libraries, Digital Libraries - Methods and Applications", Dr. Kuo Hung Huang (Ed.),- 2011. ISBN: 978-953-307-203-6, In Tech, Available from: URL: http://www.intechopen.com/ books/digital-libraries-methods-and-applications/security-and-digital-libraries
2. Ismail R., and Zainab A. "Information systems security in special and public libraries: an assessment of status". Malaysian Journal of Library & Information Science,- 2011.- Vol. 16.- No. 2.- P. 45-62. Permanent link to this document: URL: http://eprints.rclis.org/18216/
3. Thompson S. "Helping the hacker? Library information, security and social engineering", Information Technology and Libraries,- Vol. 25.- No. 4.- 2006.- P. 222-5.
4. Rodionova Z. V and Bobrov L. K. "Protection of the Information Resources of a Library Based on Analysis of Business Processes". Scientific and Technical Information Processing,- 2016.- Vol. 43.- No. 1.- P. 20-27.
5. Joanne Kuzma. "European digital libraries: web security vulnerabilities", Library Hi Tech,- Vol. 28.- Iss 3.- 2010.- P. 402-413. Permanent link to this document: URL: http://www.emeraldinsight.com/0737-8831.htm
6. Daniel M., and Peter W. "Measuring the Value of Information - An Asset Valuation Approach". European Conference on Information Systems (ECIS'99) - 1999.
7. Nikolayevna F. M., Mikhaylovich I. E. Obespecheniye informatsionnoy bezopasnosti elektronnoy biblioteki. KOHTEHTyC,- 2016.- 6(42). Permanent link to this document: URL: http://elibrary.ru/item.asp?id=27179429 (accessed 17 February 2018).
8. Nicole Laskowski. May - 2014. Six ways to measure the value ofyour information assets. URL: http://searchcio.techtarget. com/feature/Six-ways-to-measure-the-value-of-your-information-assets (accessed 11 November 2018).
