Abstract and keywords
Abstract:
The article discusses the problem of static inventory of IT assets of educational organizations, which does not take into account the dynamics of vulnerabilities and the changing landscape of cyber threats. A dynamic model of the vulnerability flow in the lifecycle of university IT assets based on the Cyber Threat Intelligence (CTI) approach is proposed. The model integrates the inventory database (CMDB) with external threat sources (CVE, OSINT) and internal monitoring tools (vulnerability scanners, SIEM), providing an automated calculation of the "current risk level" attribute for each asset. The architecture of data flows, a mathematical model of risk assessment based on CVSS metrics and asset criticality, as well as a mechanism for prioritizing measures to eliminate vulnerabilities are presented. It is shown that the proposed approach transforms the asset accounting system into a proactive security management tool and forms the basis of DevSecOps practices in an educational organization.

Keywords:
information security, Cyber Threat Intelligence, CMDB, CVE, vulnerability management, DevSecOps, risk assessment
References

1. Formalizaciya verifikacii topologii i elektricheskoy shemy dlya sistem avtomatizirovannogo proektirovaniya / T. V. Skvorcova, K. V. Zol'nikov, A. M. Plotnikov, I. V. Skorkin // Modelirovanie sistem i processov. – 2024. – T. 17, № 3. – S. 61-70. – DOIhttps://doi.org/10.12737/2219-0767-2024-59-68. – EDN DUYQHJ.

2. Scheglov, K. A. Ekspluatacionnaya bezopasnost'. Modelirovanie realizacii ugroz atak potencial'nym narushitelem / K. A. Scheglov, A. Yu. Scheglov // Informacionnye tehnologii. – 2017. – T. 23, № 1. – S. 34-41. – EDN VHTIPV.

3. Valeeva, S. R. Ispol'zovanie metodologiy strukturnogo analiza dlya ocenki uyazvimostey informacionnoy sistemy ucheta platnyh dopolnitel'nyh obrazovatel'nyh uslug / S. R. Valeeva // Informacionnye tehnologii v nauke, biznese i obrazovanii : sbornik trudov XI Mezhdunarodnoy nauchno-prakticheskoy konferencii studentov, aspirantov i molodyh uchenyh, Moskva, 28–29 noyabrya 2019 goda. – Moskva: Moskovskiy gosudarstvennyy lingvisticheskiy universitet, 2020. – S. 41-46. – EDN VIXWHV.

4. Volkov, N. E. Model' zaschity informacii v hode deyatel'nosti uchebnogo otdela obrazovatel'noy organizacii / N. E. Volkov, F. O. Fedin // Sovremennaya Rossiyskaya nauka: aktual'nye voprosy, dostizheniya i innovacii : sbornik statey VII Vserossiyskoy nauchno-prakticheskoy konferencii, Penza, 15 marta 2024 goda. – Penza: Nauka i Prosveschenie (IP Gulyaev G.Yu.), 2024. – S. 33-35. – EDN CCHQTT.

Login or Create
* Forgot password?