Information Technology of Risk Assessment for Automated Control Systems of Printing Production

Abstract

The article considers construction methods of risk assessment information technology for automated control systems of printing production (ACSPP) on the basis of detection of threats and vulnerabilities of the company assets. It is substantiated that ACSPP is one of the production assets and the risk assessment problems in the security system are reduced to determining ACSPP threats and vulnerabilities levels and countermeasures to counter possible attacks on production. In addition to the above-mentioned ACAPP security problems related to the threats and vulnerabilities inherent in most IS, a number of organizational and psychological issues should also be noted. In particular, weak awareness of the information importance and its protection by the management staff and employees of printing companies. Accordingly, the management staff is reluctant to invest in information protection and make any organizational decisions on this issue, and the employees show misunderstanding and failure to take most protection measures, which leads to negligence, and then complete disregard for protection measures. This attitude to the information security can cause significant losses to the company, which will be simply disproportionate to the cost of information security in their values. Another important problem is the imperfection of Ukrainian legislation in the information protection area and almost complete absence of domestic standards in this area. In order to achieve the required level of ACSPP protection, it is necessary to reduce the risks level to an acceptable one or eliminate the risks altogether. This can be achieved by reducing the criticality, probability and/or frequency of threats.