Research of the Training Ground for the Protection of Critical Information Resources by iRisk Method

Abstract

In this article, the research of information system protection by analyzing the risks for identifying threats for information security is considered. The iRisk methodology was chosen for testing, which includes another CVSS v3 vulnerability assessment method, which is actively supported by the National Institute of Standards and Technology. The computer network was tested against the following vulnerabilities: Cisco IOS Arbitrary Command Execution Vulnerability (CVE-2012-0384), Cisco Access Control Bypass Vulnerability (CVE-2012-1342), EternalBlue (CVE-2017-0144), Meltdown (CVE-2017-5754), Specter (CVE-2017-5753) (CVE-2017-5715). Conclusions are made regarding the stability of the built network to specific threats using iRisk. The higher the value of iRisk, the more critical the vulnerability and has a greater priority to protect the computer network. The most critical vulnerability is EternalBlue.