Risk factor analysis of an example of an incident with global routing registry software
When designing and developing software systems of any complexity, project risk management is important and necessary. Every software development project contains elements of uncertainty known as a project risk. The success of a software development project depends on the amount of risk that correspo...
Gespeichert in:
| Datum: | 2020 |
|---|---|
| 1. Verfasser: | |
| Format: | Artikel |
| Sprache: | Ukrainisch |
| Veröffentlicht: |
Інститут проблем реєстрації інформації НАН України
2020
|
| Schlagworte: | |
| Online Zugang: | http://drsp.ipri.kiev.ua/article/view/207783 |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| Назва журналу: | Data Recording, Storage & Processing |
Institution
Data Recording, Storage & Processing| _version_ | 1856543170918088705 |
|---|---|
| author | Zubok, V. Yu. |
| author_facet | Zubok, V. Yu. |
| author_sort | Zubok, V. Yu. |
| baseUrl_str | |
| collection | OJS |
| datestamp_date | 2020-09-09T14:08:32Z |
| description | When designing and developing software systems of any complexity, project risk management is important and necessary. Every software development project contains elements of uncertainty known as a project risk. The success of a software development project depends on the amount of risk that corresponds to each project activity.The introduction of new RPKI technologies for Internet routing registry stakeholders has led to the emergence of a new single point of failure in the global Internet routing system. The issue of risk management, namely risk identification and classification during the development and operation of software for global routing registries, was not given enough attention to result in a global security incident. Errors in the management of project risk in the process of developing and updating the software of the European database of the routing registry led to the fact that the incident with the routes hijack by Rostelecom on April 1, 2020 became global. After unsuccessful software upgrade critical data was deleted from routing registry database and there was no comprehensive monitoring measures and response plan to prevent the increasing spread of the issue globally. The risk management errors, namely incorrect assessment of impact factors and further factor analysis is analyzed. Factor analysis demonstrated that the main security concerns of the software development and operation cycle were insufficient monitoring and the absence or inadequacy of a risk mitigation program. In result, on a several small steps of the security incident, the risk owner failed to avoid risk, control it or perform its transfer.In our example, there was added a FAIR approach as well-situated complementary method for risk decomposition. This way the main risk is described as a set of smaller, easily recognizable risks which management already has described by known avoidance steps and mitigation measures. On an example of decomposition of data security, it is shown the reasonable points for risk identification, classification and prioritization for this security incident. Tabl.: 3. Refs: 9 titles. |
| first_indexed | 2025-07-17T10:57:54Z |
| format | Article |
| id | drspiprikievua-article-207783 |
| institution | Data Recording, Storage & Processing |
| language | Ukrainian |
| last_indexed | 2025-07-17T10:57:54Z |
| publishDate | 2020 |
| publisher | Інститут проблем реєстрації інформації НАН України |
| record_format | ojs |
| spelling | drspiprikievua-article-2077832020-09-09T14:08:32Z Risk factor analysis of an example of an incident with global routing registry software Факторний аналіз ризиків на прикладі інциденту з програмним забезпеченням реєстру глобальної маршрутизації Zubok, V. Yu. управління ризиками глобальна маршрутизація безпека програмного забезпечення перехоплення маршрутів кібербезпека risk management global Internet routing software security route hijack cybersecurity When designing and developing software systems of any complexity, project risk management is important and necessary. Every software development project contains elements of uncertainty known as a project risk. The success of a software development project depends on the amount of risk that corresponds to each project activity.The introduction of new RPKI technologies for Internet routing registry stakeholders has led to the emergence of a new single point of failure in the global Internet routing system. The issue of risk management, namely risk identification and classification during the development and operation of software for global routing registries, was not given enough attention to result in a global security incident. Errors in the management of project risk in the process of developing and updating the software of the European database of the routing registry led to the fact that the incident with the routes hijack by Rostelecom on April 1, 2020 became global. After unsuccessful software upgrade critical data was deleted from routing registry database and there was no comprehensive monitoring measures and response plan to prevent the increasing spread of the issue globally. The risk management errors, namely incorrect assessment of impact factors and further factor analysis is analyzed. Factor analysis demonstrated that the main security concerns of the software development and operation cycle were insufficient monitoring and the absence or inadequacy of a risk mitigation program. In result, on a several small steps of the security incident, the risk owner failed to avoid risk, control it or perform its transfer.In our example, there was added a FAIR approach as well-situated complementary method for risk decomposition. This way the main risk is described as a set of smaller, easily recognizable risks which management already has described by known avoidance steps and mitigation measures. On an example of decomposition of data security, it is shown the reasonable points for risk identification, classification and prioritization for this security incident. Tabl.: 3. Refs: 9 titles. При проектуванні та розробці програмних систем будь-якої складнос-ті важливим і необхідним є управління проектним ризиком. Методологія базується на аналізі загроз, реалізація яких може певним чином вплинути на систему та її власника. Впровадження нових технологій RPKI призвело до появи нової єдиної точки відмови в системі глобальної маршрутизації мережі Інтернет. Питанню поводження з ризиками в процесі розробки та експлуатації програмного забезпечення для реєстрів глобальної маршрутизації було приділено недостатньо уваги, в результаті чого стався глобальний інцидент безпеки, який класифікується як «перехоплення маршрутів». Проведено аналіз помилок ризик-менеджменту методом декомпозиції основного ризику та подальшого факторного аналізу. Інститут проблем реєстрації інформації НАН України 2020-05-25 Article Article application/pdf http://drsp.ipri.kiev.ua/article/view/207783 10.35681/1560-9189.2020.1.1.207783 Data Recording, Storage & Processing; Vol. 22 No. 1 (2020); 49-55 Регистрация, хранение и обработка данных; Том 22 № 1 (2020); 49-55 Реєстрація, зберігання і обробка даних; Том 22 № 1 (2020); 49-55 1560-9189 uk http://drsp.ipri.kiev.ua/article/view/207783/208522 Авторське право (c) 2021 Реєстрація, зберігання і обробка даних |
| spellingShingle | risk management global Internet routing software security route hijack cybersecurity Zubok, V. Yu. Risk factor analysis of an example of an incident with global routing registry software |
| title | Risk factor analysis of an example of an incident with global routing registry software |
| title_alt | Факторний аналіз ризиків на прикладі інциденту з програмним забезпеченням реєстру глобальної маршрутизації |
| title_full | Risk factor analysis of an example of an incident with global routing registry software |
| title_fullStr | Risk factor analysis of an example of an incident with global routing registry software |
| title_full_unstemmed | Risk factor analysis of an example of an incident with global routing registry software |
| title_short | Risk factor analysis of an example of an incident with global routing registry software |
| title_sort | risk factor analysis of an example of an incident with global routing registry software |
| topic | risk management global Internet routing software security route hijack cybersecurity |
| topic_facet | управління ризиками глобальна маршрутизація безпека програмного забезпечення перехоплення маршрутів кібербезпека risk management global Internet routing software security route hijack cybersecurity |
| url | http://drsp.ipri.kiev.ua/article/view/207783 |
| work_keys_str_mv | AT zubokvyu riskfactoranalysisofanexampleofanincidentwithglobalroutingregistrysoftware AT zubokvyu faktornijanalízrizikívnaprikladííncidentuzprogramnimzabezpečennâmreêstruglobalʹnoímaršrutizacíí |