кібербезпека

In the modern world, where information security becomes a key element of any organization's operations, software security testing automation is more important than ever. The success of an application directly depends on its stability, reliability, and security, which makes the proper implementation of control mechanisms critical. The increase in cyber threats and the growing complexity of software systems make this topic even more relevant.

With the development of containerized environments, the issue of security is becoming critical for application deployments. This article provides a comparative analysis of static and dynamic methods for scanning Docker container images. Static analysis is used to identify potential vulnerabilities before container deployment, while dynamic analysis is performed in an isolated environment at runtime, ensuring product reliability.

The object of the research is the security of the file system of a single-board platform. As part of the research reported in this paper, a method has been proposed to protect the file system using encryption. Implementing a Linux Unified Key Setup paired with a password or Universal Serial Bus key has been demonstrated. The advantages of Linux Unified Key Setup for this task and the possibilities for system configuration and encryption method depending on the use case and hardware configuration has been outlined.

This article analyzes the role of administrative bodies in ensuring cyber security from a legal and administrative perspective. The key functions and tasks they perform for effective management and protection of information resources and cyber infrastructure are considered, as well as the importance of the role of subjects of administrative and legal protection of cyber security in the formation of strategies and policies aimed at ensuring cyber security is highlighted, and their contribution to the creation of a secure and stable cyberspace.

The article considers the legal mechanisms for ensuring information security. It has been proven that today, more than ever, when there is a war in Ukraine, the issue of ensuring information security becomes especially relevant and significant, as the information space becomes a «battlefield» on a par with the war front. Enemy forces actively use informational and psychological operations to destabilize the situation inside our country, create panic, spread fakes and undermine trust in state institutions.

nding to emerging threats through the implementation of recognized standards in the field of information security, such as ISO 27001, was considered. The updated edition of the international standard ISO/IEC 27001 of 2022 and, in particular, the main changes in the structure of controls were analyzed. A detailed analysis of the new security control from Appendix A – A.8.9 – Configuration Management and possible ways of its effective implementation in organizations were carried out.

This paper explores the use of diarization systems which employ advanced machine learning algorithms for the precise detection and separation of different speakers in audio recordings for the implementation of an intruder detection system. Several state-of-the-art diarization models including Nvidia’s NeMo, Pyannote and SpeechBrain are compared. The performance of these models is evaluated using typical metrics used for the diarization systems, such as diarization error rate (DER) and Jaccard error rate (JER).

In this article, the authors focused on analyzing the possibilities of using artificial intelligence models for effective detection and analysis of cybercrimes. A comprehensive method using artificial intelligence algorithms, such as Random Forest and Isolation Forest algorithms, is developed and described to detect ransomware, which is one of the main threats to information security management systems (ISMS) in the field of critical infrastructure.

Summary. The article identifies the peculiarities of the current state of cybersecurity in Ukraine and emphasizes the importance of applying effective legislation aimed at protecting the cyber structure, as well as choosing the best tools and mechanisms to combat cyber threats.