A recent IEEE Access Paper by Gunn, Allison and Abbott (GAA) proposed a new transient attack against the Kirchhoff-law-Johnson-noise (KLJN) secure key exchange system. The attack is valid, but it is easy to build a defense for the KLJN system. Here we note that GAA’s paper contains several invalid statements regarding security measures and the continuity of functions in classical physics. These deficiencies are clarified in our present paper, wherein we also emphasize that a new version of the KLJN system is immune against all existing attacks, including the one by GAA.

A significant threat to critical infrastructure of computer systems has a destructive impact caused by infrasound waves. It is shown that the known infrasound generations are based on using the following devices: a Helmholtz Resonator, Generation by using a Pulsating Sphere such as Monopolies, Rotor-type Radiator, Resonating Cylinder, VLF Speaker, Method of Paired Ultrasound Radiator, and airscrew. Research of these devices was made in this paper by revealing their characteristics, main advantages and disadvantages. A directional pattern of infrasound radiation and a graph of dependence of infrasound radiation from the consumed power was constructed. Also, during the analysis of these devices, there was proven a set of basic parameters, the values of which make it possible to characterize their structural and operational characteristics. Then approximate values of the proposed parameters of each those considered devices, were calculated. A new method was developed for evaluating the effectiveness of infrasound generation devices based on the definition of the integral efficiency index, which is calculated using the designed parameters. An example of practical application of the derived method, was shown. The use of the method makes it possible, taking into account the conditions and requirements of the infrasound generation devices construction, to choose from them the most efficient one.

Additions were proposed to the method of organizing the information security (IS) event management process of companies. Unlike existing solutions, the algorithm of the "Event handling" subprocess was detailed. This detailing is a complex, which includes the IS event processing substage. In addition, the proposed detailing of the "Event Handling" subprocess allows for covering the entire life cycle of an IS event. The performed research allows in practice to fill in potential gaps in information when creating a company's ISMS. An additional advantage of the proposed solution is the possibility of using this sub-process as an independent one. The proposed approach makes it possible to simplify the procedure for managing the information security of a company as a whole, as well as potentially reduce the costs of its construction for small companies and enterprises. Also, this subprocess can be considered as an independent information security management process, for example, for a company's CIS. The proposed solutions and additions, in contrast to similar studies, are characterized by invariance with respect to the methods of implementing the company's IS infrastructure solutions, and in particular its CIS. This ultimately allows, without changing the methodological tools, to scale this approach and adapt it to the ISMS of various companies.

The paper features some aspects of providing information security and business continuity to public administration by means of an integrated computer-aided management system OSCAD. The system is based on international standards ISO/IEC 270001 and BS 25999 (ISO 22301). First, the significance of information security and business continuity issues in public administration was presented along with a short introduction to the applied standards. Then the possibilities of the OSCAD system were discussed together with the examples how the system can solve the problems encountered by public administration.

An information security audit method (ISA) for a distributed computer network (DCN) of an informatization object (OBI) has been developed. Proposed method is based on the ISA procedures automation by using Bayesian networks (BN) and artificial neural networks (ANN) to assess the risks. It was shown that such a combination of BN and ANN makes it possible to quickly determine the actual risks for OBI information security (IS). At the same time, data from sensors of various hardware and software information security means (ISM) in the OBI DCS segments are used as the initial information. It was shown that the automation of ISA procedures based on the use of BN and ANN allows the DCN IS administrator to respond dynamically to threats in a real time manner, to promptly select effective countermeasures to protect the DCS.

A mathematical model is proposed that makes it possible to describe in a conceptual and functional aspect the formation and application of a knowledge base (KB) for an intelligent information system (IIS). This IIS is developed to assess the financial condition (FC) of the company. Moreover, for circumstances related to the identification of individual weakly structured factors (signs). The proposed model makes it possible to increase the understanding of the analyzed economic processes related to the company's financial system. An iterative algorithm for IIS has been developed that implements a model of cognitive modeling. The scientific novelty of the proposed approach lies in the fact that, unlike existing solutions, it is possible to adjust the structure of the algorithm depending on the characteristics of a particular company, as well as form the information basis for the process of assessing the company's FC and the parameters of the cognitive model.

The chapter deals with the issue of the risk and security management process in public administration, according to the internal audit standards and their requirements. Main legal acts and standards were specified and shortly described. Specially the risk analysis process and security measures selection were emphasized. The possibility to use the software tools for the risk analysis and security measures selection support in public administration was presented. The experiment of OSCAD usage in public administration was shortly described and its results were presented. This experiment shows that the software primarily intended for IT Security Management can be used for risk management in different area as well, for example – in public administration. Some possibilities of further development of risk management supporting tools were proposed.

A methodology for development for distributed computer network (DCN) information security system (IS) for an informatization object (OBI) was proposed. It was proposed to use mathematical modeling at the first stage of the methodology. In particular, a mathematical model was presented based on the use of the apparatus of probability theory to calculate the vulnerability coefficient. This coefficient allows one to assess the level of information security of the OBI network. Criteria for assessing the acceptable and critical level of risks for information security were proposed as well. At the second stage of the methodology development of the IS DCN system, methods of simulation and virtualization of the components of the IS DCN were used. In the course of experimental studies, a model of a protected DCN has been built. In the experimental model, network devices and DCN IS components were emulated on virtual machines (VMs). The DCN resources were reproduced using the Proxmox VE virtualization system. IPS Suricata was deployed on RCS hosts running PVE. Splunk was used as SIEM. It has been shown that the proposed methodology for the formation of the IS system for DCN and the model of the vulnerability coefficient makes it possible to obtain a quantitative assessment of the levels of vulnerability of DCN OBI.

Nowadays, information security management systems are important parts of managing a system for better handling of the information security. In scenarios and situations where safety management is done by managing protection of malwares, it is important to manage security issues properly. Cryptography is an approach which makes possible for a recipient to encrypt and decrypt the information. A combination of two different strategies for encryption and decryption in the text encoding will be transformed into the used all content. The encryption and decryption key of the content decryption key is used. There are different types of information. A number, such as finding two large prime numbers with that product. The number, the size of the RSA key is large enough to make, it's hard to pinpoint these numbers. The key, known as the RSA public key, is the most prominent open encryption. Calculations were used for information exchange. In this paper, we created a program for simulation and testing of apply cryptography of Advance Encryption Standard (AES) algorithm with Rivest-Shamir-Adleman (RSA) algorithm for better performance. In this study, this program is an application of a new algorithm to be the AES&RSA principle of using a public key instead of a private key for cryptography, and the testing of encryption and decryption for the AES&RSA algorithm resulted in time is no different on the AES algorithm and more secure encryption and decryption. The results indicated that the time needed for encoding and decoding of AES&RSA algorithm has been reduced (i.e., efficiency has been improved).

In the digital society, states’ information security has become one of the key elements of ensuring the competitiveness and sustainable development of the state, guaranteeing its integrity and security in general. An important component of state security is the internal security of the state, which must ensure the personal and public safety of its citizens. Modern Ukraine is building a new system of criminal justice, which requires a new information system for risk assessment and support for optimal decision-making. Today, applied research and the development of information and analytical software for the internal security of the state have acquired a special meaning.
In the paper, there is built a set of models for providing operational information for decision-making in criminal justice. This is a cluster model for creating criminal profiles of convicts, and a scoring model for identifying individual characteristics of criminals that have the greatest impact on their propensity to reoffend. The obtained models can provide reliable support for decision-making in the field of criminal justice and become part of the information support system for the internal security of Ukraine in general.

The paper presents the analysis of the Commercial Off-The-Shelf (COTS) software regarding the ability to be used in audio steganography techniques. Such methods are a relatively new tool for hiding and transmitting crucial information, also being used by hackers. In the following work, the publicly available software dedicated to audio steganography is examined. The aim was to provide the general operating model of the information processing in the steganographic effort. The embedding method was analyzed for each application, providing interesting insights and allowing classifying the methods. The results prove that it is possible to detect the hidden message within the specific audio file and identify the technique that was used to create it. This may be exploited further during the hacking attack detection and prevention.