RAQAMLI IQTISODIYOT TIZIMIDA AXBOROTLARNI HIMOYALASH USUL VA VOSITALARI TAHLILI
Keywords:
Kalit so‘zlar: raqamli iqtisodiyot, axborot xavfsizligi, kriptografiya, MFA, RBAC/ABAC, Zero Trust, SIEM, ELK, IoT, bulut xavfsizligi.Abstract
Annotatsiya: Ushbu maqolada raqamli iqtisodiyot sharoitida axborot xavfsizligini ta’minlashning kompleks yondashuvi tahlil qilinadi. Kirish qismida raqamli platformalar, sun’iy intellekt va global internet infratuzilmasi kengayishi bilan bog‘liq risklar hamda ma’lumotlarning ishonchliligi, yaxlitligi va maxfiyligi iqtisodiy barqarorlik uchun hal qiluvchi omil ekani asoslanadi. Asosiy tahdidlar sifatida kiberhujumlar (DoS/DDoS, phishing, malware), ma’lumotlarning o‘g‘irlanishi, ichki xodimlar (insider) xavfi, kriptografik kalitlarni buzish va autentifikatsiyani chetlab o‘tish, shuningdek bulut va IoT muhitlaridagi konfiguratsion zaifliklar tizimli ravishda ko‘rib chiqiladi. Himoya blokida kriptografik usullar (AES, RSA/ECC, ChaCha20/Ascon, SHA-2/3), kuchaytirilgan autentifikatsiya (MFA), ruxsatlarni boshqarish modellari (RBAC/ABAC), tarmoq darajasida firewall va IDS/IPS, VPN hamda Zero Trust arxitekturasi integratsiyalangan holda baholanadi. Monitoring qatlamida ELK, SIEM yechimlari va mashinaviy o‘qitishga tayangan anomaliya aniqlash yondashuvlari erta ogohlantirish va tezkor javob choralarini ta’minlashi ko‘rsatiladi. Natijalarga ko‘ra, texnik (kriptografiya, tarmoq xavfsizligi), tashkiliy (siyosatlar, rollar/atributlar) va analitik (SIEM/AI) choralar uyg‘unligi asosida ko‘p bosqichli mudofaa modeli raqamli iqtisodiyot subyektlari uchun eng maqbul strategiya hisoblanadi.
References
1. ENISA. (2024). ENISA Threat Landscape 2023/2024. European Union Agency for Cybersecurity. https://www.enisa.europa.eu/publications
2. FireEye/Mandiant. (2024). M-Trends 2024: Insights into today’s threat landscape. Mandiant. https://www.mandiant.com/resources/m-trends
3. IBM Security, & Ponemon Institute. (2024). Cost of a data breach report 2024. IBM. https://www.ibm.com/reports/data-breach
4. International Organization for Standardization. (2022). ISO/IEC 27001:2022 — Information security, cybersecurity and privacy protection — Information security management systems — Requirements. ISO.
5. Kaspersky Lab. (2023). Kaspersky Security Bulletin 2023: Statistics & trends. Kaspersky. https://www.kaspersky.com
6. Microsoft. (2024). Digital Defense Report 2024. Microsoft. https://www.microsoft.com/digitaldefense
7. National Institute of Standards and Technology. (2020). Zero Trust architecture (SP 800-207). NIST. https://doi.org/10.6028/NIST.SP.800-207
8. National Institute of Standards and Technology. (2023). Lightweight cryptography: Announcement of selected algorithms (Ascon). NIST. https://csrc.nist.gov/projects/lightweight-cryptography
9. National Institute of Standards and Technology. (2024). Cybersecurity Framework (CSF) 2.0. NIST. https://www.nist.gov/cyberframework
10. Open Web Application Security Project. (2021). OWASP Top 10: 2021. OWASP Foundation. https://owasp.org
11. Open Web Application Security Project. (2023). OWASP API Security Top 10: 2023. OWASP Foundation. https://owasp.org
