A geometric approach to the acceptable risk probabilities estimation of information security

Authors

  • Владимир Владимирович Мохор Pukhov Institute for Modelling in Energy Engineering of National Academy of Sciences of Ukraine
  • Александр Олегович Бакалинский National technical university of Ukraine «Kyiv polytechnic institute»
  • Василий Васильевич Цуркан National technical university of Ukraine «Kyiv polytechnic institute»

DOI:

https://doi.org/10.18372/2410-7840.18.10850

Keywords:

geometric probability, geometric approach, information security risk, acceptable risk, probability estimation, risk-appetite, risk owner, information security risk management system

Abstract

Construction and usage of the information security management system based on a risk-oriented approach is considered. At the same time nonconstructivity of project requirements for the construction of such sys-tems by «ensuring the level of risk no higher than acceptable» is defined. In order to overcome this limit proposed to review the functioning of an information security management system as a queuing system with processing the flow of risk events with levels of risk that higher than acceptable and a defined probability of such events occurrence. The solution to this problem is realized by the use of concepts and methods of geometrical probability. With this approach the subjective indicator of risk owner risk-appetite, displayed in the form of acceptable level of risk is transformed into a formalized probabilistic criterion, on which is possible to formulate verifiable requirements for the establishment of information security management systems

Author Biographies

Владимир Владимирович Мохор, Pukhov Institute for Modelling in Energy Engineering of National Academy of Sciences of Ukraine

doctor of engineering science, professor, Director of Pukhov Institute for Modelling in Energy Engineering of National Academy of Sciences of Ukraine

Александр Олегович Бакалинский, National technical university of Ukraine «Kyiv polytechnic institute»

deputy head of department, State institution «Institute of special communications and information security National technical university of Ukraine «Kyiv polytechnic institute»

Василий Васильевич Цуркан, National technical university of Ukraine «Kyiv polytechnic institute»

candidate of engineering science, leading researcher of State institution «Institute of special communications and information security National technical university of Ukraine «Kyiv polytechnic institute».

References

Компания «Инфосистемы Джет» построила СУИБ «Эльдорадо» [Электронный ресурс]. – Режим доступа : http://www.osp.ru/osp-new/ public/resources/releases/?rid=7954. – Дата до-ступа : июнь 2016. – Название с экрана.

ISO 27001 – Information Management Security System [Electronic resource]. – Access mode : http://www.enhancequality.com/iso-standards/ iso-27001-information-security-management-sys-tem/. – Access data : June 2016. – The title of the screen.

Дмитриев А. Менеджмент информационной безопасности [Электронный ресурс] / А. Дмитриев. – Режим доступа : http://www.comizdat. com/index_.php?in=ksks_articles_id&id=568. – Дата доступа : июнь 2016. – Название с экрана.

Information technology. Security techniques. Information security management systems. Require-ments : ISO/IEC 27001:2013. – Second edition 2013-10-01. – Geneva, 2013. – P. 23.

Information technology. Security techniques. Information security risk management : ISO/IEC 27005:2011. – Second edition 2011-06-10. – Ge-neva, 2011. – P. 68.

Методичні рекомендації щодо впровадження системи управління інформаційною безпекою та методики оцінки ризиків відповідно до стандартів Національного банку України [Електронний ресурс]. – Режим доступу : http://zakon3.rada.gov.ua/laws/show/v0365500-11/page. – Дата доступу : червень 2016. – Назва з екрану.

Information technology. Security techniques. Information security incident management : ISO/IEC 27035:2011. – First edition 2011-09-01. – Geneva, 2011. – P. 78.

Кендалл М. Геометрические вероятности / М. Кендалл, П. Моран. – М. : Наука, 1972. – 192 с.

Published

2016-09-26

Issue

Section

Articles