Modeling the decision-making procedure for financing cybersecurity funds in the information and educational environment of the university

Authors

  • Лазат Муктаровна Кидираліна Kazakh National Pedagogical University named after Abay
  • Бахитжан Сражатдіновіч Ахметов Kazakh National Pedagogical University named after Abay
  • Валерій Анатолійович Лахно European university

DOI:

https://doi.org/10.18372/2410-7840.20.12864

Keywords:

cybersecurity, information and educational environment of the university, multi-stage quality play, optimal financing strategies

Abstract

The article proposes a model for evaluation of investment strategies in the information and educational environment of the University (IOCC). One of the options for solving such problems, and, in particular, assessing the risks associated with the financing of information security systems and cyber security of IOCC, is the implementation of intelligent decision support systems. Such systems allow the management of educational institutions to make rational decisions on investing financial resources in the development of the IOCC protection tools. The article proposes a model for the IDSP for a discrete procedure for financing the information protection and cyber security systems of the IOCC. Difference of the model from existing ones is the assumption of limited financial resources as the protection side of IOCC and attackers. The model is based on the use of the tools of the theory of multi-step games. The article describes the solution of a bilinear multistep game of quality with dependent motions within the framework of IOCC protection strategies. The results of the simulation experiment within the framework of the choice of financial strategies for cyber defense of IOCC are described. The developed intellectualized decision support system (IDSP) will allow the user to evaluate financial strategies when the investment directions in the information and cyber security information systems of the IOCC are aligned. Unlike existing models, a bilinear multistep game of quality in a class of pure strategies has been solved, and it makes it possible to assess the risks for players who accordingly represent the sides of defense and attack for IOCC. Various ratios of the parameters describing the financing process in the information protection and cyber security protection facilities of the IOCC were taken into account. In the course of the simulation experiment based on the results of the simulation experiment and the test results of the IDSP, a conclusion was made about the risks of loss of financial resources for players, respectively, by means of cyber defense and hacking the IOCC.

Author Biographies

Лазат Муктаровна Кидираліна, Kazakh National Pedagogical University named after Abay

doctoral, Kazakh National Pedagogical University named after Abay, Almaty, Kazakhstan

Бахитжан Сражатдіновіч Ахметов, Kazakh National Pedagogical University named after Abay

director of the Center for advanced studies and distance education, Kazakh National Pedagogical University named after Abay, Almaty, Kazakhstan

Валерій Анатолійович Лахно, European university

doctor of Engineering; professor, head of the department cyber security and managements of protection of information systems, European university, Kiev, Ukraine

References

Y. Rezgui, M. Adam, "Information security awareness in higher education: An exploratory study", Computers & Security, pp. 241-253, 2010.

N. Sultan, "Cloud computing for education: A new dawn?", International Journal of Information Management, pp. 109-116.

Б. Ахметов, В. Яворский, Моделирование информа-ционной образовательной среды вуза, КарГТУ, 2006, 251 c.

F. Schneider, "Cybersecurity education in universities", IEEE Security & Privacy 11.4, pp. 3-4, 2013.

A. Conklin, "Cyber defense competitions and information security education: An active learning solution for a capstone course", System Sciences, 2006. HICSS'06. Proceedings of the 39th Annual Hawaii International Conference on. Vol. 9. IEEE, 2006.

М. Schuett, M. Rahman, Information Security Synthesis in Online Universities, 2011.

N. Radziwill, M. Benton, Cybersecurity Cost of Quality: Managing the Costs of Cybersecurity Risk Management. [Electronic resource]. Online: https://arxiv.org/ftp/ arxiv/papers/1707/1707.02653.pdf, 2017.

V. Lakhno, Y. Boiko, A. Mishchenko, V. Kozlovskii, O. Pupchenko, "Development of the intelligent decision-making support system to manage cyber protection at the object of informatization", Eastern-European Journal of Enterprise Technologies, 2/9 (86), pp. 53-61, 2017.

S. Ramgovind, M. Eloff, E. Smith, "The management of security in cloud computing", In Information Security for South Africa (ISSA), pp. 1-7, 2010.

A. Sajid, H. Abbas, K. Saleem, "Cloud-assisted iot-based scada systems security:A review of the state of the art and future challenges", IEEE Access, 4, pp. 1375-1384, 2016.

V. Malyukov, "A differential game of quality for two groups of objects", Journal of Applied Mathematics and Mechanics, Vol. 55, No. 5, pp. 596-606, 1991.

I. Krass, V. Malyukov, "O sushhestvovanii optimal'-nyh smeshannyh strategij dlja nekotoryh antagoni-sticheskihigr", Optimizacija, pp. 135-146, 1978.

O. Petrov, B. Borowik, M. Karpinskyy, O. Korchenko, V. Lakhno, Immune and defensive corporate systems with intellectual iden-tification of threats, 2016, 222 p.

K. Goztepe, "Designing Fuzzy Rule Based Expert System for Cyber Security", International Journal of Information Security Science, Vol. 1, No 1, pp. 13-19, 2012.

V. Lakhno, "Development of a support system for managing the cyber security", Radio Electronics, Computer Science, Control, No. 2, pp. 109-116, 2017.

M. Manshaei, Q. Zhu, T. Alpcan, "Game theory meets network security and privacy", ACM Computing Surveys, Vol. 45, No. 3, pp. 1-39, 2013.

N. Ben–Asher, C. Gonzalez, "Effects of cyber security knowledge on attack detection", Computers in Human Behavior, Vol. 48, pp. 51-61, 2015.

J. Grossklags, N. Christin, J. Chuang, "Secure or insure?: a game-theoretic analysis of information security games", 17th international conference on World Wide Web, Beijing, China, 21 – 25 April 2008 : proceedings. New York, ACM, pp. 209-218, 2008.

H. Cavusoglu, B. Mishra, S. Raghunathan, "A model for evaluating IT security investments", Communications of the ACM, Vol. 47, No. 7, pp. 87-92, 2004.

A. Fielder, E. Panaousis, P. Malacaria, "Decision support approaches for cyber security investment", Decision Support Systems, Vol. 86, pp. 13-23, 2016.

P. Meland, I. Tondel , B. Solhaug, "Mitigating risk with cyberinsurance", IEEE Security & Privacy, No. 13(6), pp. 38-43, 2015.

A. Fielder, S. Konig, E. Panaousis, S. Schauer, S. Rass, Uncertaintyin Cyber Security Investments, arXiv preprint arXiv:1712.05893, 2017.

A. Fielder, E. Panaousis, P. Malacaria, "Game theory meets information security management" International Information Security Conference, Marrakech, Morroco, 2–4 June 2014 : proceedings, Berlin, Springer, pp. 15-29, 2014.

X. Gao, W. Zhong, S. Mei, "Game-theoretic analysis of information sharing and security investment for complementary firms", Journal of the Operational Research Society, Vol. 65, No. 11, pp. 1682-1691, 2014.

V. Malyukov, "Discrete-approximation method for solving a bilinear differential game", Cybernetics and Systems Analysis, Vol. 29, No. 6, pp. 879-888, 1993.

V. Lakhno, V. Malyukov, N.Gerasymchuk, "Development of the decision making support system to control a procedure of financial invest-ment", Eastern-European Journal of Enterprise Technologies, Vol. 6, No. 3, pp. 24-41, 2017.

F. Smeraldi, P. Malacaria, "How to spend it: optimal investment for cyber security", 1st International Workshop on Agents and CyberSecurity, Paris, France, 06–08 May 2014 : proceedings, New York, ACM, pp. 8, 2014.

B. Akhmetov, V. Lakhno, Y. Boiko, A. Mishchenko, "Designing a decision support system for the weakly formalized problems in the provision of cybersecurity", Eastern-European Journal of Enterprise Technologies, 1(2(85)), pp. 4-15, 2017.

M. Chronopoulos, E. Panaousis, J. Grossklags, An options approach to cybersecurity investment, IEEE Access, 2017.

S. Rass, S. König, S. Schauer, "Uncertainty in games: Using probability-distributions as payoffs", In International Conference on Decision and Game Theory for Security, pp. 346-357, 2015.

Y. Lee, R. Kauffman, R. Sougstad, "Profit-maximizing firm investments in customer information security", Decision support systems, 51(4), pp. 904-920, 2011.

T. Moore, S. Dynes, F. Chang, Identifying how firms manage cybersecurity investment. [Electronic resource]. Online: http://blog. smu. edu/research/ files/ 2015/ 10/SMU-IBM. pdf

V. Lahno, "Ensuring of information processes’ reliability and security in critical application data processing systems", MEST Journal, vol. 2, pp. 71-79, 2014.

Downloads

Published

2018-06-25

Issue

Vol. 20 No. 2 (2018)

Section

Articles

License

Authors who publish with this journal agree to the following terms:

  1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.

  2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.

  3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).