Threat ranging for determination of costs to ensure the security of the information protection system based on the theory of fuzzy relations
DOI:
https://doi.org/10.18372/2410-7840.22.14664Keywords:
information security, security threats, fuzzy relation, tran-sitive circuitAbstract
For the construction and effective functioning of the information protection system it is necessary to analyze the possible threats to the level of their impact on the studied system and determine the allowable costs to ensure its security. The vast majority of this issue is solved using statistical analysis methods, which require consideration of a significant amount of information, complex calculations and take a long time to process. Therefore, the paper proposes the ranking of threats to the information security system using the theory of fuzzy relations. The initial information about the system is given in the form of a vague relationship of the impact of threats on non-compliance with the established criteria. Based on the defined ranks, the set of threats to the information protection system is divided into classes that do not intersect and are equivalent in weight. The division into classes is carried out using a transitive closure of the fuzzy similarity relationship and makes it possible to build a clear plan for the protection of the information space, taking into account the degree of influence of each class of threats. A decomposition tree for equivalence classes is also constructed, which clearly represents the number of classes and the list of threats belonging to this class at each level. To ensure the security of the information security system, it is proposed to distribute the eligible costs in proportional equivalence to the ranks of threats. This will promote the rational use of resources and tools to prevent, eliminate or reduce the impact of probable threats to the information security system, provide a balance between the level of information risk and the eligible costs of information security measures.
References
И. Ажмухамедов, "Моделирование на основе экспертных суджений процесса оценки инфор-мационной безопасности", Вестник АГТУ. Серия: «Управление, вычислительная техника и інформатика», №2, С. 101-109, 2009.
A. Кащенко, "Многокритериальная оценка и ран-жирование информационных рисков на основе алгоритма Мамдани", Кибернетика и технологи XXI века: материалы V Международной научно-технической конференции, С. 81-85, 2004.
Класифікація загроз інформаційній безпеці. Ін-формаційна безпека особистості. [Електронний ресурс]. Режим доступу: https://sites.google.com/ site/infobezosob/klasifikacia-zagroz-informacijnij-bezpeci (дата звернення: 25.03.2020).
А. Ротштейн, "Ранжирование элементов системы на основе нечеткого отношения влияния и тран-зитивного замыкания", Кибернетика и системный анализ, Том 53, №1, С. 68-78, 2017.
А. Ротштейн, "Нечеткие когнитивные карты в анализе надежности систем", Надежность, №4, С. 24-31, 2019.
В. Ярочкин, Информационная безопасность, М.: Ака-демический Проект; Гаудеамус, 2004, 544 с.
L. Zadeh, "Similarity relations and fuzzy orderings", Information Sciences, Vol. 3, pp. 177-200, 1971.
Downloads
Published
Issue
Section
License
Authors who publish with this journal agree to the following terms:- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
