Using of the Q-analysis for the determining protection of the information system
DOI:
https://doi.org/10.18372/2410-7840.20.12805Keywords:
Q-analysis, information leakage scenarios, information security culture, information threats, level of information security cultureAbstract
Article proposes application of methods of structural anal-ysis of systems for the study of the functioning and defini-tion of the information security system with focus on the most common variants of information leakage scenarios and on the features of the information security culture. Verizon annually divides information leakage incidents into nine scenarios that have become the basis for security features and threats sets for this analysis. Human factor is also a great danger, which is not always associated with de-ficiencies or imperfections of security measures, but is al-ways linked to non-compliance with security policy re-quirements. Human factor in information security field is increasingly attracting attention because it has a significant impact on information security as a whole and separately for its insider component. Organizations suffer from acci-dental or deliberate employee errors, despite the availability of security policies and the necessary technologies. Using Q-analysis, the basic principles of constructing a communica-tions model for providing information security in infor-mation system are presented in the example of two sets: set of threats and sets of security measures, numerical values of eccentricities are calculated. The mathematical apparatus of Q-analysis allows to study the topological, informational and functional properties of information security protection in information security. On the basis of the study of structural connectivity of the system there is an opportunity to carry out a formal assessment of its level of functionality, which determines the ability to absorb external adverse factors at the expense of internal resources. The systemic nature al-lowed us to conclude that the elements of the two sets of information security protection in information system are interconnected and form the basis of the system for ensuring their safety. These calculations can be used to further deter-mine the overall formal assessment of the security of the or-ganization and the construction of the information security system in information system should be based on the results of this analysis.References
О. Архипов, "Щодо методики iдентифiкацiї та оцінювання активiв системи iнформацiйних технологiй", Захист iнформацiї, №1 (50), C.42-47, 2011.
G. Dhillon, Managing information system security, London: Macmillan, 1997.
A. Goicoechea, D. Hansen, L. Duckstein, Multiobjective Decision Analysis with Engineering and Business Applications, IWiley, New York, 1982.
T. Helokunnas, R. Kuusisto, "Information security culture in a value net", In: Engineering Management Con-ference, IEMC‘03 on Managing Technologically Driven Or-ganizations: The Human Side of Innovation and Change, New York: IEEE Press, P. 190-194, 2003.
K. Mitnick, W. Simon, The art of deception: controlling the human element of security, Wiley Publishing, P. 3, 2002.
A. Potiy, D. Pilipenko, I. Rebriy, "The prerequisites of information security culture development and an approach to complex evaluation of its level", Радіоелектронні і комп’ютерні системи, no. 5, P. 72-77, 2012.
M. Siponen, "Five dimensions of information security awareness", Computers and Society, 2001.
Y. Svirezhev, D. Logofet, Stability of Biological Commu-nities, Mir, Moscow ,1978.
F. Szidarovszky, M. Gershon, L. Duckstein, Techniques for Multiobjective Decision Making in Systems Management, Elsevier, New York, 1986.
J. Van Niekerk, R. Von Solms, "Information security culture: A management perspective", Computers & Security, p.478, 2010.
Data Breach Investigation Report, Verizon Enterprise Solutions, 2013
Data Breach Investigation Report, Verizon Enterprise Solutions, 2014
Downloads
Published
Issue
Section
License
Authors who publish with this journal agree to the following terms:- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).