Estimation of financial costs for building of information protection system
DOI:
https://doi.org/10.18372/2410-7840.20.13424Keywords:
technical information protection complex, probability of protection breaking, risks of losses from invested funding in defense, risks of total financial losses, protection effectiveness, single-level protection, multi-level protectionAbstract
In this paper, an attempt has been made to develop a methodology for estimating the financial costs of building a complex of technical information protection (CTIP) using known parameters. Such parameters can be: the likelihood of hacking protection, depending on the amount of funding invested in protection and possible financial losses without protection; risks of losses from invested funding in defense; risks of total financial losses and the effectiveness of the constructed protection. All CTEI assessments were conducted for the maximum values of the likelihood of hacking and the maximum risk of loss. In this paper, specific expressions are obtained for assessing the effectiveness of information protection, optimizing the risks of financial losses in the design, certification and evaluation of the working condition depending on financial investments in information protection and the risks of their losses. A theoretical definition of the effectiveness of protection through the risks of invested funding in defense and the risks of total financial losses are proposed. Coefficient the effectiveness of the protection of a single or single-tier protection will vary from zero (in the absence of funding for protection) to unity (with infinite funding for the construction of protection). The obtained expressions at the design stage will allow you to compare with each other and evaluate the chosen KTPDI before the process of its implementation. Experimental research data on the differences between the practical and theoretical parameters of the effectiveness of protection will allow to investigate and select the most optimal and effective protection. Expressions are given that make it possible to determine the actual effectiveness of security based on the experimental probability of hacking. Theoretically confirmed higher reliability of multi-level protection compared with single-level. It is shown that with the same financial costs for single-level and multi-level protection, the likelihood of hacking protection and risks financial loss of multi-level protection is much lower. Consequently, with the help of a multi-level protection system, you can create the required level of protection with lower financial costs. Thus, this work can be useful for assessing the effectiveness of information protection, optimizing the risks of financial losses in the design, certification and assessment of the working condition.References
Б. Журиленко, Н. Николаева, Н. Пелих, "Оптимальные финансовые затраты и основные критерии построения или модернизации комплекса технической защиты информации", Правове, нормативне та метрологічне забезпечення системи захисту інформації в Україні, Київ, КПІ НДЦ «Тезіс», Випуск 1 (22), С. 33-43, 2011.
В. Колемаев, Математическая экономика: учебник для вузов Колемаев В.А. М.: ЮНИТИ-ДАНА, 2002. 399 с.
А. Шапкин, Экономические и финансовые риски. Оценка, управление, портфель инвестиций, М.: Издательско-торговая корпорация «Данков и Ко», 2003. 544 с.
В. Кравченко, Є. Левченко, "Використання теорії нечітких множин для визначення втрат на захист інформації", Захист інформації, №1, С. 85-90, 2011.
В. Домарев, Безопасность информационных технологий. Системный подход, К.:ООО «ТИД «ДС», 2004. 992 с.
І. Сахарцева, О. Шляга, Ризики економічної діагностики підприємства, МОН. К.: Кондор, 2008, 380 с.
Андре Анго Математика для электро- и радиоинженеров, М.: Из-во «Наука», 1964, 772 с.
Downloads
Published
Issue
Section
License
Authors who publish with this journal agree to the following terms:- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).