A multicriterial analysis of the efficiency of conservative information security systems
Journal Title: Восточно-Европейский журнал передовых технологий - Year 2019, Vol 3, Issue 9
Abstract
<p class="AnotEEJ">The paper addresses the task on a multicriterial analysis of the effectiveness of conservative information security systems whose structure and components do not change over a certain period of time. The principal scheme of such systems includes a protected object, vulnerabilities ‒ channels for attacks, threats, and protection tools.</p><p class="AnotEEJ">Based on the assumption about the independence of attacks and protection tools, we have developed a discrete probabilistic model of damage to a protected object. For a random variable of the amount of damage over a fixed period of time, we have derived a representation in the form of a sum of binomially-distributed random variables, dependent on the parameters for attacks and protection. We have described in a similar manner the random variables for economic losses, recovery time, as well as recovery costs, for which mathematical expectations and variances have been obtained in the analytical form. To ensure the high statistical confidence, it has been proposed to determine the risk indicators using a Cantelli’s inequality. On this basis, we have defined performance indicators for a protection system, which characterize the probability of protected object’s safety, residual losses, conditionally saved costs, survivability, and the cost of recovery.</p><p class="AnotEEJ">By using a Pareto optimality theory, we have devised a procedure for multi-criteria analysis and rational design of conservative systems of information protection. Verification has been carried out for the audio information protection systems. A Pareto frontier has been investigated according to the criteria of economic benefit and investment costs for 66 variants of protection. We have examined the influence of protection level on the Cantelli’s measure for conditional savings, as well as the contribution of various types of protection devices to it.</p><p class="AnotEEJ">The research results have confirmed the saturation law by Gordon-Loeb for the case when over-protection does not improve the effectiveness of protection systems.</p>
Authors and Affiliations
Valeriy Dudykevych, Ivan Prokopyshyn, Vasyl Chekurin, Yuriy Lakh, Taras Kret, Yevheniia Ivanchenko, Ihor Ivanchenko
Keywords
Related Articles
- EP ID EP666458
- DOI 10.15587/1729-4061.2019.166349
- Views 64
- Downloads 0
Effect of step heat treatment modes on the physical-mechanical properties of concrete
<p class="a"><span lang="EN-US">Heat treatment of waterproof heavy concrete samples using heated air in step modes is carried out. It is indicated that these experiments are an integral part of the research of the method...
Design of a set of nonlinear control systems of the arc PVD ionplasma installation
<p class="a">Control systems over the set of technological processes of the installation for ion-plasma application of coatings on metal cutting tools are developed. The purpose of the development is the need to improve...
Theoretical and applied aspects of using a thermal pump effect in gas pipeline systems
<p class="a">Based on the classical method for calculating parameters of gas pipelines using electrohydraulic analogy, a mathematical model of the object, the process of gas transmission in an industrial pipeline, has be...
Development of the method to operatively control quality of iron ore raw materials at open and underground extraction
<p>The main task of the mining industry is to improve the efficiency of extraction and processing of iron ore. One of the main factors contributing to solving the task is determining the content of iron in the ore body a...
A solution for synchronous incremental maintenance of materialized views based on SQL recursive query
Materialized views are excessively stored query execution results in the database. They can be used to partially or completely answer queries which will be further appeared instead of re-executing query from the scratch....