Use of entropy approach for information security risks assessment

Volodymyr Mokhor, Vasyl Tsurkan, Yaroslav Dorohyi, Serhii Mykhailov, Oleksandr Bakalynskyi, Heorhii Krykhovetskyi, Ihor Bohdanov


The risk of information security as an influence of uncertainty on the achievement of goals is considered. In achieving the goals meant to ensure the confidentiality, integrity and availability of information. Estimation of such influence is carried out by the elimination of entropy as a measure of uncertainty. The state of uncertainty is described by the final scheme.  The variety of threats for information security and loss resulting from their implementation is set for its definition. It takes into account the existence of different threats that lead to the same losses, and threats, due to the implementation of which there are no losses. At the same time, the distribution of likelihood of damage as a result of the implementation of threats for information security is considered as known. The correctness of that approach is confirmed by the implementation of the entropy characteristics. Therefore, the use of an entropy approach allows to construct an intuitively more correct basis for quantitative risk assessment of information security. It is associated with a fact of operating the form of the distribution of a random variable but not its specific values. In this case, the advantages and disadvantages of the entropy approach are established. The using of fuzzy set theory and likelihood is offered to overcome the identified shortcomings in prospect.


Information security, information security risk, uncertainty, entropy, entropy approach.


V.V. Mokhor, and V.V. Tsurkan, “ The entropy approach to the definition of the "information security risk”, in Proc. ХХVIII conf. Modeling, Кyiv, 2009, p. 22.

E.M. Bronshtein, and O.V. Kondrateva, “ About efficiency of use entropic risk measures at securities portfolio forming”, Financial Analytics: Science and Experience, vol. 4, iss. 11, pp. 7-10, March 2011.

R.A. Gevorgian, “Entropy approach to the market risks assessment”, Financial Risk Management, no. 2, pp. 146-153, 2012.

E.M. Bronshtein, and O.V. Kondrateva, “Security portfolio management based on combined entropic risk measures”, Theory and control systems, no. 5, p. 172, 2013.

doi: 10.7868/S0002338813050041.

E.V. Levner, and A.S. Ptuskin, “On the choice of directions of modernization of enterprises based on information entropy economic risk model”, Economics and Mathematical Methods, vol. 50, no. 2, pp. 111-126, 2014.

R.S. Ariautov, A.G. Pimonov, and K.E. Reizenbuk, “Decision support system for securities portfolio management based on entropic risk measures”, Vestnik of Kuzbass State Technical University, no. 6, pp. 169-174, 2015.

V.V. Mokhor, V.V. Tsurkan, and S.M. Mykhailov, “Entropy approach to information security risk assessment in cyberspace”, in Proc. ІV international conf. ITSEC, Kyiv, 2014, с. 43.

A.I. Khinchin, “The concept of entropy in probability theory”, Uspekhi Matematicheskikh Nauk, vol. VIII, iss. 3 (55), pp. 3-20, May-June 1953.

M.V. Volkshtein, Entropy and information. Moscow, Russia: Nauka. 1986.

ISSN 2411-1031 (Print), ISSN 2518-1033 (Online)