Use of entropy approach for information security risks assessment

Authors

  • Volodymyr Mokhor Pukhov institute for modeling in energy engineering of National academy of sciences of Ukraine, Kyiv,, Ukraine
  • Vasyl Tsurkan Institute of special communications and information protection National technical university of Ukraine “Igor Sikorsky Kyiv polytechnic institute”, Kyiv,, Ukraine https://orcid.org/0000-0003-1352-042X
  • Yaroslav Dorohyi National technical university of Ukraine “Igor Sikorsky Kyiv polytechnic institute”, Kyiv,, Ukraine
  • Serhii Mykhailov Institute of special communications and information protection National technical university of Ukraine “Igor Sikorsky Kyiv polytechnic institute”, Kyiv,, Ukraine
  • Oleksandr Bakalynskyi Institute of special communications and information protection National technical university of Ukraine “Igor Sikorsky Kyiv polytechnic institute”, Kyiv,, Ukraine
  • Heorhii Krykhovetskyi Institute of special communications and information protection National technical university of Ukraine “Igor Sikorsky Kyiv polytechnic institute”, Kyiv,, Ukraine
  • Ihor Bohdanov “Starcom” “ССМ” Subsidiary Enterprise, Kyiv,, Ukraine

DOI:

https://doi.org/10.20535/2411-1031.2016.4.2.110082

Keywords:

Information security, information security risk, uncertainty, entropy, entropy approach.

Abstract

The risk of information security as an influence of uncertainty on the achievement of goals is considered. In achieving the goals meant to ensure the confidentiality, integrity and availability of information. Estimation of such influence is carried out by the elimination of entropy as a measure of uncertainty. The state of uncertainty is described by the final scheme.  The variety of threats for information security and loss resulting from their implementation is set for its definition. It takes into account the existence of different threats that lead to the same losses, and threats, due to the implementation of which there are no losses. At the same time, the distribution of likelihood of damage as a result of the implementation of threats for information security is considered as known. The correctness of that approach is confirmed by the implementation of the entropy characteristics. Therefore, the use of an entropy approach allows to construct an intuitively more correct basis for quantitative risk assessment of information security. It is associated with a fact of operating the form of the distribution of a random variable but not its specific values. In this case, the advantages and disadvantages of the entropy approach are established. The using of fuzzy set theory and likelihood is offered to overcome the identified shortcomings in prospect.

Author Biographies

Volodymyr Mokhor, Pukhov institute for modeling in energy engineering of National academy of sciences of Ukraine, Kyiv,

doctor of technical sciences,
professor, director

Vasyl Tsurkan, Institute of special communications and information protection National technical university of Ukraine “Igor Sikorsky Kyiv polytechnic institute”, Kyiv,

candidate of technical sciences,
associate professor at the cybersecurity
and application of information systems
and technologies academic department

Yaroslav Dorohyi, National technical university of Ukraine “Igor Sikorsky Kyiv polytechnic institute”, Kyiv,

candidate of technical sciences,
associate professor, doctoral student

Serhii Mykhailov, Institute of special communications and information protection National technical university of Ukraine “Igor Sikorsky Kyiv polytechnic institute”, Kyiv,

postgraduate student

Oleksandr Bakalynskyi, Institute of special communications and information protection National technical university of Ukraine “Igor Sikorsky Kyiv polytechnic institute”, Kyiv,

deputy head of management
and tactical and special training
academic department

Heorhii Krykhovetskyi, Institute of special communications and information protection National technical university of Ukraine “Igor Sikorsky Kyiv polytechnic institute”, Kyiv,

candidate of technical sciences,
senior researcher, chief
of the scientific-organizational
department

Ihor Bohdanov, “Starcom” “ССМ” Subsidiary Enterprise, Kyiv,

junior

References

V.V. Mokhor, and V.V. Tsurkan, “ The entropy approach to the definition of the "information security risk”, in Proc. ХХVIII conf. Modeling, Кyiv, 2009, p. 22.

E.M. Bronshtein, and O.V. Kondrateva, “ About efficiency of use entropic risk measures at securities portfolio forming”, Financial Analytics: Science and Experience, vol. 4, iss. 11, pp. 7-10, March 2011.

R.A. Gevorgian, “Entropy approach to the market risks assessment”, Financial Risk Management, no. 2, pp. 146-153, 2012.

E.M. Bronshtein, and O.V. Kondrateva, “Security portfolio management based on combined entropic risk measures”, Theory and control systems, no. 5, p. 172, 2013.

doi: 10.7868/S0002338813050041.

E.V. Levner, and A.S. Ptuskin, “On the choice of directions of modernization of enterprises based on information entropy economic risk model”, Economics and Mathematical Methods, vol. 50, no. 2, pp. 111-126, 2014.

R.S. Ariautov, A.G. Pimonov, and K.E. Reizenbuk, “Decision support system for securities portfolio management based on entropic risk measures”, Vestnik of Kuzbass State Technical University, no. 6, pp. 169-174, 2015.

V.V. Mokhor, V.V. Tsurkan, and S.M. Mykhailov, “Entropy approach to information security risk assessment in cyberspace”, in Proc. ІV international conf. ITSEC, Kyiv, 2014, с. 43.

A.I. Khinchin, “The concept of entropy in probability theory”, Uspekhi Matematicheskikh Nauk, vol. VIII, iss. 3 (55), pp. 3-20, May-June 1953.

M.V. Volkshtein, Entropy and information. Moscow, Russia: Nauka. 1986.

Published

2016-12-31

How to Cite

Mokhor, V., Tsurkan, V., Dorohyi, Y., Mykhailov, S., Bakalynskyi, O., Krykhovetskyi, H., & Bohdanov, I. (2016). Use of entropy approach for information security risks assessment. Collection "Information Technology and Security", 4(2), 255–261. https://doi.org/10.20535/2411-1031.2016.4.2.110082

Issue

Section

INFORMATION SECURITY RISK MANAGEMENT