Analyzing of eligibility of complex risks of information security by analytical geometry methods
Requirement for the protection state information resources is determined by the law Ukraine. Complex systems of information protection or information security management system is rooted for this. It is necessary to determine eligibility of criteria risk levels and set their limit values during development of such systems. This task is assigned to the owner or manager of information asset. Determination of limit values of risk levels allows to draw the line between acceptable and unacceptable risk. Presence of such limits provides an opportunity to make informed decisions about necessary risks processing and attracting the necessary resources. Therefore, the main purpose is presenting the approach to analyzing the levels acceptability of complex information security risks using mathematical tools of analytical geometry and assumptions concerning the analogy between the additive model of complex risk with equation of line. This line is reflected in the area and defines the boundary, predefined risk levels. The analogy equation of the line with the equation of finding two risk values of threats to security informative asset for a given level of total risk shows as an example. The location of “boundary line” is defined and proven, also considered various options for its intersection with other direct. Depending on their relative position became possible the formation of approaches to the definition and classification of officials recommendations who are developing a complex information protection system or the system of information security management. It is allowed to simplify and justify determination of quantitative characteristics of complex risks and contributed to the formulation of further research in n-dimensional area by using the analytical and geometric models.
Full Text:PDF (Українська)
Verkhovna Rada of Ukraine. 5th Session. (1996, June 26). Constitution of Ukraine. [Online]. Available: http://zakon5.rada.gov.ua/laws/show/254% D0%BA/96-%D0%B2%D1%80. Accessed on: Nov. 19, 2015.
Verkhovna Rada of Ukraine. 1st Session. (1994, July. 05). Law of Ukraine “About information protection in telecommunication”. [Online]. Available: http://zakon5.rada.gov.ua/laws/show/ 80/94-%D0%B2%D1%80. Accessed on: Nov. 19, 2015.
Verkhovna Rada of Ukraine. 7th Session. (2001, Apr. 5). Criminal codex of Ukraine. [Online]. Available: http://zakon5.rada.gov.ua/laws/show/2341-14. Accessed on: Nov. 19, 2015.
International Organization for Standardization. 2009. ISO/IEC 31000, Risk management. Principles and guidelines. [Online]. Available: http://www.iso.org/iso/iso31000. Accessed on: Nov. 19, 2015.
International Organization for Standardization. 2011. ISO/IEC 27005, Information technology. Security techniques. Information security risk management. [Online]. Available: http://www.iso.org/iso/iso27005. Accessed on: Nov. 19, 2015.
International Organization for Standardization. 2009. ISO Guide 73, Risk management. Vocabulary. [Online]. Available: https://www.iso.org/obp/ui/#iso:std:iso:guide:73:ed-1:v1:en. Accessed on: Nov. 19, 2015.
V.S. Zarubin, A.N. Kanatnikov, and A.P. Krishchenko, Analytical geometry. Moskow, Russia: Bauman MSTU, 2000.
V. Mokhor et al., “Analytical geometry approach for information security risks analyses”, Information Technology and Security, vol. 3. iss. 1 (4), pp. 60-67, January-June 2015.
ISSN 2411-1031 (Print), ISSN 2518-1033 (Online)