Analyzing of eligibility of complex risks of information security by analytical geometry methods
Keywords:Information security risk, probability of threats, information security management system, complex information protection system, analytic geometry, line equation.
Requirement for the protection state information resources is determined by the law Ukraine. Complex systems of information protection or information security management system is rooted for this. It is necessary to determine eligibility of criteria risk levels and set their limit values during development of such systems. This task is assigned to the owner or manager of information asset. Determination of limit values of risk levels allows to draw the line between acceptable and unacceptable risk. Presence of such limits provides an opportunity to make informed decisions about necessary risks processing and attracting the necessary resources. Therefore, the main purpose is presenting the approach to analyzing the levels acceptability of complex information security risks using mathematical tools of analytical geometry and assumptions concerning the analogy between the additive model of complex risk with equation of line. This line is reflected in the area and defines the boundary, predefined risk levels. The analogy equation of the line with the equation of finding two risk values of threats to security informative asset for a given level of total risk shows as an example. The location of “boundary line” is defined and proven, also considered various options for its intersection with other direct. Depending on their relative position became possible the formation of approaches to the definition and classification of officials recommendations who are developing a complex information protection system or the system of information security management. It is allowed to simplify and justify determination of quantitative characteristics of complex risks and contributed to the formulation of further research in n-dimensional area by using the analytical and geometric models.
Verkhovna Rada of Ukraine. 5th Session. (1996, June 26). Constitution of Ukraine. [Online]. Available: http://zakon5.rada.gov.ua/laws/show/254% D0%BA/96-%D0%B2%D1%80. Accessed on: Nov. 19, 2015.
Verkhovna Rada of Ukraine. 1st Session. (1994, July. 05). Law of Ukraine “About information protection in telecommunication”. [Online]. Available: http://zakon5.rada.gov.ua/laws/show/ 80/94-%D0%B2%D1%80. Accessed on: Nov. 19, 2015.
Verkhovna Rada of Ukraine. 7th Session. (2001, Apr. 5). Criminal codex of Ukraine. [Online]. Available: http://zakon5.rada.gov.ua/laws/show/2341-14. Accessed on: Nov. 19, 2015.
International Organization for Standardization. 2009. ISO/IEC 31000, Risk management. Principles and guidelines. [Online]. Available: http://www.iso.org/iso/iso31000. Accessed on: Nov. 19, 2015.
International Organization for Standardization. 2011. ISO/IEC 27005, Information technology. Security techniques. Information security risk management. [Online]. Available: http://www.iso.org/iso/iso27005. Accessed on: Nov. 19, 2015.
International Organization for Standardization. 2009. ISO Guide 73, Risk management. Vocabulary. [Online]. Available: https://www.iso.org/obp/ui/#iso:std:iso:guide:73:ed-1:v1:en. Accessed on: Nov. 19, 2015.
V.S. Zarubin, A.N. Kanatnikov, and A.P. Krishchenko, Analytical geometry. Moskow, Russia: Bauman MSTU, 2000.
V. Mokhor et al., “Analytical geometry approach for information security risks analyses”, Information Technology and Security, vol. 3. iss. 1 (4), pp. 60-67, January-June 2015.
How to Cite
Copyright (c) 2020 Collection "Information technology and security"
This work is licensed under a Creative Commons Attribution 4.0 International License.
The authors that are published in this collection, agree to the following terms:
- The authors reserve the right to authorship of their work and pass the collection right of first publication this work is licensed under the Creative Commons Attribution License, which allows others to freely distribute the published work with the obligatory reference to the authors of the original work and the first publication of the work in this collection.
- The authors have the right to conclude an agreement on exclusive distribution of the work in the form in which it was published this anthology (for example, to place the work in a digital repository institution or to publish in the structure of the monograph), provided that references to the first publication of the work in this collection.
- Policy of the journal allows and encourages the placement of authors on the Internet (for example, in storage facilities or on personal web sites) the manuscript of the work, prior to the submission of the manuscript to the editor, and during its editorial processing, as it contributes to productive scientific discussion and positive effect on the efficiency and dynamics of citations of published work (see The Effect of Open Access).