Analyzing of eligibility of complex risks of information security by analytical geometry methods

Authors

  • Volodymyr Mokhor Pukhov institute for modeling in energy engineering of National academy of sciences of Ukraine, Kyiv,
  • Oleksandr Bakalynskyi State institution “Institute of special communications and information protection National technical university of Ukraine “Kyiv polytechnic institute”, Kyiv,
  • Oleksandr Bohdanov State institution “Institute of special communications and information protection National technical university of Ukraine “Kyiv polytechnic institute”, Kyiv,
  • Vasyl Tsurkan State institution “Institute of special communications and information protection National technical university of Ukraine “Kyiv polytechnic institute”, Kyiv,

DOI:

https://doi.org/10.20535/2411-1031.2016.4.1.96086

Keywords:

Information security risk, probability of threats, information security management system, complex information protection system, analytic geometry, line equation.

Abstract

Requirement for the protection state information resources is determined by the law Ukraine. Complex systems of information protection or information security management system is rooted for this. It is necessary to determine eligibility of criteria risk levels and set their limit values during development of such systems. This task is assigned to the owner or manager of information asset. Determination of limit values of risk levels allows to draw the line between acceptable and unacceptable risk. Presence of such limits provides an opportunity to make informed decisions about necessary risks processing and attracting the necessary resources. Therefore, the main purpose is presenting the approach to analyzing the levels acceptability of complex information security risks using mathematical tools of analytical geometry and assumptions concerning the analogy between the additive model of complex risk with equation of line. This line is reflected in the area and defines the boundary, predefined risk levels. The analogy equation of the line with the equation of finding two risk values of threats to security informative asset for a given level of total risk shows as an example. The location of “boundary line” is defined and proven, also considered various options for its intersection with other direct. Depending on their relative position became possible the formation of approaches to the definition and classification of officials recommendations who are developing a complex information protection system or the system of information security management. It is allowed to simplify and justify determination of quantitative characteristics of complex risks and contributed to the formulation of further research in n-dimensional area by using the analytical and geometric models.

Author Biographies

Volodymyr Mokhor, Pukhov institute for modeling in energy engineering of National academy of sciences of Ukraine, Kyiv,

doctor of technical sciences, professor,
director

Oleksandr Bakalynskyi, State institution “Institute of special communications and information protection National technical university of Ukraine “Kyiv polytechnic institute”, Kyiv,

deputy head of management 
and tactical and special training 
academic department

Oleksandr Bohdanov, State institution “Institute of special communications and information protection National technical university of Ukraine “Kyiv polytechnic institute”, Kyiv,

doctor of technical sciences, professor,
head of management and tactical and
special training academic department

Vasyl Tsurkan, State institution “Institute of special communications and information protection National technical university of Ukraine “Kyiv polytechnic institute”, Kyiv,

candidate of technical sciences, associate professor
at the cybersecurity and application of information
systems and technologies academic department

References

Verkhovna Rada of Ukraine. 5th Session. (1996, June 26). Constitution of Ukraine. [Online]. Available: http://zakon5.rada.gov.ua/laws/show/254% D0%BA/96-%D0%B2%D1%80. Accessed on: Nov. 19, 2015.

Verkhovna Rada of Ukraine. 1st Session. (1994, July. 05). Law of Ukraine “About information protection in telecommunication”. [Online]. Available: http://zakon5.rada.gov.ua/laws/show/ 80/94-%D0%B2%D1%80. Accessed on: Nov. 19, 2015.

Verkhovna Rada of Ukraine. 7th Session. (2001, Apr. 5). Criminal codex of Ukraine. [Online]. Available: http://zakon5.rada.gov.ua/laws/show/2341-14. Accessed on: Nov. 19, 2015.

International Organization for Standardization. 2009. ISO/IEC 31000, Risk management. Principles and guidelines. [Online]. Available: http://www.iso.org/iso/iso31000. Accessed on: Nov. 19, 2015.

International Organization for Standardization. 2011. ISO/IEC 27005, Information technology. Security techniques. Information security risk management. [Online]. Available: http://www.iso.org/iso/iso27005. Accessed on: Nov. 19, 2015.

International Organization for Standardization. 2009. ISO Guide 73, Risk management. Vocabulary. [Online]. Available: https://www.iso.org/obp/ui/#iso:std:iso:guide:73:ed-1:v1:en. Accessed on: Nov. 19, 2015.

V.S. Zarubin, A.N. Kanatnikov, and A.P. Krishchenko, Analytical geometry. Moskow, Russia: Bauman MSTU, 2000.

V. Mokhor et al., “Analytical geometry approach for information security risks analyses”, Information Technology and Security, vol. 3. iss. 1 (4), pp. 60-67, January-June 2015.

Published

2016-06-30

How to Cite

Mokhor, V., Bakalynskyi, O., Bohdanov, O., & Tsurkan, V. (2016). Analyzing of eligibility of complex risks of information security by analytical geometry methods. Information Technology and Security, 4(1), 100–107. https://doi.org/10.20535/2411-1031.2016.4.1.96086

Issue

Section

INFORMATION SECURITY RISK MANAGEMENT