TY - JOUR AU - Mokhor, Volodymyr AU - Bakalynskyi, Oleksandr AU - Bohdanov, Oleksandr AU - Tsurkan, Vasyl PY - 2016/06/30 Y2 - 2024/03/29 TI - Analyzing of eligibility of complex risks of information security by analytical geometry methods JF - Collection "Information Technology and Security" JA - ITS VL - 4 IS - 1 SE - INFORMATION SECURITY RISK MANAGEMENT DO - 10.20535/2411-1031.2016.4.1.96086 UR - https://its.iszzi.kpi.ua/article/view/96086 SP - 100-107 AB - <p align="justify">Requirement for the protection state information resources is determined by the law Ukraine. Complex systems of information protection or information security management system is rooted for this. It is necessary to determine eligibility of criteria risk levels and set their limit values during development of such systems. This task is assigned to the owner or manager of information asset. Determination of limit values of risk levels allows to draw the line between acceptable and unacceptable risk. Presence of such limits provides an opportunity to make informed decisions about necessary risks processing and attracting the necessary resources. Therefore, the main purpose is presenting the approach to analyzing the levels acceptability of complex information security risks using mathematical tools of analytical geometry and assumptions concerning the analogy between the additive model of complex risk with equation of line. This line is reflected in the area and defines the boundary, predefined risk levels. The analogy equation of the line with the equation of finding two risk values of threats to security informative asset for a given level of total risk shows as an example. The location of “boundary line” is defined and proven, also considered various options for its intersection with other direct. Depending on their relative position became possible the formation of approaches to the definition and classification of officials recommendations who are developing a complex information protection system or the system of information security management. It is allowed to simplify and justify determination of quantitative characteristics of complex risks and contributed to the formulation of further research in <em>n</em>-dimensional area by using the analytical and geometric models.</p> ER -