Use of entropy approach for information security risks assessment

Authors

  • Volodymyr Mokhor Pukhov institute for modeling in energy engineering of National academy of sciences of Ukraine, Kyiv,, Ukraine
  • Vasyl Tsurkan Institute of special communications and information protection National technical university of Ukraine “Igor Sikorsky Kyiv polytechnic institute”, Kyiv,, Ukraine https://orcid.org/0000-0003-1352-042X
  • Yaroslav Dorohyi National technical university of Ukraine “Igor Sikorsky Kyiv polytechnic institute”, Kyiv,, Ukraine
  • Serhii Mykhailov Institute of special communications and information protection National technical university of Ukraine “Igor Sikorsky Kyiv polytechnic institute”, Kyiv,, Ukraine
  • Oleksandr Bakalynskyi Institute of special communications and information protection National technical university of Ukraine “Igor Sikorsky Kyiv polytechnic institute”, Kyiv,, Ukraine
  • Heorhii Krykhovetskyi Institute of special communications and information protection National technical university of Ukraine “Igor Sikorsky Kyiv polytechnic institute”, Kyiv,, Ukraine
  • Ihor Bohdanov “Starcom” “ССМ” Subsidiary Enterprise, Kyiv,, Ukraine

DOI:

https://doi.org/10.20535/2411-1031.2016.4.2.110082

Keywords:

Information security, information security risk, uncertainty, entropy, entropy approach.

Abstract

The risk of information security as an influence of uncertainty on the achievement of goals is considered. In achieving the goals meant to ensure the confidentiality, integrity and availability of information. Estimation of such influence is carried out by the elimination of entropy as a measure of uncertainty. The state of uncertainty is described by the final scheme.  The variety of threats for information security and loss resulting from their implementation is set for its definition. It takes into account the existence of different threats that lead to the same losses, and threats, due to the implementation of which there are no losses. At the same time, the distribution of likelihood of damage as a result of the implementation of threats for information security is considered as known. The correctness of that approach is confirmed by the implementation of the entropy characteristics. Therefore, the use of an entropy approach allows to construct an intuitively more correct basis for quantitative risk assessment of information security. It is associated with a fact of operating the form of the distribution of a random variable but not its specific values. In this case, the advantages and disadvantages of the entropy approach are established. The using of fuzzy set theory and likelihood is offered to overcome the identified shortcomings in prospect.

Author Biographies

Volodymyr Mokhor, Pukhov institute for modeling in energy engineering of National academy of sciences of Ukraine, Kyiv,

doctor of technical sciences,
professor, director

Vasyl Tsurkan, Institute of special communications and information protection National technical university of Ukraine “Igor Sikorsky Kyiv polytechnic institute”, Kyiv,

candidate of technical sciences,
associate professor at the cybersecurity
and application of information systems
and technologies academic department

Yaroslav Dorohyi, National technical university of Ukraine “Igor Sikorsky Kyiv polytechnic institute”, Kyiv,

candidate of technical sciences,
associate professor, doctoral student

Serhii Mykhailov, Institute of special communications and information protection National technical university of Ukraine “Igor Sikorsky Kyiv polytechnic institute”, Kyiv,

postgraduate student

Oleksandr Bakalynskyi, Institute of special communications and information protection National technical university of Ukraine “Igor Sikorsky Kyiv polytechnic institute”, Kyiv,

deputy head of management
and tactical and special training
academic department

Heorhii Krykhovetskyi, Institute of special communications and information protection National technical university of Ukraine “Igor Sikorsky Kyiv polytechnic institute”, Kyiv,

candidate of technical sciences,
senior researcher, chief
of the scientific-organizational
department

Ihor Bohdanov, “Starcom” “ССМ” Subsidiary Enterprise, Kyiv,

junior

References

V.V. Mokhor, and V.V. Tsurkan, “ The entropy approach to the definition of the "information security risk”, in Proc. ХХVIII conf. Modeling, Кyiv, 2009, p. 22.

E.M. Bronshtein, and O.V. Kondrateva, “ About efficiency of use entropic risk measures at securities portfolio forming”, Financial Analytics: Science and Experience, vol. 4, iss. 11, pp. 7-10, March 2011.

R.A. Gevorgian, “Entropy approach to the market risks assessment”, Financial Risk Management, no. 2, pp. 146-153, 2012.

E.M. Bronshtein, and O.V. Kondrateva, “Security portfolio management based on combined entropic risk measures”, Theory and control systems, no. 5, p. 172, 2013.

doi: 10.7868/S0002338813050041.

E.V. Levner, and A.S. Ptuskin, “On the choice of directions of modernization of enterprises based on information entropy economic risk model”, Economics and Mathematical Methods, vol. 50, no. 2, pp. 111-126, 2014.

R.S. Ariautov, A.G. Pimonov, and K.E. Reizenbuk, “Decision support system for securities portfolio management based on entropic risk measures”, Vestnik of Kuzbass State Technical University, no. 6, pp. 169-174, 2015.

V.V. Mokhor, V.V. Tsurkan, and S.M. Mykhailov, “Entropy approach to information security risk assessment in cyberspace”, in Proc. ІV international conf. ITSEC, Kyiv, 2014, с. 43.

A.I. Khinchin, “The concept of entropy in probability theory”, Uspekhi Matematicheskikh Nauk, vol. VIII, iss. 3 (55), pp. 3-20, May-June 1953.

M.V. Volkshtein, Entropy and information. Moscow, Russia: Nauka. 1986.

Downloads

Published

2016-12-31

How to Cite

Mokhor, V., Tsurkan, V., Dorohyi, Y., Mykhailov, S., Bakalynskyi, O., Krykhovetskyi, H., & Bohdanov, I. (2016). Use of entropy approach for information security risks assessment. Collection "Information Technology and Security", 4(2), 255–261. https://doi.org/10.20535/2411-1031.2016.4.2.110082

Issue

Vol. 4 No. 2 (2016)

Section

INFORMATION SECURITY RISK MANAGEMENT

License

Copyright (c) 2020 Collection "Information technology and security"

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

The authors that are published in this collection, agree to the following terms:

  1. The authors reserve the right to authorship of their work and pass the collection right of first publication this work is licensed under the Creative Commons Attribution License, which allows others to freely distribute the published work with the obligatory reference to the authors of the original work and the first publication of the work in this collection.
     
  2. The authors have the right to conclude an agreement on exclusive distribution of the work in the form in which it was published this anthology (for example, to place the work in a digital repository institution or to publish in the structure of the monograph), provided that references to the first publication of the work in this collection.
     
  3. Policy of the journal allows and encourages the placement of authors on the Internet (for example, in storage facilities or on personal web sites) the manuscript of the work, prior to the submission of the manuscript to the editor, and during its editorial processing, as it contributes to productive scientific discussion and positive effect on the efficiency and dynamics of citations of published work (see The Effect of Open Access).