Quantitative assessment of the probability of protective system functioning without unlawful actions

Authors

DOI:

https://doi.org/10.20535/2411-1031.2024.12.2.315745

Keywords:

security levels, unauthorized access to information, parameters, probability, model, dependency, graphical interpretation

Abstract

Information security, also known as InfoSec, is the practice of preventing unauthorized access, use, disclosure, disruption, modification, or destruction of information. The primary goal of information security is to achieve a balanced protection of data confidentiality, integrity, and availability, while considering the expediency of application and without any harm to the organization's productivity. In this paper, the security levels (threats) T of the k-th threat to the properties of information circulating in the information and telecommunications system (ITS) are obtained from the parameters: c – assessment of the impact of the k-th threat on the confidentiality of information, i, a and s – assessments of the impact of the k-th threat on the integrity, availability, and observations of information, respectively. The weight coefficient p determines the share of the occurrence of this threat relative to the entire set of threats and can be calculated based on the analysis of ITS operation statistics or using known forecasting methods. The probability of no unauthorized access to information during the operation of the protection system has been quantitatively assessed. The assessment is based on the parameters: a – the intensity of the protection system's suppression of attempts to illegally access information, b – the intensity of such attempts at the input to the protection system, t – the number of days of the system's operation. For graphical interpretation of the dependencies, graphical materials are presented. For this purpose, modeling was performed in the MatLab system. The graphical materials clearly indicate the possibility of obtaining a state of operation of the protection system without unauthorized actions depending on the influence of threats to confidentiality, integrity, availability of information, and unauthorized access to information depending on the parameters of the intensity of suppression by the protection system of attempts to illegally access information, and the intensity of such attempts at the input to the protection system. This will, unlike analogues, allow developers of information systems and service personnel to have quantitative indicators of the probability of no unauthorized access to information and to make decisions regarding possible vulnerabilities.

Author Biographies

Volodymyr Akhramovych, State University of Information and Communication Technologies

doctor of technical sciences, professor, professor at the academic department of information and cyber defense systems

Vadym Akhramovych, National academy of statistics, accounting and auditing, Kyiv

head of the computing center

References

F.F. Hidalgo, C. Calero, and M.A. Moraga, “A Systematic Mapping Study of Software Reliability Modeling”, Information and Software Technology, vol. 56 (8), pp/ 839-849, 2024. doi: https://doi.org/10.1016/j.infsof.2014.03.006.

V.S. Yakovina, D.V. Fedasiuk, and N.M Mamroha, “Analysis of the use of aspect-oriented programming as a means of increasing the reliability of software”, Software engineering, no. 2, pp. 24-29, 2010. [Online]. Available: https://jrnl.nau.edu.ua/index.php/IPZ/article/view/3533. Accessed on: July 19, 2024.

E. Ryzhov, L. Sakovich, S. Glukhov, and Yu. Nastyshyn, “Assessment of the impact of diagnostic support on the reliability of radio electronic systems”, Military and technical collection, no. 24, pp. 3-8, 2021. doi: https://doi.org/10.33577/2312-4458.24.2021.3-8.

V. Akhramovych, Y. Pepa, A. Zahynei1, V. Akhramovych, T. Dzyuba, and I. Danylov, “Method for calculating the information security indicator in social media with considerationof the path durationbetween clients”, Informatyka, Automatyka, Pomiary w Gospodarce i Ochronie Środowiska (IAPGOS), vol. 14, no. 1, pp. 71-77, 2024. doi: http://doi.org/10.35784/iapgos.5720.2024.03.31.

R. Khrashchevskyi, V. Klobukov, V. Kozlovskyi, V. Akhramovych, and S. Lazarenko, “Method of calculating information protection from mutual influence of users in social networks”, Inter. Jour. of Comp. Net. and Inf. Sec. (IJCNIS), vol. 15, no. 5, pp. 27-40, 2023. doi: https://doi.org/10.5815/ijcnis.2023.05.03.

J.M. Borky, T.H. Bradley, “Protecting Information with Cybersecurity”, in Effective Model-Based Systems Engineering. NY, USA: Springer International Publishing AG, 2019, рр. 345-404. doi: https://doi.org/10.1007/978-3-319-95669-5_10.

F.R. Kifaru, K.D. Kavuta, and A.A. Semlambo, “Assessment of the impacts of cyber security on student information management systems: a case of Ruaha Catholic University”, The Journal of Informatics, vol. 3, iss. 1 pp. 51-67, 2023. doi: https://doi.org/10.59645/tji.v3i1.127.

O.S. Vlasyuk, Theory and practice of economic security in the system of science and economics. Kyiv, Ukraine: National Institute of International Security Problems at the Council of National security and defense of Ukraine, 2008.

O.M. Pravdyvets, “Scientific approaches to the study of the economic security system of the enterprise”, Regional economy, no. 4 (110). pp. 74-90. 2023. doi: https://doi.org/10.36818/1562-0905-2023-4-8.

M. Ekstedt, Z. Afzal1, P. Mukherjee, S. Hacks, and R. Lagerström, “Yet another cybersecurity risk assessment framework”, International Journal of Information Security, vol. 22, рр.1713-1729, 2023. doi: https://doi.org/10.1007/s10207-023-00713-y.

Downloads

Published

2024-12-26

How to Cite

Akhramovych, V., & Akhramovych, V. (2024). Quantitative assessment of the probability of protective system functioning without unlawful actions. Collection "Information Technology and Security", 12(2), 257–267. https://doi.org/10.20535/2411-1031.2024.12.2.315745

Issue

Vol. 12 No. 2 (2024)

Section

CYBERSECURITY AND CRITICAL INFRASTRUCTURE PROTECTION

License

Copyright (c) 2024 Collection "Information Technology and Security"

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

The authors that are published in this collection, agree to the following terms:

  1. The authors reserve the right to authorship of their work and pass the collection right of first publication this work is licensed under the Creative Commons Attribution License, which allows others to freely distribute the published work with the obligatory reference to the authors of the original work and the first publication of the work in this collection.
     
  2. The authors have the right to conclude an agreement on exclusive distribution of the work in the form in which it was published this anthology (for example, to place the work in a digital repository institution or to publish in the structure of the monograph), provided that references to the first publication of the work in this collection.
     
  3. Policy of the journal allows and encourages the placement of authors on the Internet (for example, in storage facilities or on personal web sites) the manuscript of the work, prior to the submission of the manuscript to the editor, and during its editorial processing, as it contributes to productive scientific discussion and positive effect on the efficiency and dynamics of citations of published work (see The Effect of Open Access).