Models of forecasting destructive influence risks for information processes in management systems
Keywords:
information systems, information security, destructive impacts, damage, damage prediction modelsAbstract
Introduction: One of the side effects of introducing modern information technologies in the management of economic, social,
organizational and technical systems is the stronger dependence of the management quality on intentional or accidental destructive
influences which violate the integrity, confidentiality and availability of the information used. This determines the relevance
of developing appropriate information security systems. The substantiation of the development of such systems requires solving
the problems of comparative assessment of the destructive impact risks and the cost of their prevention. Purpose: Predicting the
danger of a destructive impact on information processes in control systems. Method: The prediction is based on representing
the destructive effects in the form of a random sequence of events which lead to disruptions in the information processes. The
consequences of failures are also represented by certain random variables. Results: Methodical approaches are proposed in order
to build models for predicting temporal and volumetric characteristics of damage from destructive influences on information processes
in the management of economic, social, organizational and technical systems. In these models, we suggest to assess the
danger of destructive impacts by the probability of the onset of a destructive event at a certain time moment, and by the amount
of damage caused by it. The basis for the construction of prediction models is the presentation of damage indicators in the form
of step functions of time. The constructive representation of these functions is based on the conditional deterministic approach.
The completeness of a priori information usage in determining specific parameters of the damage functions is ensured by applying
the maximum uncertainty principle. The measure for the uncertainty is entropy. The conditional deterministic approach
for higher uncertainty levels was developed in a stochastic approach. On its basis, classes of stochastic models were proposed,
corresponding to various information situations. These models allow you to estimate not only the expected values of damage
indicators due to the failure in taking measures to ensure information security while managing targeted systems, but also their
probabilistic characteristics. Practical relevance: The proposed approaches are the basis for the creation of particular models and
techniques in the interests of well substantiated decisions on the formation of the structure of the organization and management
of information security subsystems.