Analysis of risks methodology in information systems
Main Article Content
Abstract
A method of risk analysis in information systems is being developed. The ways of ensuring the efficiency of control systems in the conditions of information confrontation with the use of the game theory apparatus are investigated. The desire to ensure high efficiency of modern management information systems, minimize financial costs, provide energy and information protection of the management system, highlights the creation of a system of analysis and risk management in information systems. It is assumed that the control system can implement the following behavioral strategies in a conflict situation: the control system does not change the algorithm, but changes the class of algorithms used to achieve the maximum value of the average quality by choosing the probability Pij for a given set of countermeasures, the control system changes the algorithm operation, the class of operating algorithms used to maximize the average quality of fixed countermeasures, the control system changes the operating algorithm and the class of operating algorithms used depending on the countermeasure strategy in order to achieve maximum quality. Using the apparatus of game theory, an analysis was performed and a method for estimating the average value of the quality of the communication system with different strategies of the conflicting parties was developed. The technique of estimation of average value of an indicator of quality of functioning of a control system is developed and expressions for an estimation of average value of an indicator at various strategies of behavior are received. It is shown that the solution to the problem of improving the quality of the control system is possible through the use of a mixed strategy of system behavior and the choice of structure and parameters of the control system that increase the partial quality of its operation.
Article Details
References
Найт Ф. Понятие риска и неопределенности. Теория и история экономических и социальных институтов и си-стем. 1994. № 5. С. 22-29.
Менеджмент качества [Электронный ресурс]. URL: http://www.kpms.ru/Automatization
Управление рисками на предприятии [Электронный ресурс]. URL: http://www.risk24.ru/
Активы организации как ключевые факторы риска [Электронный ресурс]. URL: https://www2.deloitte.com/content
Берлимер Б. Риски в современном бизнесе. М.: Аланс, 1994. 200 с.
Suroso, J. S, & Fakhrozi, M. A. (2018). Assessment of Information System Risk Management with Octave Allegro at Education Institution, 3rd Inte. Conf. on Computer Science and Computational Intelligence, 135, pp. 202-213.
Suroso, J. S., Rahadi, B. (2017). Development of IT Risk Management Framework Using COBIT 4.1, Implementation In IT Governance For Support Business Strategy. ACM International Conference Proceeding Series. Part F130654.
Мазов Н.А., Ревнивых А.В., Федотов А.М. Классификация рисков информационной безопасности. Вестник НГУ. Серия: Информационные технологии, 2011. Т. 9, вып/ 2. С. 80-89.
Datta, S. P. (2010). Risk Management Process for Information Security System. International Journal of Computer Sci-ence andCommunication, 1(1), 33-38.
Cherdantseva, Y., Burnap, P., Blyth, A., Eden, P., Jones, K., Soulsby, H., & Stoddart, K. (2016). A review of cyber secu-rity risk assessment methods for SCADA systems. Computers & Security, 56, 1–27.
Покровский, П. Оценка информационных рисков. LAN. 2010. № 10. C/ 25-31/