Analysis of information-telecommunication network risk based on cognitive maps and cause-effect diagram
Article Sidebar
Main Article Content
Abstract
The subject matter of the article is the processes of analysis and risk assessment of information and telecommunications networks. The aim is to reduce the potential losses caused by the risks of information and telecommunications network (ITN) functioning by taking timely risk management measures. The objectives are: classification of ITN risks, highlighting the main factors and causes of their occurrence; formation of a systematic presentation of risks to identify their manifestation and consequences; development of the method for assessing the influence of the risk and private risk on probable consequences; obtaining a quantitative risk assessment of ITN. The methods used are: system analysis of risks, method of cognitive maps, cause-and-effect analysis. The following results are obtained: classification of private risks of ITN according to the reasons and the factors of their occurrence is made; the negative consequences affecting the basic characteristics of the operation of ITN are defined; as a result, the structural system model of ITN risks is formed, in which the relationships between the elements of the main aspects of risk are shown; the method based on the theory of causal analysis is suggested in order to quantify the risk impact on ITN functioning. The risk model is based on the construction and analysis of probabilistic or fuzzy cognitive maps. Experts estimate the level of influence of private risks on the characteristics of the network in order to make decisions on risk management. The generalized structure of the cause-effect diagram of the risk factors, manifestation and consequences is developed; on ITN basis the method for quantifying the probability of risk consequences is suggested. The quantitative assessment of probable malfunctioning of the network that is determined by a specific effect (taking into account ITN probability), which is caused by private risks is also made. Conclusion. The suggested approach for quantitative assessment of ITN risk is based on the method of cause-and-effect analysis and enables taking into account both the factors causing it and probable consequences. The obtained results can be used to determine probable failures and losses in ITN functioning on the basis of the information about the degree of risk factors effects, risk events and consequences, and the cause-effect relationships between them. Thus, potential losses can be identified; measures to manage the risks of ITN functioning can be taken.
Article Details
References
Konvergencija setej, tehnologij i uslug [Convergence of networks, technologies and services], available at:
http://studopedia.su/6_48249_konvergentsiya-setey-tehnologiy-i-uslug.html (last accessed February 1, 2017).
Cichonski, P., Millar, T., Grance, T. and Scarfone, K. (2012), Computer Security Incident Handling Guide, National Institute of Standarts and Technology, 79 p.
Ross, R. (2012), Guide for Conducting Risk Assessments, National Institute of Standards and Technology, 95 p.
Paulsen, S. and Boens, J. (2012), Summary of the Workshop on information and communication technologies supply chain risk management, National Institute of Standards and Technology, 21 p.
Zadiraka, V.K. and Kudin, A.M. (2012), "Osobennosti realizacii kriptograficheskih i steganograficheskih sistem po principu oblachnyh vychislitelnyh tehnologii" [Peculiarities of realization of cryptographic and steganographic systems according to the principle of cloud computing technologies], Shtuchnyi intelekt [Artificial Intelligence], No. 3(55), pp. 438–444.
Hornytska, D.A., Zakharova, M.V. and Kladnytskiy, A.I. (2012), "Analysis and assessment system of the state of information security, socio-technical resources of attacks", Information security, No 2, pp. 70-74.
Burachok, V. (2013), "Technology of vulnerabilities using of web-resources in the organization and conducting of network reconnaissance informational telecommunication systems", Network & Internet security, Vol. 19, Issue 2, pp. 83-87.
Furmanov, A.A., Lahizha, I.N. and Harchenko, V.S. (2009), "[Modeling of guaranteed service-oriented architectures for attacks with using of vulnerabilities", Radioelectronic and computer systems, No. 7 (41), pp. 65-69.
Boyarchuk, A. (2011), Safety of critical infrastructures: mathematical and engineering methods of analysis and support, National Aerospace University "KhAI", Kharkiv, 641 p.
Voropaeva, V.Y., Shcherbov, I.L. and Haustova, E.D. (2013), “Upravlenie informacionnoi bezopasnostiu informacionno-telekommunikacionih system na osnove modeli «plan-do-checkact»” [Information Security Management information and telecommunication systems based on the model «PLAN-DO-CHECK-ACT»], Naukovi pratsi DonNTU. Seriya: ob-chyslyuval'na tekhnika ta avtomatyzatsiya [Proceedings of Donetsk National Technical University. Series: Computers and Automation], No. 253 (201), pp. 104-110.
Prikhodko, T.A. (2011), Issledovanie voprosov bezopasnosti lokal'nyh setej na kanal'nom urovne modeli OSI [Investigation of security issues of local networks on the channel level of the OSI model], available at:
http://ea.dgtu.donetsk.ua:8080/handle/123456789/2068 (last accessed February 1, 2017).
Sklyar, V.V. (2011), "Methodology of risk analysis of functional safety of information-control systems", in Safety of critical infrastructures: mathematical and engineering methods of analysis and provision, Kharchenko, V.S. (Ed.), National Aerospace University "KhAI", Kharkiv, Section 12, pp. 360-408.
Nochevnov, E.V. (2016), ["Klassifikacija faktorov riska v upravlenii proektami v oblasti informacionnyh i kommunikacionnyh tehnologij" [Classification of risk factors in project management in the field of information and communication technologies], Upravlenie proektami i programmami [Project and Program Management], No. 2,
pp. 44-53.
Chto takoe informacionnaja bezopasnost' telekommunikacionnyh sistem? [What is the information security of telecommunications systems?], available at: http://camafon.ru/informatsionnaya-bezopasnost/telekommunikatsionnyih-sistem (last accessed February 1, 2017).
Hayes, D. (1981), Causal analysis in statistical studies, Moscow, Finance and Statistics, 255 p.
Kiryanov, V.V. Usovershenstvovanie organizacionnyh osnov sozdanija kompleksnoj sistemy zashhity informacii v informacionno–telekommunikacionnoj sisteme [Improvement of organizational bases for creating a comprehensive information security system in the information and telecommunication system], available at:
http://masters.donntu.org/2014/frt/kiryanov/diss/index.htm (last accessed February 1, 2017).
Maleeva, O.V. and Sytnik N.I. (2007), "Analysis of the interaction of internal and external risks on the basis of the cause-effect diagram", Radioelectronic and computer systems, No. 1, pp. 73-76.
Nadezhdin, E.N. and Sheptukhovsky, V.A. Metodika ocenivanija riskov informacionnoj bezopasnosti v vychislitel'nyh setjah obrazovatel'nyh uchrezhdenij [The method of assessing the risks of information security in the computer networks of educational institutions], available at: http://www.masters.donntu.org/2014/frt/vashakidze/library/8.htm (last accessed February 1, 2017).