ALGORITHM OF INFORMATION SECURITY RISK ASSESSMENT BASED ON FUZZY-MULTIPLE APPROACH

Article Sidebar

PDF
DOI: https://doi.org/10.20998/2522-9052.2019.2.13
Keywords:
information security, risk assessment, information security risk assessment methodology, fuzzy sets, linguistic form

Main Article Content

Serhii Yevseiev
Simon Kuznets Kharkiv National University of Economics, Kharkiv
https://orcid.org/0000-0003-1647-6444
Oleksandr Shmatko
National Technical University "KhPI", Kharkiv
https://orcid.org/0000-0002-3339-1402
Nataliia Romashchenko
National Technical University "KhPI", Kharkiv
https://orcid.org/0000-0002-4500-4481

Abstract

The subject of the study is the process of assessing the level of information security risk that is being implemented with the help of the fuzzy logic apparatus. The purpose of this work is to develop a methodology for assessing the degree of information security risk, which would avoid the uncertainty factor, that occurs when some parts of information about the analyzed automated information system are absent. The methodology is based on the use of fuzzy logic and fuzzy sets and implies the introduction of the term sets for each of the system characteristics and the linguistic assessment of the indicators. The tasks to be solved are to analyze existing information security risk assessment methodologies for identifying their strengths and weaknesses. On the basis of the conducted analysis, a new method for assessing the risk of automated information systems information security is proposed. The following results were obtained: the advantages and disadvantages of qualitative and quantitative methodologies for assessing the risk degree of automated systems information security were identified; the main stages of the proposed methodology were described; the degree of information security risk is calculated in comparison to the FAIR methodology. Conclusion: The methodology presented in the article provides an opportunity to translate the obtained results of risk assessment from a mathematical language into a linguistic form that is more comprehensible to the decision-maker. This increases the effectiveness of the management of automated information systems protection mechanisms.

Article Details

How to Cite
Yevseiev, S., Shmatko, O., & Romashchenko, N. (2019). ALGORITHM OF INFORMATION SECURITY RISK ASSESSMENT BASED ON FUZZY-MULTIPLE APPROACH. Advanced Information Systems, 3(2), 73–79. https://doi.org/10.20998/2522-9052.2019.2.13
Issue
Vol. 3 No. 2 (2019): Advanced Information Systems
Section
Methods of information systems protection
Author Biographies

Serhii Yevseiev, Simon Kuznets Kharkiv National University of Economics, Kharkiv

Doctor of Technical Sciences, Senior Research, Associate Professor, Head of the Department of Cybersecurity and Information Technologies

Oleksandr Shmatko, National Technical University "KhPI", Kharkiv

Candidate of Technical Sciences, Associate Professor, Associate Professor of the Department of Software Engineering and Information Technology Management

Nataliia Romashchenko, National Technical University "KhPI", Kharkiv

student of the Department of Software Engineering and Information Technology Management

References

Judin, O.K. (2011), “Regulatory support”, Information security, NAU, Kyiv, pp. 15-22.

Lenkov, S.V., Peregudov, D.A. & Horoshko, V.A. (2008), Methods and means of information protection, Arij, Kyiv, pp. 7-13.

Amin Salih, M., Yuvaraj, D., Sivaram, M. and Porkodi, V. (2018), “Detection And Removal Of Black Hole Attack In Mobile Ad Hoc Networks Using Grp Protocol”, International Journal of Advanced Research in Computer Science, Vol. 9, No 6, pp. 1–6, DOI: http://dx.doi.org/10.26483/ijarcs.v9i6.6335

Baranova, E.K. (2015), “Information security risk analysis and assessment techniques”, Educational resources and technologies, 1(9), pp. 73–79.

Anikina, I.V., Emaletdinova, L.Ju. & Kirpichnikova, A.P. (2015), “Methods for assessing and managing information security risks in corporate information networks”, Bulletin of the University of Technology, No. 18(6), pp. 195–197.

Puzyrenko, O.G., Ivko, S.O. & Lavrut, O.O., (2014). “Analysis of the process of information security risk management in providing information and telecommunication systems”, Information Processing Systems, No. 8(124), pp. 128-134.

Ghazouani, M., Faris, S., Medromi, H. & Sayouti, A., (2014), “Information security risk assessment – a practical approach with a mathematical formulation of risk”, International Journal of Computer Application, No. 103(8), pp. 36-42.

Khambhammettu, H., Logrippo, L., Boulares, S & Adi, K., (2013), “A Framework for Risk Assessment in Access Control Systems”, Computers & Security, No. 38, pp. 48-54.

Chunarova, A.V., Parhomenko, I.I. & Sachuk, I.I. (2014), “Analysis of approaches and software solutions for the assessment and control of information risks in the computerized”, Bulletin of the Engineering Academy of Ukraine, No. 2, pp. 138–142.

Buchyk, S.S. (2017), Methodology for assessing information risks in an automated system. Knowledge-based technologies,, 224 p.

Buchyk, S.S. & Shalaev, V.A. (2017), “Analysis of instrumental methods for determining information security risk information and telecommunication systems”, Knowledge-based technologies, No. 3(35), pp. 215–225.

Puzyrenko, O.G., Ivko, S.O., Lavrut, O.O. & Klymovych, O.K. (2015), “Application of information security risk assessment models in information and telecommunication systems”, Information Processing Systems, No. 3(128), pp. 75–79.

Gonchar, S. (2014), “Analysis of probability of realization of threats of information protection in automated control systems of technological process”, Information protection, No. 16(1), pp. 40–46.

Saravanan, S., Hailu, M., Gouse, G.M., Lavanya, M. and Vijaysai, R. (2019), “Optimized Secure Scan Flip Flop to Thwart Side Channel Attack in Crypto-Chip”, International Conference on Advances of Science and Technology, ICAST 2018. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, Vol. 274, Springer, Cham. DOI: https://doi.org/10.1007/978-3-030-15357-1_34

Manikandan, V, Porkodi, V, Mohammed, A.S. and Sivaram M. (2018), “Privacy Preserving Data Mining Using Threshold Based Fuzzy cmeans Clustering”, ICTACT Journal on Soft Computing, Vol. 9, Issue 1,

pp.1813-1816. DOI: 10.21917/ijsc.2018.0252

Porkodi, V., Sivaram, M., Mohammed, A.S. and Manikandan, V. (2018), “Survey on White-Box Attacks and Solutions”, Asian Journal of Computer Science and Technology, Vol. 7, Issue 3, pp. 28–32.

Korol, O.G., (2017), “Estimation of the quality of global network services based on Ethernet technologies using a complex indicator”, Information Processing Systems, 2(148), pp. 100–110.

Kuznecov, O.O., Evseev, S.P. & Kavun S.V. (2008), Information protection and economic security of the enterprise, HNEU, Kharkiv, 360 p.

Smirnov, O.A., Evseev, S.P., Zhukarev, V.Ju., Korol, O.G., Sorokin, V.Je. & Meleshko, Je.V. (2012), Technologies and standards of computer networks,: DonIZT, Donetsk, 453 p.

Cirlov, V. L. (2008), Basics of Information Security. Feniks, Rostov n/D, 224 p.