1. Model for assessing the effectiveness of information security systems
- Author
-
Evgenii S. Mityakov, Svetlana V. Artemova, Anatoly A. Bakaev, Alexander V. Dushkin, and Zhanna G. Vegera
- Subjects
information security, effectiveness evaluation, information protection systems, threat assessment, protection measures assessment, functional resilience, multiparametric model, cyber threats. ,Information technology ,T58.5-58.64 ,Information theory ,Q350-390 - Abstract
The research problem lies in the absence of a comprehensive model for evaluating the effectiveness of information security systems, capable of taking into account both technical security aspects and subjective factors, such as user trust. Furthermore, current methods often either focus on isolated aspects or lack sufficient adaptability to the unique needs and risks of companies. The article aims to develop a multi-parametric model for evaluating the effectiveness of information security systems. The study examines existing approaches to evaluating the effectiveness of information security systems, such as methods based on fuzzy logic, system analysis, and goal-achievement methodology. A multi-parametric model is proposed, incorporating four key metrics: threat assessment (summarizes the influence of each threat, providing a comprehensive understanding of organizational risks), defense effectiveness assessment (quantifies how effectively security measures are implemented within the organization), functional resilience assessment (quantifies the system's resilience to incidents and technical failures), and integrated security assessment (combines all three previous metrics into a single index reflecting the overall level of information system protection). The proposed model allows for the consideration of various aspects of information security and their adaptation to the specific characteristics of the organization. The model emphasizes the significance of the trust coefficient in information security systems, reflecting the balance between objective technological characteristics and subjective user perception. Examples are given of the model metrics' dependence on parameters such as incident frequency and downtime, allowing for an assessment of the proposed model's effectiveness. The developed model provides a more detailed and organization-specific approach to evaluating the effectiveness of information security systems.
- Published
- 2024
- Full Text
- View/download PDF