Models of forecasting destructive influence risks for information processes in management systems

Abstract

Introduction: One of the side effects of introducing modern information technologies in the management of economic, social, organizational and technical systems is the stronger dependence of the management quality on intentional or accidental destructive influences which violate the integrity, confidentiality and availability of the information used. This determines the relevance of developing appropriate information security systems. The substantiation of the development of such systems requires solving the problems of comparative assessment of the destructive impact risks and the cost of their prevention. Purpose: Predicting the danger of a destructive impact on information processes in control systems. Method: The prediction is based on representing the destructive effects in the form of a random sequence of events which lead to disruptions in the information processes. The consequences of failures are also represented by certain random variables. Results: Methodical approaches are proposed in order to build models for predicting temporal and volumetric characteristics of damage from destructive influences on information processes in the management of economic, social, organizational and technical systems. In these models, we suggest to assess the danger of destructive impacts by the probability of the onset of a destructive event at a certain time moment, and by the amount of damage caused by it. The basis for the construction of prediction models is the presentation of damage indicators in the form of step functions of time. The constructive representation of these functions is based on the conditional deterministic approach. The completeness of a priori information usage in determining specific parameters of the damage functions is ensured by applying the maximum uncertainty principle. The measure for the uncertainty is entropy. The conditional deterministic approach for higher uncertainty levels was developed in a stochastic approach. On its basis, classes of stochastic models were proposed, corresponding to various information situations. These models allow you to estimate not only the expected values of damage indicators due to the failure in taking measures to ensure information security while managing targeted systems, but also their probabilistic characteristics. Practical relevance: The proposed approaches are the basis for the creation of particular models and techniques in the interests of well substantiated decisions on the formation of the structure of the organization and management of information security subsystems.