METHODOLOGY FOR ASSESSING THE INTEGRAL POTENTIAL DAMAGE TO INFORMATION SECURITY Текст научной статьи по специальности «Компьютерные и информационные науки»

UDC 004

Glushchenko V.M., Pronkin N.N. Methodology for assessing the integral potential damage to information security

Методология оценки интегрального потенциального ущерба информационной

безопасности

Glushchenko V.M.,

doctor of Economics, Professor, honorary worker of higher professional education of the Russian Federation -Moscow city University of management of the government of Moscow.

Pronkin N.N.,

PhD, associate Professor - Sechenov First Moscow state medical University of the Ministry of

health of the Russian Federation (Sechenov University).

Глущенко В.М.,

д.э.н., д.в.н., профессор, почетный работник высшего профессионального образования Российской Федерации - Московский городской университет управления

Правительства Москвы.

Пронькин Н.Н.,

к.э.н, доцент - ФГАОУ ВО Первый Московский государственный медицинский университет имени И.М. Сеченова Министерства здравоохранения Российской

Федерации (Сеченовский Университет).

Abstract. The article considers the methodology for assessing the integral potential damage to information security on the basis of system analysis.

Keywords: Moscow megapolis, information security.

DOI 10.54092/25421085 _2021_8_24

Рецензент: Бессарабов Владислав Олегович - Кандидат экономических наук. ГО ВПО «ДонНУЭТ имени Михаила Туган-Барановского»

The size of the integral potential and prevented damage to information security is determined by the destabilizing factors on the level of damage in the political, economic, environmental and information areas of the life of the metropolis.

Let S" = {S4, ..., SV ..., S"g}, =1 G), where:

S" - integral damage;

G is the number of destabilizing factors per damage level.

The categories of damages included in the lists of their significance are the primary semantic (semantic) information that reflects data on specific damages and the possibilities of a megapolis to prevent them.

The characteristic of the significance of potential and prevented damage is an ordered set of values of the linguistic variable "importance rank" = {first level (1), second level (2), third level (3), fourth level (4), fifth level (5)}.

Let's denote this set of levels by a = { a1, ..., ak, ..., aK} =.

Let S = {S1, ..., Si, ..., Si} be the set of estimated damages,

where:

i is the number of estimated damage;

I is the number of estimated damages.

At the same time, there is a need to solve the problem of determining the degree of importance (danger) of damages and, accordingly, the possible amount of integral damage to the information security of a megalopolis from their combined impact.

For information about a specific damage, the amount of damage and the degree of importance (danger) of damage are a function of time. We denote the function of the importance (danger) of damage to the i-th area of information security of a megalopolis in the socio-economic sphere, which is understood as the value of the relative potential (prevented) damage to information security of a megalopolis when it spreads for different time points, as

a (T).

Any degree of importance (danger) of damage and the subsequent implementation of measures to ensure the prevented damage require costs to ensure them. On the other hand, premature disclosure of the significance of the damage information security metropolis in the socio-economic sphere Si can lead to the manifestation of one or more information threats Yi of the many possible:

Y={Yi, ...,Yu, ...,Yu},

where: u = 1U;

U - the number of possible data threats, implementation of which information security metropolis damage.

The magnitude of the relative damage to the information security of a megalopolis is determined by a certain rating - n.

When calculating the amount of relative damage, it is necessary to obtain estimates of several contradictory indicators:

• the amount of direct damage that can be caused to the information security of a megalopolis as a result of the implementation of potential information threats;

• the probability of causing this damage;

• the probability of carrying out measures that ensure the prevented damage by existing methods and means;

• the costs that are required for carrying out measures to ensure the prevented damage;

• l osses resulting from the implementation of measures to ensure the prevented damage.

The magnitude of the possible damage and, accordingly, the required level of the potential of the measures taken to ensure the prevented damage depends on the scheme of their distribution.

We denote by L = (Li, ..., Lq, ..., Lq) - the set of possible schemes for the distribution of events, and by Li - the subset of schemes for the limited distribution of the i-th event.

These factors allow us to construct a certain criterion M, including the amount of possible damage to the information security of a megalopolis, guided by which it is possible to establish the rational degree of carrying out measures that ensure the prevented damage Si at various points in the time of its use, i.e. to determine the rational function of measures ai*(T).

In cases where the scheme of limited distribution of the i-th event Li (T) is given, the solution ai*(T) will be conditionally optimal. In the case when a rational scheme for the distribution of the i-th event Li*(T) is chosen simultaneously with ai*(T), we get the "best" solution of ai*(T) for all possible schemes. Therefore, simultaneously with the definition of the function of measures ai*(T) of information Si by the amount of possible damage ri (Yi, Li), a rational scheme Li*(T) of its distribution is chosen, for which the implementation of measures

should be ensured at the required level (maintaining the required level of prevented damage) and at the same time the benefit from its use is not lost.

In general, the task of establishing the rational degree of measures that ensure the prevented damage to the vital activity of the metropolis can be interpreted as follows.

Based on the available initial data (Si, Sn, Y, L, T, a) according to the criterion M, which includes an assessment of possible damage to the information security of a megalopolis from the spread of information threats, it is necessary to find a rational function of measures ai*(T) and at the same time a scheme for their distribution Li*(T), if it is not fixed.

A direct search of all possible functions of measures and the search for a rational one is practically impossible due to the large number of assessments that must be carried out. Therefore, the problem under consideration is solved in stages:

• at the beginning (at time Tn) is determined by the possible damages ri(Yi, Li) and the importance of a(Tn) events, providing prevented damage Si;

• then, on many schemes of distribution of Li(T) is a rational scheme Li*(T);

• for the sound scheme Li*(T) or a fixed scheme, Liq(T) is determined by the function of the implementation of ai* (T).

To solve this problem on a set of ratings rg(Tn) of avoided damages Sn and included in the list (where Tn is the time of the emergence of information threats, and R is the scale of the damages or the value of the threat of information representing a fuzzy set Rk specified by a pair (R, mk(Tn)):

mk(TH) : R ^ a;

where

mk(Tn) - display of the grid on R are linearly ordered set of linguistic values of the variable "degree of importance" (the set a).

The value of the significance function ai*(T) for time points Tj > Th and the damage values comparable to it are determined by the maximum of the function of belonging of the rating ri(Tj) of the i-th damage to the corresponding subsets of the scale of importance (danger)

mi {Tn > Th ) = max mkl {Tj)

K}

Since the period of effective implementation of measures depends on the properties of its distribution schemes, at the same time as determining ai*(T) by the indicator of the effectiveness of the relevant measures Si, a rational scheme of their possible distribution Li *(T) is selected:

At the same time, the appropriate time Tj for reviewing the degree of importance of the prevented damage Si is determined based on the analysis of the value of the "residual" damage to the information security of the megalopolis, taking into account the following restrictions:

Pqi(Tn ) > Pi*(Tn ); CYi (Tn ) > Cqni(Tn) , where:

• Tn - the initial time of making a decision to assess the degree of importance of the prevented damage Si;

• Tn - the time point for determining the main characteristics of the distribution schemes of measures that ensure prevented damage (forecast step);

• Tj-the appropriate time to review the degree of importance of the prevented damage Si;

• Kqi (Tj) is an indicator of the effectiveness of an event that ensures prevented damage to Si at the time Tj when it is distributed according to the q-th scheme;

• CYi(Tj) - the cost value of possible damage from the implementation of the event

Si;

• Cqni (Tj) - the cost of losses from the limited spread of information threats Si according to the q-th scheme at the time Tj;

• Pqi (T) - the probability of holding events Si at the time Tj when it is distributed according to the q-th scheme;

• P*i(T) - the required probability of holding events Si.

where:

To calculate the main components of the integral damage caused to the vital interests and information security of the metropolis due to the spread of information threats, special private methods are being developed to assess the direct damage caused to information security as a result of the spread of information threats. At the same time, the possibility of causing damage as a result of the implementation of threats is taken into account by evaluating the degree of manifestation of the corresponding threat by various appropriate methods, i.e. the degree of manifestation of the "threat - damage" relationship. There should also be special private methods for calculating and evaluating the prevented damage. The level (magnitude) of the integral prevented damage to the vital interests of the individual, society and the metropolis in the information field is the basis for making a strategic decision.

References

1. Gluschenko V.M., Pronkin N.N., Simakov A.I. Analysis of the problems of ensuring information security of the megalopolis. International Journal of Professional Science. 2021. № 1. С. 43-49.

2. Movchun V., Lushkov R., Pronkin N. Prediction of individual learning style in e-learning systems: opportunities and limitations in dental education. Education and Information Technologies. 2020.

3. Panfilova E., Lukyanova A., Pronkin N.N., Zatsarinnaya E. Cloud technology development alongside public life digitalization. Talent Development and Excellence. 2020. Т. 12. № S2. С. 3324-3334.

4. Pashanova O.V., Ermakov D.A., Philippova A.V., Tikhonova Yu.A., Pronkin N.N. Analysis methods for medications improving cerebral circulation. Research Journal of Pharmacy and Technology. 2021. Т. 14. № 1. С. 115-121.

5. Tyurina Yu., Troyanskaya M., Babaskina L., Choriyev R., Pronkin N.N. E-learning for SMES. International Journal of Emerging Technologies in Learning. 2021. Т. 16. № 2. С. 108119.

6. Глущенко В.М., Елизаров В.С., Крашенинников В.М., Новиков А.Н., Пронькин Н.Н., Сероштан М.В., Шилова Г.Ф. Российская высшая школа в условиях реализации Болонского процесса. Под общей ред. В.М. Глущенко. Москва, 2013.

7. Глущенко В.М., Елизаров В.С., Пронькин Н.Н., Крашенинников В.М., Сероштан М., Новиков А.Н., Шилова Г.Ф. Теоретические аспекты системы высшего профессионального образования в условиях реализации Болонского процесса. Отчет о НИР (Московский городской университет управления Правительства Москвы)

8. Глущенко В.М., Новиков А.Н., Пронькин Н.Н. Количественная оценка информационной безопасности мегаполиса. Экономические исследования и разработки. 2019. № 6.

9. Глущенко В.М., Новиков А.Н., Пронькин Н.Н. Особенности формирования и содержания модели управления московским мегаполисом. Информационные и телекоммуникационные технологии. 2019. № 44. С. 32-37.

10. Глущенко В.М., Новиков А.Н., Пронькин Н.Н. Этапы выработки стратегического решения по обеспечению информационной безопасности мегаполиса. Экономические исследования и разработки. 2021. № 2. С. 96-101.

11. Глущенко В.М., Пронькин Н.Н., Симаков А.И. Роль образования в человеческом капитале. Экономические исследования и разработки. 2020. № 7. С. 5569.

12. Глущенко В.М., Пронькин Н.Н., Симаков А.И., Семёнычева И.Ф. Структура целевой программы обеспечения информационной безопасности города Москвы. International Journal of Professional Science. 2020. № 9. С. 17-25.

13. Грейбо С.В., Новосёлова Т.Е., Пронькин Н.Н., Семёнычева И.Ф. Дистанционные технологии обучения в сеченовском университете. их преимущества и недостатки. International Journal of Professional Science. 2020. № 4. С. 20-36.

14. Елизарова М.И., Уразова К.М., Ермашов С.Н., Пронькин Н.Н. Искусственный интеллект в медицине. International Journal of Professional Science. 2021. № 5. С. 81-85.

15. Иконникова И.А., Новосёлова Т.Е., Пронькин Н.Н., Семёнычева И.Ф. Инженерная графика. Москва, 2020.

16. Информационная безопасность мегаполиса на примере города Москвы. Монография / Н.Н. Пронькин - М.: ООО «Экслибрис-Пресс», 2017.

17. Калачанов В.Д., Ефимова Н.С., Новиков А.Н., Пронькин Н.Н. Внедрение систем диспетчирования производства на высокотехнологичных предприятиях (на примере предприятий авиастроения). Инновации и инвестиции. 2019. № 3. С. 269-273.

18. Калачанов В.Д., Новиков А.Н., Калачанов В.В., Пронькин Н.Н. Критерии оптимального управления финансированием производственной деятельности предприятий высокотехнологичных отраслей промышленности (на примере авиастроения). Организатор производства. 2016. № 1 (68). С. 61-68.

19. Калачанов В.Д., Новиков А.Н., Калачанов В.В., Пронькин Н.Н. Разработка комплексной системы критериев оптимизации финансирования производственной деятельности промышленных предприятий (на примере авиастроения). Организатор производства. 2016. № 3 (70). С. 50-61.

20. Московский мегаполис: системный анализ, междисциплинарный подход, информационные технологии управления. Монография / В.М. Глущенко, Н.Н. Пронькин,

Г.Ф. Шилова и др.; под ред. В.М. Глущенко. - М.: Московский городской университет управления Правительства Москвы, 2012.

21. Мяснянкина О.П., Пронькин Н.Н. Достижения и перспективы искусственного интеллекта в медицине. International Journal of Professional Science. 2021. № 4. С. 27-32.

22. Новиков А.Н., Пронькин Н.Н. Внедрение инструментальных методов в управление экономикой предприятий ОПК. Вестник Академии военных наук. 2014. № 3 (48). С. 148-152.

23. Пронькин Н.Н. Инструментарий управления системой производства продукции ОПК. Вестник Академии военных наук. 2015. № 1 (50). С. 147-150.

24. Пронькин Н.Н. Новые подходы к построению системы дистанционного обучения в МГУУ Правительства Москвы. Вестник МГУУ. 2011. № 1. С. 135-147.

25. Пронькин Н.Н. Практика внедрения системы дистанционного обучения в МГУУ Правительства Москвы на основе E-learning 3000. Информационные и телекоммуникационные технологии. 2011. № 12. С. 72-78.

26. Пронькин Н.Н. Стратегия обеспечения информационной безопасности московского мегаполиса. Москва, 2019.

27. Пронькин Н.Н. Условия решения проблем обеспечения информационной безопасности московского мегаполиса. Экономические исследования и разработки. 2019. № 8.

28. Пронькин Н.Н., Новиков А.Н. Программно-математические методы обоснования потребности в экономических ресурсах для выполнения государственного оборонного заказа. Вестник Академии военных наук. 2014. № 4 (49). С. 122-125.

29. Пронькин Н.Н., Новиков А.Н. Совершенствование информационных технологий в управлении столичным мегаполисом. Вестник МГУУ. 2012. № 1. С. 84-90.

30. Пронькин Н.Н., Симаков А.И. Формирование целевой программы обеспечения информационной безопасности города Москвы. Экономические исследования и разработки. 2020. № 6.

31. Симаков А.И., Калёнов Б.В., Пеленицын А.Б., Пронькин Н.Н. Правда - ложь -неясность, как семантический светофор для полиграфа. International Journal of Professional Science. 2020. № 7. С. 11-28