О ВОЗМОЖНОСТИ ЧИСЛЕННЫХ МЕТРИК В УПРАВЛЕНИИ ИНФОРМАЦИОННОЙ БЕЗОПАСНОСТЬЮ

Abstract

Introduction. The existing information security management in information systems is a set of informal verbal models. They make it possible to determine a variety of measures but cannot conduct numerical assessments – to compare alternative strategies according to the introduced criterion, to numerically record changes in the level of information security, to perform mathematically justified optimization of control actions. Purpose: The purpose of the study is to substantiate the possibility of using numerical estimates in information security management. Methods: The search for alternative methods of modeling information security management processes begins with the modeling object classification. The modeling object (the information security management process) is considered as a complex system having irremediable uncertainty. A method using fuzzy algorithms can be classified as one of the possible methods in modeling such objects. Fuzzy algorithms are most widely used when modeling technical control systems, but this method potential allows us to hope for positive results when modeling more complex processes. The article offers an example of using fuzzy modeling algorithms based on Mamdani rules of inference algorithms for creating an information security management system model of an information system. Results: The sensitivity, continuity and qualitative adequacy of the described model are substantiated, the possibility of operational tracking of the influence of destabilizing influences on the level of information security in the information system using a numerical metric is shown. Practical relevance: The use of the proposed methods opens up the possibility of building an automatic information security management system of an information system.