Approach of the information properties destruction risks assessing based on the color scale

Abstract

One of the urgent tasks of today is information protection as defined by the regulations of our state in the field of information security and cybersecurity. The protection of information is to ensure the preservation of its properties such as confidentiality, integrity, and accessibility. In the process of assessing the information security, the priorities of its protection are determined, taking into account the degree of restriction of access to it. Information security risks are assessed to select effective measures and remedies. The existing assessment methods are analyzed, based on estimates of the magnitude of possible damage from the occurrence of an information security incident and the probability or probability of its occurrence. However, none of the forms of formalizing the risk level reflects which properties may be violated within the incident. That is, the general presentation of the risk does not allow its prompt processing. With the use of modern computer technology, it has become possible to create dynamic images of the level of risk. The basis of computer graphics is an additive model of the transfer of red, green, and blue. With this in mind, a method has been developed to assess the risks of violating the properties of information. Its use will distinguish the properties of information by the set color. With the advent of information about new vulnerabilities in information and telecommunications systems, the color may change, which will signal a change in the level of risk for a particular property of information. This approach to information security risk management facilitates prompt decision-making on risk management and maintains the information security process at the appropriate level. At the same time, the use of the proposed method will allow to record changes in the numerical values of colors and, as a consequence, to find the rate of change of the level of information security risk. Its average value can be used to predict the resilience of the protection system to information security incidents. Therefore, the speed of change in the level of information security risk can expand the list of parameters for determining the index of information system development and the basis for updating the planned costs of the organization to ensure information security.