Abstract
An approach is proposed for assessing the uneven use of information resources in the organization’s business processes. Formal representations of the organization’s business processes and security systems are presented, reflecting both business operations carried out in a certain sequence and information resources that ensure the implementation of the relevant business operations, the place of information resources in the general outline of business processes is indicated. The circuits of the security system business processes of and the business processes of the main object of modeling are considered, including both business processes for managing security and business processes for ensuring security management. The assessment of the non-uniform use of information resources in a business process scheme is based on the consistent construction of an information resource incidence matrix for individual business operations, a frequency relationship matrix reflecting the sharing of information resources, and a matrix of derivatives in a discrete formulation. The proposed approach is demonstrated on a conditional example containing both the notional costs of information resources and weighting factors of the importance of business operations that reflect their criticality in the general contour of business processes. Estimates obtained as a result of applying the approach make it possible to group information resources, focusing on the frequency of their joint use in the business processes, which ultimately makes it possible to justify the choice of information resources for protection against threats from cyber intruders.
Highlights
Information infrastructure is a central concept that defines the entire cycle of designing and operating a business system
The assessment of the non-uniform use of information resources in a business process scheme is based on the consistent construction of an information resource incidence matrix for individual business operations, a frequency relationship matrix reflecting the sharing of information resources, and a matrix of derivatives in a discrete formulation
The proposed approach is demonstrated on a conditional example containing both the notional costs of information resources and weighting factors of the importance of business operations that reflect their criticality in the general contour of business processes
Summary
Information infrastructure is a central concept that defines the entire cycle of designing and operating a business system. The process-oriented approach to the creation (improvement) of the infrastructure for protecting information of business processes will allow us to consider the process of formation (development) of an information protection system as one of the auxiliary business processes that provide the basic processes of the enterprise. This makes it possible to develop an information protection infrastructure in close interconnection with the design of other business processes, which will undoubtedly increase their integration, flexibility, balance, and manageability (Rigin, 2012)
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
