Development of algorithms for assessing the state of information protection by means of network resources of IR communication networks

Abstract

The article describes one of the approaches to the creation of a system assessment of the state of information protection (ASIP), which can be used both for the IS assessment of a typical information system and for the analysis of a special system of enterprises in the telecommunications and other industries. Algorithms for assessing the state of information protection by means of network resources of the information and communication network have been developed. When developing an algorithm to describe the probabilistic characteristics of the truth of the hypothesis, we will use the concept of "confidence coefficient". A comprehensive evaluation of IS of the information system leads to the conclusion that the creation of an ASIP becomes a possible, justified, expedient and necessary step. In this case, one of the most important stages is the development of the user interaction algorithm and the system itself, which will ultimately represent some software. Interacting with the software interface, the user works with the mechanism for obtaining the results of the analytical evaluation, in which the data categories and DB are selected. In the process of coordinating the actions of the user and the ASIP to achieve various, independent goals and tasks, different interaction zones within the ASIP are determined by the needs and requirements for the implementation of these zones. There are two stages of defining areas of interaction between IS users and ASIP. The user interaction algorithm with ASIP consists of four stages, during which several requests from the system and responses from the user are produced. This description of the algorithm of interaction between the user and the system can be the foundation for developing the logic of ASIP work. At certain stages, the algorithm turns to the DB ASIP. In order for the report on the result of the IS assessment to always contain relevant recommendations for reducing or eliminating IT risks, the enterprise must keep the DB in an up-to-date state, and for this (in addition to introducing basic standards into it), new cyber security methods should be analyzed and added/corrected in industrial systems and digital production.