Fuzzy simulation of integrity break risks of project documents

Abstract

Simulation and risk management in accordance with international standards is the basis for building an information security policy of the enterprise. An overview of the current state of development in this area, the current update of cybersecurity tasks and the corresponding increase in costs indicate the need to develop new approaches to measuring information security risks. One of the possible areas of research is the simulation of project security risks, as project activities are inherent in enterprises of many industries, including IT companies, construction companies and others. In the article the issue of information security of the project is considered on the basis of its formal presentation in the form of a set of documents and operations on them. During the processing of each document, which generally includes the creation, storage, editing and transmission of the document, there are risks of breach of its confidentiality, integrity or accessibility. Blurring and incomplete information regarding the characteristics of information security risks of documents necessitates using of fuzzy logic to formalize them. In this paper, a model is proposed to assess the possibility of violation of the integrity of project documents and the damage from such a violation on the basis of the mathematical apparatus of fuzzy logic. The developed model has a generalized structure, as it is based on the formalization of set of project documents and operations on them using certain information systems and personnel. To assess the damage from the implementation of the threat of violation of the document integrity, it is proposed to use the method of hierarchies analysis on the basis of the tree of criteria. The developed model can be used in the creation of specialized information systems for risk assessment of projects and used to manage information security in enterprises whose activities are of a project nature.