MANAGING THE RISKS OF INFORMATION AND COMMUNICATION NETWORK IN THE CONTEXT OF PLANNING THE SECURITY OF CRITICAL INFRASTRUCTURE SYSTEMS

Abstract

The subject matter of the article is information and communication networks of critical infrastructure systems. The goal of the work is to create an approach for strategic managing the security of critical infrastructure systems taking into account the risks of the information and communication network. The article deals with the following tasks: determining the procedure of strategic managing the security of critical infrastructure systems, identifying the risks of the information and communication network, assessing the importance and probability of partial network risks. The following methods are used: a systematic approach, cause-and-effect analysis, statistical methods. The following results are obtained: the diagram of multi-level risk management of critical infrastructure systems is developed; the diagram of the step-by-step method of information risks management is developed for increasing the safety of the system; the complex index is suggested for determining the category of information system security; probable variants of the full-factor environment of a set of values of the complex index elements and the corresponding categories of information systems security are analyzed; the process of adaptation of the system as an integral part of the selection and specification of measures for the risk reduction of the information and communication network is determined; the example of the risk assessment of the information and communication network for a software and hardware complex in the automated control system of technological processes is considered. Taking into account the categories of factors, a list of probable risks of the information and communication network and factors that cause them is given; the cause-and-effect diagram of "cause-risk-effect" interaction is created; the total effect of each factor on the final vertices of the diagram, that is possible effects, is calculated; the factors were grouped as the most important, quite important, of mean importance, and inconsiderable ones. Conclusions: On the basis of the analysis of information and communication network risks, appropriate security measures can be planned. The application of the obtained results contributes to enhancing the operational and informational security of critical infrastructure systems at the strategic planning stage.