Methodology of analysis and assessment of the security of information protection systems taking into account the degree of overlapping threats

Abstract

Currently, information protection in automated systems has become an integral part of the vast majority of activities in various fields of human activity. The article examines the impact of threats on objects subject to protection. The main attention is paid to the analysis of the main cases of exposure to threats and the reaction of protective mechanisms to external intervention. Moreover, the protection system is considered as a complex, as several protective mechanisms with possible interrelationships and their own effectiveness in countering certain types of threats. The architecture of the protection system is imperfect and misses some threats in the protection area, which creates a danger to information. Based on the analysis of the main possible cases, a model of the information protection system with full overlap of threats is proposed, which allows taking into account the internal interrelationships of threats, the actual architecture of the protection system and possible objects of protection, and also allows revealing the structure of the information protection system, evaluating its effectiveness barriers to known types of threats or their combinations. The authors carried out a quantitative assessment of the optimal probabilities of protective mechanisms, which allow to ensure the least passage of threats in the area of protection. Unlike known models, the model of the information protection process with full overlap of threats allows you to take into account the internal relationships between threats, information protection systems and protection objects, and also allows you to reveal the structure of the system, highlight and evaluate the effectiveness of barriers that cover areas of vulnerability information protection mechanisms.