Modeling incident management processes in information security at an enterprise

Abstract

Objectives. The primary aim of the study is to develop a model for managing information security incidents within an enterprise that minimizes damage and costs associated with incident resolution under limited resources and time constraints.Methods. The paper analyzes existing approaches to managing information security incidents, including mathematical and simulation models, stochastic differential equations, Markov chains, and other methods. The study is based on a systems approach, incorporating analysis of incident parameters, actions for their resolution, response times, damages due to incident occurrence, and the probability of incident elimination. To validate the developed model, synthetic data reflecting various types of incidents and possible actions were used.Results. The proposed model optimizes incident management by minimizing damage and costs. It considers parameters such as incident criticality, available resources, response time, and the likelihood of successful incident resolution. Testing of the model on synthetic data showed that the proposed approach significantly improves the selection of optimal actions for responding to incidents in situations constrained by budget and time limitations, thereby enhancing the overall effectiveness of incident management.Conclusions. Implementing the proposed model in enterprises will improve the overall level of information security, enhance incident response efficiency, and strengthen information protection processes. This will ensure the minimization of risks associated with data leaks and other incidents, thus helping enterprises to make informed and timely decisions under conditions of limited resources and time.