Recommendations for using a methodology for assessing the security of an automated control system for critical information infrastructure from DDoS attacks based on Monte Carlo simulation

Abstract

Objective. The objective of the research is to develop a methodology for the security of an automated control system of critical information infrastructure from DDoS attacks. The methodology allows the decision-maker to obtain an assessment of the risk of exposure of the computer network (CN) to DDoS attacks and take necessary actions to reduce the risk of this threat.Method. To achieve the stated objective of the research, simulation modeling based on the Monte Carlo method was used, implemented within the framework of a specialized software environment, as well as a method for calculating integral risk.Result. A methodology was proposed for assessing the security of an automated control system for critical information infrastructure from DDoS attacks, taking into account the importance of individual nodes of its CN.Conclusion. Thus, the developed methodology is useful when conducting an information security audit to assess the integral risk of impact implementation of a DDoS attack on a CN and is designed to help an organization achieve global information security goals, as well as to justify the amount of the insurance premium paid when insuring cyber risks.