The information security system synthesis using the graphs theory

Abstract

Timely prevention information security threats, provided by specialized software and hardware, is the effective business foundation, allowing to reduce reputational and financial risks for the company. At the same time, protection must be implemented in all detractors' possible attacks areas. If we turn to the Russian Federation leISSlation, then the FSTEC order №31 of March 14, 2014 may be adopted as the basis for “isolating” the protection vectors, according to which the basic measures for protection should be provided at the following levels: access subjects identification and authentication, access delineation, software restriction, computer storage media protection, etc. (There are 21 of them). On the hardware and software complex basis that implement protection at each of these levels, an enterprise information security system is created. To select the most appropriate software and hardware information security, and, therefore, to build an optimal enterprise information protection system, one can turn to graph theory. In this case, the problem is reduced to the ranked descending graph construction and the optimality problem solution, i.e. critical (maximal) path of this graph calculation. Each graph level corresponds to a specific subsystem of the information security system, while the subsystems are located in the alleged overcoming order protection by the attacker; tops - the considered information security tools; the graph is weighted, the each its arcs weight corresponds to the expert evaluation of the preference for using a particular tool.