Using of the Q-analysis for the determining protection of the information system

Abstract

Article proposes application of methods of structural anal-ysis of systems for the study of the functioning and defini-tion of the information security system with focus on the most common variants of information leakage scenarios and on the features of the information security culture. Verizon annually divides information leakage incidents into nine scenarios that have become the basis for security features and threats sets for this analysis. Human factor is also a great danger, which is not always associated with de-ficiencies or imperfections of security measures, but is al-ways linked to non-compliance with security policy re-quirements. Human factor in information security field is increasingly attracting attention because it has a significant impact on information security as a whole and separately for its insider component. Organizations suffer from acci-dental or deliberate employee errors, despite the availability of security policies and the necessary technologies. Using Q-analysis, the basic principles of constructing a communica-tions model for providing information security in infor-mation system are presented in the example of two sets: set of threats and sets of security measures, numerical values of eccentricities are calculated. The mathematical apparatus of Q-analysis allows to study the topological, informational and functional properties of information security protection in information security. On the basis of the study of structural connectivity of the system there is an opportunity to carry out a formal assessment of its level of functionality, which determines the ability to absorb external adverse factors at the expense of internal resources. The systemic nature al-lowed us to conclude that the elements of the two sets of information security protection in information system are interconnected and form the basis of the system for ensuring their safety. These calculations can be used to further deter-mine the overall formal assessment of the security of the or-ganization and the construction of the information security system in information system should be based on the results of this analysis.