A model for assessing information security incidents damage
Any information system requires the funds reservation for the elimination of the consequences of information security incidents in the event of their occurrence. To estimate the amount of damage, we used multi-modal probability densities distribution laws for the damage in a single information secur...
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Moscow Engineering Physics Institute
2021-04-01
|
| Series: | Bezopasnostʹ Informacionnyh Tehnologij |
| Online Access: | https://bit.mephi.ru/index.php/bit/article/view/1347 |
| id |
doaj-1e739f1b3e284a989db780f7be741ee0 |
|---|---|
| record_format |
Article |
| spelling |
doaj-1e739f1b3e284a989db780f7be741ee02021-05-26T09:03:43ZengMoscow Engineering Physics Institute Bezopasnostʹ Informacionnyh Tehnologij2074-71282074-71362021-04-012829810610.26583/bit.2021.2.091229A model for assessing information security incidents damageMaxim O. Tanygin0Yulia A. Budnikova1Andrey S. Bulgakov2Mikhail A. Marchenko3South-West State UniversitySouth-West State UniversityNational Research University of Electronic TechnologyNational Research University of Electronic TechnologyAny information system requires the funds reservation for the elimination of the consequences of information security incidents in the event of their occurrence. To estimate the amount of damage, we used multi-modal probability densities distribution laws for the damage in a single information security incident, while the information security incidents are considered as Poisson flow events. The paper defines the relationships between the intensity of information security events, the characteristics of the distribution of probability densities of damage, and the required amount of reserved funds. The presented model of damage assessment from information security incidents allows a more accurate approach for estimation of the required amount of reserved funds. It is shown that the cost saving reaches 40-50% in comparison with the damage assessment approach using only on the average number of incidents and the average damage from a single incident of information security.https://bit.mephi.ru/index.php/bit/article/view/1347 |
| collection |
DOAJ |
| language |
English |
| format |
Article |
| sources |
DOAJ |
| author |
Maxim O. Tanygin Yulia A. Budnikova Andrey S. Bulgakov Mikhail A. Marchenko |
| spellingShingle |
Maxim O. Tanygin Yulia A. Budnikova Andrey S. Bulgakov Mikhail A. Marchenko A model for assessing information security incidents damage Bezopasnostʹ Informacionnyh Tehnologij |
| author_facet |
Maxim O. Tanygin Yulia A. Budnikova Andrey S. Bulgakov Mikhail A. Marchenko |
| author_sort |
Maxim O. Tanygin |
| title |
A model for assessing information security incidents damage |
| title_short |
A model for assessing information security incidents damage |
| title_full |
A model for assessing information security incidents damage |
| title_fullStr |
A model for assessing information security incidents damage |
| title_full_unstemmed |
A model for assessing information security incidents damage |
| title_sort |
model for assessing information security incidents damage |
| publisher |
Moscow Engineering Physics Institute |
| series |
Bezopasnostʹ Informacionnyh Tehnologij |
| issn |
2074-7128 2074-7136 |
| publishDate |
2021-04-01 |
| description |
Any information system requires the funds reservation for the elimination of the consequences of information security incidents in the event of their occurrence. To estimate the amount of damage, we used multi-modal probability densities distribution laws for the damage in a single information security incident, while the information security incidents are considered as Poisson flow events. The paper defines the relationships between the intensity of information security events, the characteristics of the distribution of probability densities of damage, and the required amount of reserved funds. The presented model of damage assessment from information security incidents allows a more accurate approach for estimation of the required amount of reserved funds. It is shown that the cost saving reaches 40-50% in comparison with the damage assessment approach using only on the average number of incidents and the average damage from a single incident of information security. |
| url |
https://bit.mephi.ru/index.php/bit/article/view/1347 |
| work_keys_str_mv |
AT maximotanygin amodelforassessinginformationsecurityincidentsdamage AT yuliaabudnikova amodelforassessinginformationsecurityincidentsdamage AT andreysbulgakov amodelforassessinginformationsecurityincidentsdamage AT mikhailamarchenko amodelforassessinginformationsecurityincidentsdamage AT maximotanygin modelforassessinginformationsecurityincidentsdamage AT yuliaabudnikova modelforassessinginformationsecurityincidentsdamage AT andreysbulgakov modelforassessinginformationsecurityincidentsdamage AT mikhailamarchenko modelforassessinginformationsecurityincidentsdamage |
| _version_ |
1721426274915713024 |