Model for assessing the effectiveness of information security systems
The research problem lies in the absence of a comprehensive model for evaluating the effectiveness of information security systems, capable of taking into account both technical security aspects and subjective factors, such as user trust. Furthermore, current methods often either focus on isolated a...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Joint Stock Company "Experimental Scientific and Production Association SPELS
2024-11-01
|
| Series: | Безопасность информационных технологий |
| Subjects: | |
| Online Access: | https://bit.spels.ru/index.php/bit/article/view/1715 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1850144202322608128 |
|---|---|
| author | Evgenii S. Mityakov Svetlana V. Artemova Anatoly A. Bakaev Alexander V. Dushkin Zhanna G. Vegera |
| author_facet | Evgenii S. Mityakov Svetlana V. Artemova Anatoly A. Bakaev Alexander V. Dushkin Zhanna G. Vegera |
| author_sort | Evgenii S. Mityakov |
| collection | DOAJ |
| description | The research problem lies in the absence of a comprehensive model for evaluating the effectiveness of information security systems, capable of taking into account both technical security aspects and subjective factors, such as user trust. Furthermore, current methods often either focus on isolated aspects or lack sufficient adaptability to the unique needs and risks of companies. The article aims to develop a multi-parametric model for evaluating the effectiveness of information security systems. The study examines existing approaches to evaluating the effectiveness of information security systems, such as methods based on fuzzy logic, system analysis, and goal-achievement methodology. A multi-parametric model is proposed, incorporating four key metrics: threat assessment (summarizes the influence of each threat, providing a comprehensive understanding of organizational risks), defense effectiveness assessment (quantifies how effectively security measures are implemented within the organization), functional resilience assessment (quantifies the system's resilience to incidents and technical failures), and integrated security assessment (combines all three previous metrics into a single index reflecting the overall level of information system protection). The proposed model allows for the consideration of various aspects of information security and their adaptation to the specific characteristics of the organization. The model emphasizes the significance of the trust coefficient in information security systems, reflecting the balance between objective technological characteristics and subjective user perception. Examples are given of the model metrics' dependence on parameters such as incident frequency and downtime, allowing for an assessment of the proposed model's effectiveness. The developed model provides a more detailed and organization-specific approach to evaluating the effectiveness of information security systems. |
| format | Article |
| id | doaj-art-15c0d00bbae94afba05913a67d8c1bcd |
| institution | OA Journals |
| issn | 2074-7128 2074-7136 |
| language | English |
| publishDate | 2024-11-01 |
| publisher | Joint Stock Company "Experimental Scientific and Production Association SPELS |
| record_format | Article |
| series | Безопасность информационных технологий |
| spelling | doaj-art-15c0d00bbae94afba05913a67d8c1bcd2025-08-20T02:28:27ZengJoint Stock Company "Experimental Scientific and Production Association SPELSБезопасность информационных технологий2074-71282074-71362024-11-01314566610.26583/bit.2024.4.031421Model for assessing the effectiveness of information security systemsEvgenii S. Mityakov0Svetlana V. Artemova1Anatoly A. Bakaev2Alexander V. Dushkin3Zhanna G. Vegera4MIREA – Russian Technological UniversityMIREA – Russian Technological UniversityMIREA – Russian Technological UniversityNational Research University “Moscow Institute of Electronic Technology”MIREA – Russian Technological UniversityThe research problem lies in the absence of a comprehensive model for evaluating the effectiveness of information security systems, capable of taking into account both technical security aspects and subjective factors, such as user trust. Furthermore, current methods often either focus on isolated aspects or lack sufficient adaptability to the unique needs and risks of companies. The article aims to develop a multi-parametric model for evaluating the effectiveness of information security systems. The study examines existing approaches to evaluating the effectiveness of information security systems, such as methods based on fuzzy logic, system analysis, and goal-achievement methodology. A multi-parametric model is proposed, incorporating four key metrics: threat assessment (summarizes the influence of each threat, providing a comprehensive understanding of organizational risks), defense effectiveness assessment (quantifies how effectively security measures are implemented within the organization), functional resilience assessment (quantifies the system's resilience to incidents and technical failures), and integrated security assessment (combines all three previous metrics into a single index reflecting the overall level of information system protection). The proposed model allows for the consideration of various aspects of information security and their adaptation to the specific characteristics of the organization. The model emphasizes the significance of the trust coefficient in information security systems, reflecting the balance between objective technological characteristics and subjective user perception. Examples are given of the model metrics' dependence on parameters such as incident frequency and downtime, allowing for an assessment of the proposed model's effectiveness. The developed model provides a more detailed and organization-specific approach to evaluating the effectiveness of information security systems.https://bit.spels.ru/index.php/bit/article/view/1715information security, effectiveness evaluation, information protection systems, threat assessment, protection measures assessment, functional resilience, multiparametric model, cyber threats. |
| spellingShingle | Evgenii S. Mityakov Svetlana V. Artemova Anatoly A. Bakaev Alexander V. Dushkin Zhanna G. Vegera Model for assessing the effectiveness of information security systems Безопасность информационных технологий information security, effectiveness evaluation, information protection systems, threat assessment, protection measures assessment, functional resilience, multiparametric model, cyber threats. |
| title | Model for assessing the effectiveness of information security systems |
| title_full | Model for assessing the effectiveness of information security systems |
| title_fullStr | Model for assessing the effectiveness of information security systems |
| title_full_unstemmed | Model for assessing the effectiveness of information security systems |
| title_short | Model for assessing the effectiveness of information security systems |
| title_sort | model for assessing the effectiveness of information security systems |
| topic | information security, effectiveness evaluation, information protection systems, threat assessment, protection measures assessment, functional resilience, multiparametric model, cyber threats. |
| url | https://bit.spels.ru/index.php/bit/article/view/1715 |
| work_keys_str_mv | AT evgeniismityakov modelforassessingtheeffectivenessofinformationsecuritysystems AT svetlanavartemova modelforassessingtheeffectivenessofinformationsecuritysystems AT anatolyabakaev modelforassessingtheeffectivenessofinformationsecuritysystems AT alexandervdushkin modelforassessingtheeffectivenessofinformationsecuritysystems AT zhannagvegera modelforassessingtheeffectivenessofinformationsecuritysystems |