Simulation modeling of organization's infosecurity dependence on field of activity

Introduction. The solution to the problem of efficiency improvement of the infosecurity system at the enterprise through early recognition of the essential factors affecting the level of information safety is defined. The work objective is to develop a simulation model that represents the effect of various factors caused by indicators of prospects of the selected area of the organization activity on the data protection system performance effect. Materials and Methods. The simulation model is implemented using the system dynamics equipment in the form of the streaming graph. It is proposed to use generalized expert assessments of the activity prospects as source data. The model applies three system levels that determine system state variables: level of efficiency of the data protection system, organization's budget on information security tools, and the quality assessment of the potential infringers of cybersecurity. Besides, additional parameters and variables of the developed model are introduced: value of the information processed in the organization; estimated number of security incidents; current costs for the information security system; and continuous budget on the cybersecurity system. Research Results. Vensim package is selected as a simulation environment. The modeling outcome analysis has shown that characteristics of the activity field and quality of the information circulating in the information system of the organization directly determine the interest of potential intruders that leads to the need for careful budgeting and adjustment of costs for the information security system. Thus, the implementability of the developed model for the assessment of the information safety level of the enterprises which operate in any area is shown. However, the involvement of experts in order to form assessments of indicators of prospects for eligible activity sectors of a particular organization and to conduct an audit on its protection system is required. Discussion and Conclusions. Implementation of the developed model simulations under various entry conditions and entrance data allows for the definition of the dynamic patterns of IT security, and support for decision-making by security specialists when planning expenses on information security and changes in organization security policy.

имитационное моделирование, системная динамика, потоковая диаграмма, причинно-следственная диаграмма, информационная безопасность, система защиты информации, оценка эффективности системы защиты информации, аудит системы защиты информации, потенциальный нарушитель информационной безопасности, конфиденциальная информация, simulation modeling, system dynamics, streaming graph, cause-effect diagram, cybersecurity, information security system, effectiveness evaluation of information security system, audit of data protection system, potential infringer of information security, private data

1. Aydinyan, A.R. Problemy vnedreniya innovatsionnykh metodov v sferu informatsionnoy bezopasnosti. [Problems of introduction of innovative methods in the information security area.] Innovatsionnye issledovaniya: problemy vnedreniya rezul'tatov i napravleniya razvitiya: sb. st. mezhdunar. nauch.-prakt. konf. [Innovative research: problems of results implementation and tendencies of development: Proc. Int. Sci.-Pract. Conf.] Omsk: MTsII “Omega Science”, 2016, part 2, pp. 9–11 (in Russian).

2. Chernyakov, P.V., Aydinyan, A.R., Tsvetkova, O.L. Dvukhurovnevaya sistema otsenki sredstv zashchity komp'yuternoy informatsii ot utechek. [A two-level system for assessing means of leak protection of computer information.] Innovatsionnaya nauka, 2016, no. 3–3, pp. 140–144 (in Russian).

3. Tsvetkova, O.L., Aydinyan, A.R. Intellektual'naya sistema otsenki informatsionnoy bezopasnosti predpriyatiya ot vnutrennikh ugroz. [Intelligent system evaluation information security of the enterprise from internal threats.] Herald of Computer and Information Technologies, 2014, no. 8 (122), pp. 48–53 (in Russian).

4. Ivanov, E.V., Ivanova, A.I. Metody imitatsionnogo modelirovaniya podsistemy bezopasnosti protsessingovogo tsentra. [Imitation modeling methods of security subsystems of a processing center.] Vestnik of Russian New University, 2010, no. 3, pp. 67–73 (in Russian).

5. Sarriegi, J.M., Santos, J., Torres, J.M., Imizcoz, D., Plandolit, A.L. Modeling Security Management of Information Systems: Analysis of an Ongoing Practical Case. Conference Proceedings: the 24th International Conference of the System Dynamics Society. Nijmegen, the Netherlands, 2006.

6. Lukyanov, V.F., Assaulenko, S.S. Imitatsionnoe modelirovanie mnogoochagovogo razrusheniya s uchetom neodnorodnogo raspredeleniya nominal'nykh napryazheniy. [Simulation of multicentric destruction with regard for inhomogeneous distribution of rated voltage.] Vestnik of DSTU, 2015, no. 4 (83), pp. 31–36 (in Russian).

7. Butov, A.A., Karev, M.A., Khrustalev, S.A. Stokhasticheskoe imitatsionnoe modelirovanie mekhanizmov ukorocheniya telomer kletok v protsessakh stareniya i razvitiya patologicheskikh otkloneniy. [Stochastic simulation modeling of cell telomere shortening mechanisms in ageing and disturbance development processes.] Vestnik of DSTU, 2014, vol. 14, no. 1 (76), pp. 98–109 (in Russian).

8. Gorodnova, N.V. Imitatsionnoe modelirovanie ustoychivosti deyatel'nosti gosudarstvenno-chastnogo partnerstva v stroitel'stve. [Simulation modeling of work stability of state-private partnership in construction.] Vestnik of DSTU, 2012, no. 2 (63), iss. 1, pp. 73–80 (in Russian).

9. Kantor, O.G., Spivak, S.I. Postroenie modeley sistemnoy dinamiki v usloviyakh ogranichennoy ekspertnoy informatsii. [Construction of system dynamics models in conditions of limited expert information.] Informatics and Applications, 2014, vol. 8, no. 2, pp. 111–121 (in Russian).

10. Borshchev, A.V. Prakticheskoe agentnoe modelirovanie i ego mesto v arsenale analitika. [Practical agent modeling and its place in the analyst's toolkit.] Imitatsionnoe modelirovanie. Teoriya i praktika: sb. dokl. II vseross. nauch.-prakt. konf. IMMOD–2005. [Simulation modeling. Theory and practice: Proc. II All-Russian Sci.-Pract. Conf. IMMOD–2005.] St. Petersburg: TsNIITS, 2005, vol. 1, pp. 11–24 (in Russian).

11. Wolstenholme, E. F. System enquiry: a system dynamic approach. Chichester, England: John Wiley and Sons, 1990, 238 p.

12. Forrester, J. World dynamics. Wright-Allen Press, 1971, 144 p.