Model for assessing the effectiveness of information security systems

Evgenii S. Mityakov; Svetlana V. Artemova; Anatoly A. Bakaev; Alexander V. Dushkin; Zhanna G. Vegera

doi:10.26583/bit.2024.4.03

Безопасность информационных технологий (Nov 2024)

Model for assessing the effectiveness of information security systems

Evgenii S. Mityakov,
Svetlana V. Artemova,
Anatoly A. Bakaev,
Alexander V. Dushkin,
Zhanna G. Vegera

Affiliations

Evgenii S. Mityakov: MIREA – Russian Technological University
Svetlana V. Artemova: MIREA – Russian Technological University
Anatoly A. Bakaev: MIREA – Russian Technological University
Alexander V. Dushkin: National Research University “Moscow Institute of Electronic Technology”
Zhanna G. Vegera: MIREA – Russian Technological University

DOI: https://doi.org/10.26583/bit.2024.4.03
Journal volume & issue: Vol. 31, no. 4
pp. 56 – 66

Abstract

Read online

The research problem lies in the absence of a comprehensive model for evaluating the effectiveness of information security systems, capable of taking into account both technical security aspects and subjective factors, such as user trust. Furthermore, current methods often either focus on isolated aspects or lack sufficient adaptability to the unique needs and risks of companies. The article aims to develop a multi-parametric model for evaluating the effectiveness of information security systems. The study examines existing approaches to evaluating the effectiveness of information security systems, such as methods based on fuzzy logic, system analysis, and goal-achievement methodology. A multi-parametric model is proposed, incorporating four key metrics: threat assessment (summarizes the influence of each threat, providing a comprehensive understanding of organizational risks), defense effectiveness assessment (quantifies how effectively security measures are implemented within the organization), functional resilience assessment (quantifies the system's resilience to incidents and technical failures), and integrated security assessment (combines all three previous metrics into a single index reflecting the overall level of information system protection). The proposed model allows for the consideration of various aspects of information security and their adaptation to the specific characteristics of the organization. The model emphasizes the significance of the trust coefficient in information security systems, reflecting the balance between objective technological characteristics and subjective user perception. Examples are given of the model metrics' dependence on parameters such as incident frequency and downtime, allowing for an assessment of the proposed model's effectiveness. The developed model provides a more detailed and organization-specific approach to evaluating the effectiveness of information security systems.

information security, effectiveness evaluation, information protection systems, threat assessment, protection measures assessment, functional resilience, multiparametric model, cyber threats.

Published in Безопасность информационных технологий

ISSN: 2074-7128 (Print); 2074-7136 (Online)
Publisher: Joint Stock Company "Experimental Scientific and Production Association SPELS
Country of publisher: Russian Federation
LCC subjects: Technology: Technology (General): Industrial engineering. Management engineering: Information technology; Science: Science (General): Cybernetics: Information theory
Website: https://bit.spels.ru

About the journal

Abstract

Keywords