Современные информационные технологии и IT-образование (Oct 2022)

Methodology for Risk Assessment from Confidential Information Disclosure in Data Sources Using Data Mining

  • Anastasiia Shabrova,
  • Aleksey Terenin,
  • Nikita Babak

DOI
https://doi.org/10.25559/SITITO.18.202203.666-679
Journal volume & issue
Vol. 18, no. 3
pp. 666 – 679

Abstract

Read online

At the moment, the low level of development of methods and tools for assessing the level of risk from the dissemination of confidential information in sources in which such data should not be. In the modern world, many commercial organizations collect information about their customers, store and process information about their own activities and means of achieving financial results. The problem is that there is no single methodology for assessing the risk associated with storing confidential information in sources that should not contain such data. There is also no system for regular assessment of this type of risk. The purpose of the study is to test the hypotheses about the possibility and necessity of regular monitoring of data sources in order to identify confidential information and protect it using the developed methodology for assessing the risks of disclosing confidential information. The novelty of the study lies in the development of the author's algorithm for assessing risks from the dissemination of confidential information and the construction of a mathematical model that allows for a quantitative assessment of risks, options for determining the probabilities of occurrence of events and a methodology for establishing and using a scale based on expert assessments. To achieve the goal set in the study, general scientific methods are used in the framework of comparative and statistical analysis, as well as expert assessments and graphical interpretation of the results obtained during the study. The author's modification of the three-factor risk assessment model and an adapted approach to achieving an acceptable level of risk from the disclosure of confidential information are presented as a solution to the problem. As a result of the analysis, the risk of disclosing confidential information was assessed, problem areas were identified using the example of open sources of information, and a scale of riskiness of sources was determined. Once again, the need to develop systems that allow assessing the levels of risk from the disclosure of confidential information, the development of methods and approaches to algorithms for detecting and preventing such disclosures has been confirmed.

Keywords