Estimation of financial costs for building of information protection system

Abstract

In this paper, an attempt has been made to develop a methodology for estimating the financial costs of building a complex of technical information protection (CTIP) using known parameters. Such parameters can be: the likelihood of hacking protection, depending on the amount of funding invested in protection and possible financial losses without protection; risks of losses from invested funding in defense; risks of total financial losses and the effectiveness of the constructed protection. All CTEI assessments were conducted for the maximum values of the likelihood of hacking and the maximum risk of loss. In this paper, specific expressions are obtained for assessing the effectiveness of information protection, optimizing the risks of financial losses in the design, certification and evaluation of the working condition depending on financial investments in information protection and the risks of their losses. A theoretical definition of the effectiveness of protection through the risks of invested funding in defense and the risks of total financial losses are proposed. Coefficient the effectiveness of the protection of a single or single-tier protection will vary from zero (in the absence of funding for protection) to unity (with infinite funding for the construction of protection). The obtained expressions at the design stage will allow you to compare with each other and evaluate the chosen KTPDI before the process of its implementation. Experimental research data on the differences between the practical and theoretical parameters of the effectiveness of protection will allow to investigate and select the most optimal and effective protection. Expressions are given that make it possible to determine the actual effectiveness of security based on the experimental probability of hacking. Theoretically confirmed higher reliability of multi-level protection compared with single-level. It is shown that with the same financial costs for single-level and multi-level protection, the likelihood of hacking protection and risks financial loss of multi-level protection is much lower. Consequently, with the help of a multi-level protection system, you can create the required level of protection with lower financial costs. Thus, this work can be useful for assessing the effectiveness of information protection, optimizing the risks of financial losses in the design, certification and assessment of the working condition.