Methods of Developing Recommendations for Improving the Security of Information Systems

Abstract

With the advent of information technologies, information systems have been widely used in organizations and enterprises. The use of information systems allows optimizing the workforce, automating all or part of business processes. However, the use of information systems requires the development of an information security system to minimize malicious attacks. To reduce the likelihood of malicious attacks, there are a large number of software and hardware-based information security tools. The complexity of computing the distribution of the components of information systems complicates the process of creating and configuring protection systems, the number of threats to security are increasing every year. For a timely response to information security incidents, including attacks, it is necessary to use information system security assessment tools to reduce the risks of security breaches. InfoWath statistics show the growth trend of various types of attacks, both from an external attacker and from an internal one. Therefore, one of the most important tasks is to correctly determine the security of information systems. The paper implements a mathematical model for assessing the security of an information system based on the selected methods. The architecture of the software package for assessing the security of the information system is formed.