ВИЗНАЧЕННЯ ЧИСЕЛЬНОГО ЗНАЧЕННЯ УЗАГАЛЬНЕНОГО ПОКАЗНИКА ЦІННОСТІ ІНФОРМАЦІЇ З ТОЧКИ ЗОРУ ЇЇ БЕЗПЕКИ

Сучасні інформаційні технології у сфері безпеки та оборони Pub Date : 2020-12-30 DOI:10.33099/2311-7249/2020-39-3-53-60

N. Radchenko, Oleksiy Dragluk, Mihael Korotkov, Olexandr Bidnyi

{"title":"ВИЗНАЧЕННЯ ЧИСЕЛЬНОГО ЗНАЧЕННЯ УЗАГАЛЬНЕНОГО ПОКАЗНИКА ЦІННОСТІ ІНФОРМАЦІЇ З ТОЧКИ ЗОРУ ЇЇ БЕЗПЕКИ","authors":"N. Radchenko, Oleksiy Dragluk, Mihael Korotkov, Olexandr Bidnyi","doi":"10.33099/2311-7249/2020-39-3-53-60","DOIUrl":null,"url":null,"abstract":"In the context of ensuring the security of information in specific conditions, a number of difficulties arise due to the fact that the selected properties of information are heterogeneous and not commensurate, the areas of acceptable values of characteristics and properties of protection are not defined, which are derived from what is protected and directly depend on the properties the information itself, which in turn are set by the owner of the information. Moreover, it is of interest for the purpose of determining the value of protection, the definition of quantitative indicators of the properties of protection. Information security metrics in appropriate methodologies that are based on verification and risk-orientation approaches are not sufficiently informative, since they take into account only objective aspects of security, completely ignoring subjective ones. They do not allow to make sound judgments about the state of confidentiality, integrity and accessibility of information and the level of information security of the organization as a whole. In this regard, the authors propose an approach to determine the numerical value of a generalized indicator of the value of information on the basis of the logico-linguistic model of evaluating the properties that characterize this indicator and the method of pairwise comparisons used to determine the numerical values of the coefficients of importance of these properties. In this paper, we propose an approach for solving the task regarding the quantitative assessment of heterogeneous properties of information and the coefficients of their significance in the interests of information protection and to determine the influence of information properties that are set by the owner of the information security system on a generalized indicator of the value of information. At the same time, for the estimation of the numerical values of the considered properties of information, it is proposed to use the apparatus of the theory of fuzzy sets, and the determination of the corresponding coefficients of importance is carried out by the method of analysis of Saati hierarchies.","PeriodicalId":124623,"journal":{"name":"Сучасні інформаційні технології у сфері безпеки та оборони","volume":"40 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-12-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Сучасні інформаційні технології у сфері безпеки та оборони","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.33099/2311-7249/2020-39-3-53-60","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

In the context of ensuring the security of information in specific conditions, a number of difficulties arise due to the fact that the selected properties of information are heterogeneous and not commensurate, the areas of acceptable values of characteristics and properties of protection are not defined, which are derived from what is protected and directly depend on the properties the information itself, which in turn are set by the owner of the information. Moreover, it is of interest for the purpose of determining the value of protection, the definition of quantitative indicators of the properties of protection. Information security metrics in appropriate methodologies that are based on verification and risk-orientation approaches are not sufficiently informative, since they take into account only objective aspects of security, completely ignoring subjective ones. They do not allow to make sound judgments about the state of confidentiality, integrity and accessibility of information and the level of information security of the organization as a whole. In this regard, the authors propose an approach to determine the numerical value of a generalized indicator of the value of information on the basis of the logico-linguistic model of evaluating the properties that characterize this indicator and the method of pairwise comparisons used to determine the numerical values of the coefficients of importance of these properties. In this paper, we propose an approach for solving the task regarding the quantitative assessment of heterogeneous properties of information and the coefficients of their significance in the interests of information protection and to determine the influence of information properties that are set by the owner of the information security system on a generalized indicator of the value of information. At the same time, for the estimation of the numerical values of the considered properties of information, it is proposed to use the apparatus of the theory of fuzzy sets, and the determination of the corresponding coefficients of importance is carried out by the method of analysis of Saati hierarchies.

查看原文本刊更多论文

确定信息价值通用指标的安全数值

在特定条件下确保信息安全的背景下，由于所选择的信息属性是异质的、不相称的，特征和保护属性的可接受值范围没有定义，这是由受保护的内容衍生出来的，直接取决于信息本身的属性，而信息本身的属性又由信息所有者设定，因此产生了一些困难。此外，为了确定保护价值的目的，还定义了保护属性的定量指标。基于验证和面向风险的方法的适当方法中的信息安全度量不能提供足够的信息，因为它们只考虑安全的客观方面，而完全忽略了主观方面。它们不允许对信息的保密性、完整性和可访问性以及整个组织的信息安全水平做出合理的判断。在这方面，作者提出了一种确定信息价值广义指标数值的方法，该方法基于评估该指标特征的逻辑-语言模型和用于确定这些属性重要系数数值的两两比较方法。在本文中，我们提出了一种方法来解决关于信息异构属性及其重要性系数在信息保护利益中的定量评估任务，并确定信息安全系统所有者设置的信息属性对信息价值广义指标的影响。同时，对于所考虑的信息属性的数值估计，提出了利用模糊集理论的方法，并采用Saati层次分析法确定了相应的重要系数。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Сучасні інформаційні технології у сфері безпеки та оборони

自引率

0.00%

发文量