Presentation is loading. Please wait.

Presentation is loading. Please wait.

State University of Telecommunications

Published byReino Keskinen Modified over 4 years ago

Similar presentations

Presentation on theme: "State University of Telecommunications"— Presentation transcript:

1 State University of Telecommunications
Issues for formation of complex security information programs Zybin Serhii PhD, docent

2 Dear Chairman, participants, colleagues, I would like to introduce a report about one method of decision making support for formation of complex security information programs. There is main idea. This approach is based on the introduction of models and risks in the hierarchy of objective tasks and the goal evaluation of the tasks. Under the threat, we understand a condition of the environment, impacts the efficiency of the task. Complex goal-oriented program is executed in this environment. Risk is defined as a result of a random event that is caused by the influence of external relative factors.

3 To solve the problem of the state information security we can use decision support systems. Decision-making is a compulsory step for all kind of purposeful activities. The difficulty of decisions that are being made and requirements for their efficiency increase in the conditions of limited resources of all types and increase of activities. The complex program for ensuring of information security is a set of activities united by unity of global goals and shared resources. The main objectives are selection of programs to be included in the complex program and the resources distribution between programs. This complex program for ensuring of information security usually can be scheduled for long intervals of time, so we need to evaluate the effectiveness of programs in a given time interval.

4 It is necessary to take into account the possibility of threats and risks during developing the complex program. Analyse their impact we should provide measures for their counteraction or elimination.  We need to solve the following problems in the formation of the complex program for ensuring of information security considering the threats and risks: we need to determine the quantitative characteristics of threats and risks influence to the effectiveness of the complex program; we need to identify quantitative rates of the performance program considering threats and risks; we need to divide resources between counteraction means of threats and risks and programs with goal to increase information security.

5 Known methods for solving the first problem include the identification of risks. This is a qualitative analysis. Therefore, we should provide the probability estimation and the size of the possible damage. This is a quantitative analysis. However, the problem of estimation program effectiveness into account of risk cannot be solved and remains at the discretion of the expert - the decision maker. Moreover, the definition of damage in absolute terms is often impossible for the complex program for ensuring of information security.

6 The problem solving method of evaluating the relative effectiveness considering threats and risks is kindly developed on the basis of the methods of the solving this problem without taking into account these factors. Nowadays the most common methods got a multi-criteria evaluation of programs. The area of their application delimited by two conditions which must be satisfied by a specific task. The first condition is the existence of multiple criteria, which can be estimate like a separate alternative. The second condition is the ability of decision maker to evaluate in some way each alternative on separate criterion.

7 In the majority cases of the formation of complex programs the first condition does not performs because there are significant differences in the nature of the programs included in complex program. The second condition is very problematic. So the selection of the optimal alternative or ranking of a large number of variants requires taking into account of estimates for a large number of related criteria. This situation occurs during making decisions for the formation complex programs. Therefore, methods of decision support during the formation information security programs considering threats and risks can be developed by modification of the evaluation variants goal-oriented methods. The relative effectiveness of the programs should be evaluated as a time function, given at the planning interval. Therefore, the possibility of taking into account the time factor in the evaluation of programs is fundamental for decision-making support tasks.

8 The main idea of the proposed approach of the analysis of threats and risks consists in the events which cause threats or risks which are considered as an integral part of the program. This means threats or risks are part of the external environment impact program. Therefore, these program-models of threats or risks are included in the hierarchy program objectives. We establish connection with other programs and objectives. Thus, each of the program-models of threats or risks has at least one goal or program, the achievement of which has a direct impact. We define such objectives as direct above-goals program-model of threat or risk.

9 The influence of the threat and / or risk, as well as other programs, evaluates the degree impact on the achievement of the main objectives of the program. The effectiveness of the program is estimated to provide on availability of threats and risks in view of their probability characteristics. Such approach makes it possible to divide resources to parry the threats and risks on a par with the dividing of resources to programs that make up their essence.

10 It is necessary to solve a series of specific problems to implement the proposed approach. The first is associated with the development of mathematical models of threats and risks. It allows to include events that cause the threat and/or risk in hierarchy of objectives. The essence of the second problem consists in the development of method of impact quantitative evaluation of the threat and/or risk. The next problem is following: we should find ways to evaluate the relative effectiveness of the program at the presence of threats and risks.

11 An analysis of threats can reveal certain properties that characterize this concept. Firstly, it should be noted that the threat is a consequence of the event which is the occurrence of the situation, that are affecting on the program execution. However, the threat is a result of the certain group activities of people. The risk is mainly a result of a random event. Second, the intensity of the impact threat to the fulfilment of tasks is a random variable, which changes with the times. A common feature of the "threat" and "risk" concepts is the impact of the environment on program execution and the fact that they are the result of its impact on program execution.

12 Thanks for your attention.

Download ppt "State University of Telecommunications"

Similar presentations

Agency for Healthcare Research and Quality (AHRQ)

Agency for Healthcare Research and Quality (AHRQ)
Risk Management Introduction Risk Management Fundamentals

Risk Management Introduction Risk Management Fundamentals
Modeling and Simulation By Lecturer: Nada Ahmed. Introduction to simulation and Modeling.

Modeling and Simulation By Lecturer: Nada Ahmed. Introduction to simulation and Modeling.
METHODOLOGICAL BASES OF NATURE PROTECTION GEOINFORMATION SYSTEM CREATION Kyiv Mohyla Academy National Agricultural University V. Lavryk V. Bogolyubov 20-24.

METHODOLOGICAL BASES OF NATURE PROTECTION GEOINFORMATION SYSTEM CREATION Kyiv Mohyla Academy National Agricultural University V. Lavryk V. Bogolyubov
Multi‑Criteria Decision Making

Multi‑Criteria Decision Making
Lecture 5 Themes in this session Building and managing the data warehouse Data extraction and transformation Technical issues.

Lecture 5 Themes in this session Building and managing the data warehouse Data extraction and transformation Technical issues.
The Rational Decision-Making Process

The Rational Decision-Making Process
Unit 6 University of Sunderland COMM80 Risk Assessment of Systems Change Risk Assessment: the Generic Concept COMM80: Risk Assessment of Systems Change.

Unit 6 University of Sunderland COMM80 Risk Assessment of Systems Change Risk Assessment: the Generic Concept COMM80: Risk Assessment of Systems Change.
COMP8130 and COMP4130 Adrian Marshall Verification and Validation Risk Management Adrian Marshall.

COMP8130 and COMP4130 Adrian Marshall Verification and Validation Risk Management Adrian Marshall.
1 Risk evaluation Risk treatment. 2 Risk Management Process Risk Management Process.

1 Risk evaluation Risk treatment. 2 Risk Management Process Risk Management Process.
Expanded Version of COSO a presentation by Steve Wadleigh Expanded Version of COSO a presentation by Steve Wadleigh Standards for Internal Control in the.

Expanded Version of COSO a presentation by Steve Wadleigh Expanded Version of COSO a presentation by Steve Wadleigh Standards for Internal Control in the.
Title slide PIPELINE QRA SEMINAR. PIPELINE RISK ASSESSMENT INTRODUCTION TO GENERAL RISK MANAGEMENT 2.

Title slide PIPELINE QRA SEMINAR. PIPELINE RISK ASSESSMENT INTRODUCTION TO GENERAL RISK MANAGEMENT 2.
CONTACT SEMINAR 19-22 November 2008 Project management tools.

CONTACT SEMINAR November 2008 Project management tools.
Chapter 6 Training Evaluation

Chapter 6 Training Evaluation
1 Enviromatics 2008 - Decision support systems Decision support systems Вонр. проф. д-р Александар Маркоски Технички факултет – Битола 2008 год.

1 Enviromatics Decision support systems Decision support systems Вонр. проф. д-р Александар Маркоски Технички факултет – Битола 2008 год.
BA 427 – Assurance and Attestation Services

BA 427 – Assurance and Attestation Services
Second World Congress on Positive Psychology (July 23-26, 2011; Philadelphia, Pennsylvania, USA) Choice as self-orientation activity in real life situations.

Second World Congress on Positive Psychology (July 23-26, 2011; Philadelphia, Pennsylvania, USA) Choice as self-orientation activity in real life situations.
Presented by Johanna Lind and Anna Schurba Facility Location Planning using the Analytic Hierarchy Process Specialisation Seminar „Facility Location Planning“

Presented by Johanna Lind and Anna Schurba Facility Location Planning using the Analytic Hierarchy Process Specialisation Seminar „Facility Location Planning“
PRM 702 Project Risk Management Lecture #28

PRM 702 Project Risk Management Lecture #28
Chapter 1: Introduction to Statistics

Chapter 1: Introduction to Statistics

Similar presentations

Ads by Google