APPLICATION OF DSS IN THE TASKS OF ORGANIZATIONAL AND ECONOMIC PROVISION OF INFORMATION PROTECTION
DOI:
https://doi.org/10.32689/maup.it.2022.2.14Keywords:
information protection, information security, organizational and economic support, infrastructure management, decision support system, risk minimizationAbstract
Continuous organizational and economic support of the company’s information security procedures (IS) can minimize business risks, maximize return on investment, facilitate business opportunities, increase the company’s commercial image and competitive advantage. To ensure effective protection of information resources of the company (IR) and stable management of information security, companies must not only periodically perform information security assessments but also constantly analyze the processes for their corporate information systems. The model of organizational and economic support of effective protection of corporate information by formalizing the procedures of formalizing the task of optimizing the information protection system (IPS) is described. In this case, in contrast to existing approaches, the emphasis in the proposed solution is on mathematical-algorithmic and computer support of the decision-making procedure in the context of the tasks of information security management of the company. The proposed additions, together with traditional approaches, enable the defense party to determine the parameters of organizational management of the IPS infrastructure of the enterprise as effectively as possible. The outline of the decision support system (DSS) in the process of developing the infrastructure of the company’s information protection system is considered. In the conditions of shortage of qualified experts in the field of information security of companies, additions to the model are proposed. These additions allow taking into account the impact of human resources of IS experts on the management of the company’s IPS infrastructure. Recommendations are offered and the corresponding application software – DSS is described. The application of this decision support system will help minimize the risks associated with the lack of qualified information security experts in many companies.
References
Кузнецова Н. В. (2014). Деякі аспекти мінімізації інформаційних ризиків у банківскій діяльності. Системні дослідження та інформаційні технології, (1), 7–19.
Гордієнко Н., & Дмитро М. (2019). Захист великих даних та мінімізація ризиків втрати інформації. Λόгoσ. Онлайн. https://www.ukrlogos.in.ua/10.11232-2663-4139.04.32.html
Al-Moshaigeh A., Dickins D., & Higgs J. L. (2019). Cybersecurity Risks and Controls: Is the AICPA’s SOC for Cybersecurity a Solution? The CPA Journal, 89 (6), 36–41.
Amir E., Levi S., & Livne T. (2018). Do firms underreport information on cyber-attacks? Evidence from capital markets. Review of Accounting Studies, 23 (3), 1177–1206.
Erokhin Sergey & Petukhov Andrey & Pilyugin Pavel. (2021). Comparison of Information Security Systems for Asymptotic Information Security Management Critical Information Infrastructures. 89–95. 10.23919/FRUCT50888.2021.9347608
Alhayani B., Abbas S. T., Khutar D. Z., & Mohammed H. J. (2021). Best ways computation intelligent of face cyber attacks. Materials Today: Proceedings.
Dogaru D. I., & Dumitrache I. (2019). Cyber attacks of a power grid analysis using a deep neural network approach. Journal of Control Engineering and Applied Informatics, 21 (1), 42–50.
Krundyshev V., & Kalinin M. (2019, September). Hybrid neural network framework for detection of cyber attacks at smart infrastructures. In Proceedings of the 12th International Conference on Security of Information and Networks (pp. 1–7).
Цвілій О. О. (2014). Безпека інформаційних технологій: сучасний стан стандартів ISO27k системи управління інформаційною безпекою. Телекомунікаційні та інформаційні технології, (2), 73–79.
Sarker I. H., Kayes A. S. M., Badsha S., Alqahtani H., Watters P., & Ng A. (2020). Cybersecurity data science: an overview from machine learning perspective. Journal of Big data, 7 (1), 1–29.
Akhmetov B., Lakhno V., Akhmetov B., & Alimseitova Z. (2018, September). Development of sectoral intellectualized expert systems and decision making support systems in cybersecurity. In Proceedings of the Computational Methods in Systems and Software (pp. 162–171). Springer, Cham.
Naseer H., Maynard S. B., & Desouza K. C. (2021). Demystifying analytical information processing capability: The case of cybersecurity incident response. Decision Support Systems, 143, 113476.
Couce-Vieira A., Insua D. R., & Kosgodagan A. (2020). Assessing and forecasting cybersecurity impacts. Decision Analysis, 17 (4), 356–374.
Adla Abdelkader & Frendi Mohammed. (2021). A Decision Support Systemfor Commercial Lending. 326–331. DOI: 10.1109/DASA53625.2021.9682296
Хох В. Д., Мелешко Є. В., & Смірнов О. А. (2017). Дослідження методів аудиту систем управління інформаційною безпекою. Системи управління, навігації та зв’язку, (1), 38–42.
Donaldson S. E., Siegel S. G., Williams C. K., & Aslam A. (2015). Measuring a Cybersecurity Program. In Enterprise Cybersecurity (pp. 213–229). Apress, Berkeley, CA.
Ekstedt M., Johnson P., Lagerström R., Gorton D., Nydrén J., & Shahzad K. (2015). Securi cad by foreseeti: A cad tool for enterprise cyber security management. In 2015 IEEE 19th International Enterprise Distributed Object Computing Workshop (pp. 152–155). IEEE.
Radziwill N. M., & Benton M. C. (2017). Cybersecurity cost of quality: Managing the costs of cybersecurity risk management. arXiv preprint arXiv: 1707.02653.
Al-Dhahri S., Al-Sarti M., & Abdul A. (2017). Information security management system. International Journal of Computer Applications, 158 (7), 29–33.
Lakhno V. A. (2017). Development of a support system for managing the cyber security. Radio Electronics, Computer Science, Control, (2), 109–116. https://doi.org/10.15588/1607-3274-2017-2-12
Business Advantage. The State of Industrial Cybersecurity 2017. 2017. Available: https://go.kaspersky.com/rs/802-IJN-240/images/ICSWHITE PAPER.pdf
Senseon. The State of Cyber Security-SME Report 2019. 2019. Available: https://www.cbronline.com/wp-content/uploads/dlm_uploads/2019/08/
Cassar G., & Gibson B. (2007). Forecast rationality in small firms. Journal of Small Business Management, 45 (3), 283–302.
Chang S. E., & Ho C. B. (2006). Organizational factors to the effectiveness of implementing information security management. Industrial Management & Data Systems.
Burrell D. N. (2020). An exploration of the cybersecurity workforce shortage. In Cyber Warfare and Terrorism: Concepts, Methodologies, Tools, and Applications (pp. 1072–1081). IGI Global.
Ohta T., Takenaka M., Katou M., Masuoka R., Kayama K., Fukushima N., & Imai H. (2018). Cybersecurity solutions for major international events. FUJITSU SCIENTIFIC & TECHNICAL JOURNAL, 54 (4), 57–65.
Prislan K., Mihelič A., & Bernik I. (2020). A real-world information security performance assessment using a multidimensional socio-technical approach. PloS one, 15 (9), e0238739.
Bernik I., & Prislan K. (2016). Measuring information security performance with 10 by 10 model for holistic state evaluation. PloS one, 11 (9), e0163050.
Akhmetov B., Lakhno V., Yagaliyeva B., Kydyralina L., Oshanova N., Adilzhanova S. Conceptual Diagram of an Intelligent Decision Support System in the Process of Investing in Cybersecurity Systems, (2021) Journal of Theoretical and Applied Information Technology, 99 (18), pp. 4297–4310.
Lakhno V., Malyukov V., Kasatkin D., Blozva A., Zhyrova T., Kotenko N., Kotova M. Model for Supporting Decisions of Investors, Taking into Consideration Multifactoriality and Turnover, (2021) Communications in Computer and Information Science, 1388 CCIS, pp. 525–535.
Bebeshko B., Khorolska K., Kotenko N., Kharchenko O., & Zhyrova T. (2021). Use of neural networks for predicting cyberattacks. Paper presented at the CEUR Workshop Proceedings,, 2923, 213–223.
Lakhno V., Akhmetov B., Ydyryshbayeva M., Bebeshko B., Desiatko A., Khorolska K. (2021) Models for Forming Knowledge Databases for Decision Support Systems for Recognizing Cyberattacks. In: Vasant P., Zelinka I., Weber G. W. (eds) Intelligent Computing and Optimization. ICO 2020. Advances in Intelligent Systems and Computing, vol. 1324. Springer, Cham. https://doi.org/10.1007/978-3-030-68154-8_42
Khorolska K., Lazorenko V., Bebeshko B., Desiatko A., Kharchenko O., Yaremych V. (2022) Usage of Clustering in Decision Support System. In: Raj J. S., Palanisamy R., Perikos I., Shi Y. (eds) Intelligent Sustainable Systems. Lecture Notes in Networks and Systems, vol. 213. Springer, Singapore. https://doi.org/10.1007/978-981-16-2422-3_49