Abstract
The analysis shows that the insufficient level of information security in service networks is the main cause of huge losses for enterprises. Despite the appearance of a number of works to solve this problem, there is currently no unified system for assessing information security. This shows that this problem has not yet been sufficiently studied and relevant. This work is one of the steps towards creating a system for assessing information security in service networks.
The purpose of the work is to develop an algorithm and simulation model, analyze the results of the simulation model to determine the main characteristics of the information security system (ISS), providing the ability to completely close all possible channels of threats by controlling all unauthorized access (UA) requests through the protection mechanism (PM).
To solve the problem, a simulation method was applied using the principles of queuing systems (QS). This method makes it possible to obtain the main characteristics of the ISS from the UA with an unlimited amount of buffer memory (BM). Models, an algorithm and a methodology for the development of ISS from UA are proposed, which is considered as a single-phase multi-channel QS with an unlimited volume of BM. The process of obtaining simulation results was implemented in the GPSS World modeling system and comparative analyzes of the main characteristics of the ISS were carried out for various laws of distribution of output parameters. At the same time, UA requests were the simplest flows, and the service time was subject to exponential, constant and Erlang distribution laws.
Conducted experiments based on the proposed models and algorithm for analyzing the characteristics of the ISS from the UA as a single-phase multi-channel QS with unlimited waiting time for requests in the queue confirmed the expected results. The results obtained can be used to build new or modify existing ISS in corporate networks for servicing objects for various purposes. This work is one of the approaches to generalizing the problems under consideration for systems with an unlimited volume of BM. Prospects for further research include research and development of the principles of hardware and software implementation of ISS in service networks.
References
B.G. Ismailov. Modelling and analysis of the security system information in service networks. Problemi ínformatizatsíí̈ ta upravlínnya.Vol.1, №69,P.46-53..2022. doi:10.1 837 2/2073-4751.6 9.16812. (in English).
L.Fan, Y.Wang, X.Cheng, J.Li, S.Jin. Privacy theft malware multi-process collaboration analysis. Security and Communication Networks.8 (1): pp.51– 67.2013. doi:10.10 02/sec. 705. (in English).
E.Gal-Or, and A.Ghose, The Economic Incentives for Sharing Security Information. Information Systems Research, 16, pp.186-208. 2005. https://doi.org/10.1287/isre.1050.0053. (in English).
L.A. Gordon, M. P. Loeb. The Economics of Information Security Investment. ACM Transactions on Information and System Security. 5 (4): November 2002, pp.438–457. doi:10.1145/58 127 1.5812 74. S2CID 1500788. (in English).
K. Matsuura, Productivity Space of Information Security in an Extension of the Gordon-Loeb’s Investment Model. In: Johnson, M.E., Ed., Managing Information Risk and the Economics of Security, Springer, Boston, pp.99-119. 2009. https://doi.org/10.1007/978-0-387-09762-6_5. (in English).
S. E.Fienberg, A. B. Slavković, Data Privacy and Confidentiality. International Encyclopedia of Statistical Science, pp. 342–345, 2011. doi:10.1007/978-3-642-04898-2_202. (in English).
V. Pevnev. Model Threats and Ensure the Integrity of Information. Systems and Technologies. 2 (56), pp.80-95. 2018. doi:10.32836/2521-66 43-2018.2-56.6. (in English).
M. Ezhei, and B.T.Ladani, Information Sharing vs. Privacy: A Game Theoretic Analysis. Expert Systems with Applications, 88, 327-337. 2017. https://doi.org/10.1016/j.eswa.2017.06.042. (in English).
Fowler Kevvie Developing a Computer Security Incident Response Plan. Data Breach Preparation and Response, Elsevier, pp. 49–77, retrieved June 5, 2021.doi:10.1016/b978-0-12-803451-4.00003-4. (in English).
D. B. Parker. A Guide to Selecting and Implementing Security Controls. Information Systems Security. 3 (2): pp.75-86. 1994.doi:10.1080/10658989 4093 42459. (in English).
H.S.Venter, J.H.P. Eloff, A taxonomy for information security technologies. Computers & Security. 22 (4): pp.299-307. 2003. doi: 10. 1016/S0167-4048(03)00406-1. (in English).
Authorization and approval program. Internal Controls Policies and Procedures, Hoboken, NJ, US: John Wiley & Sons, Inc., October 23, 2015pp. 69–72, retrieved June1, 2021.doi:10.1002/9781119 20 39 64.ch10.(in English).
A. Almehmadi, El-Khatib Kh. Proceedings of the 6th International Conference on Security of Information and Networks. Sin '13.US: ACMPress. New York, 2013. pp.363-367. doi:10.1145/2 52 3514.25 23612. (in English).
G.Loukas, G.Oke, Protection Against Denial of Service Attacks: A Survey. Comput. J. 53 (7): September 2018 [August 2009] pp.1020–1037. Archived from the original on March 24, 2012.Retrieved August 28, 2015.doi: 10.1 093/com jnl/bxp078. (in English).
T. Keyser. Security policy.The Information Governance Toolkit, CRC Press, pp. 57-62, April 19 2018.retrieved May 28, 2021. doi:10.1201/978 1315385488-13. (in English).
J. E. Boritz. IS Practitioners' Views on Core Concepts of Information Integrity. International Journal of Accounting Information Systems. Elsevier 6 (4): pp.260–279. 2005.doi:10.1016/ j. accinf. 2005. 07.001. (in English).
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
Copyright (c) 2024 Vagif Gasimov, Balami Ismailov