Comparison of explicit and fuzzy approaches to the solution of information security problems
Abstract
A comparison of explicit and fuzzy approaches to identify their similarities and differences is carried out. In the problem of distribution of resources of information protection the principles of the formation of the membership functions to the fuzzy sets and their effect on the final results are analyzed. It is shown that the fuzzy approach gives the possibility to optimize the indicators of the system of information security through a rational choice of the membership functions, which reflect the basic characteristic of the objects - their dynamic vulnerability. Through the example of the system of two objects with different vulnerabilities the conditions under which the highest level of results coincidence is achieved using two approaches are established. The technique can be used when calculating the eligible costs of information systems with an arbitrary number of objects that have different volume of the placed information, vulnerability and level of acceptable losses. The ways of further application of the method in problems of information security are identified.References
Zadeh L.A. Fuzzy sets // Information and Control. — 1965. — № 8. — P. 338–353.
Bellman R.E., Zadeh L.A. Decision-making in a fuzzy environment // Management Science. — 1970. — 17, № 4. — P. 141–164.
Кравченко В.І., Левченко Є.Г. Використання теорії нечітких множин для визначення витрат на захист інформації // НТЖ "Захист інформації". — 2011. — № 1(50). — С. 85–90.
Левченко Є.Г., Рабчун А.О. Оптимізаційні задачі менеджменту інформаційної безпеки // НТЖ «Сучасний захист інформації». — 2010. — № 1. — С. 16–23.
Gordon L.A., Loeb M.P. Return on Information Security Investments: Myths vs. Reality // Strategic Finance. — 2002. — November. — P. 26–31.
Gordon L.A., Loeb M.P. The Economics of Information Security Investment, ACM Transactions on Information and System Security. — 2002. — 5, № 4, November. — P. 438–457.
Левченко Є.Г., Демчишин М.В., Рабчун А.О. Математичні моделі економічного менеджменту інформаційної безпеки // Системні дослідження та інформаційні технології. — 2011. — № 4. — С. 88–96.
