The correlation of expenses in multi-barrier information security systems
Abstract
Economic optimization problems of information security are aimed at addressing two major problems: determining the optimal amount of investment in information security, which provides the best economic performance and optimizing the resource allocation between objects. The transition to multilevel multi-barrier systems significantly expands the problem and raises a number of issues arising from the complexity of the structure and physical layout of individual items. We consider a series-parallel layout of obstacles, which contains common obstacles for all objects and individual obstacles. The feasibility of introducing of an additional obstacle at the constant information security budget, depending on vulnerabilities of obstacles and the information distribution between objects, was analyzed. The method was developed and the results of calculations of optimal allocation of resources between the common and individual barriers were presented. Conditions of correlation were considered between the optimal allocation of resources aimed at individual obstacles. The results may be useful in developing recommendations for the creation of optimal information security systems and the resources management.References
Gordon L.A., Loeb M.P. The Economics of Information Security Investment // ACM Transactions on Information and System Security. — 2002. — 5, № 4. — P. 438–457.
Zadiraka V.K., Oleksyuk O.S., Smolenyuk R.P., Shtabalyuk P.I. Finansuvannya vytrat na zakhyst informatsiyi v ekonomichniy diyal'nosti // Universytet·s'ki naukovi zapysky. — 2006. — # 3–4 (19–20). — S. 479–490.
Rabchun A.O. Optymizatsiya sumarnykh vtrat v sferi zakhystu informatsiyi // Bezpeka informatsiyi. — 2012. — # 1. — S. 32–36.
Levchenko Ye.H. Optymizatsiya rozpodilu resursiv mizh ob"yektamy zakhystu informatsiyi // NTZh "Zakhyst informatsiyi". — 2007. — # 1. — S. 33–38.
Prus R.B. Optymizatsiya rozpodilu resursiv zakhystu informatsiyi v dynamichnomu rezhymi // Bezpeka informatsiyi. — 2012. — # 1. — S. 26–32.
Demchyshyn M.V., Levchenko Ye.H. Optymizatsiya rozpodilu resursiv pry provedenni rozvidky v informatsiynomu protystoyanni // Systemni doslidzhennya ta informatsiyni tekhnolohiyi. — 2012. — # 4. — S. 56–63.
Levchenko Ye.H., Prus R.B., Rabchun A.O. Pokaznyky bahatostupinchastykh system zakhystu informatsiyi // Visnyk Inzhenernoyi akademiyi Ukrayiny. — 2009. — # 1. — S. 61–65.
Levchenko Ye.H., Rabchun A.O. Optymizatsiyni zadachi menedzhmentu informatsiynoyi bezpeky // Suchasnyy zakhyst informatsiyi. — 2010. — # 1. — S. 16–23.
Levchenko Ye.H., Prus R.B., Rabchun D.I. Pokaznyky produktyvnosti vytrat na zakhyst informatsiyi // Bezpeka informatsiyi. — 2012. — # 2. — S. 6–11.
Demchyshyn M.V., Levchenko Ye.H. Vplyv vrazlyvosti ob"yektiv na rozv"yazok pryamoyi ta zvorotnoyi zadach menedzhmentu informatsiynoyi bezpeky // Systemni doslidzhennya ta informatsiyni tekhnolohiyi. — 2012. — # 3. — S. 43–57.
Levchenko Ye.H., Demchyshyn M.V., Rabchun A.O. Matematychni modeli ekonomichnoho menedzhmentu informatsiynoyi bezpeky // Systemni doslidzhennya ta informatsiyni tekhnolohiyi. — 2011. — # 4. — S. 88–96.
Matsuura K. Productivity Space of Information Security in an Extension of the Gordon-Loeb's Investment Model // The Seventh Workshop on the Economics of Information Security. June 25–28, Hanover, USA. — 2008.
Lui W., Tanaka H., Matsuura K. Empirical – Analysis Methodology for Information – Security Investment and its Application to a Reliable Survey of Japanese Firms // Information Proceeding of Japan Digital Courier. — 2007. — 3. — Р. 585–599.