Development of a model for choosing strategies for investing in information security

Authors

DOI:

https://doi.org/10.15587/1729-4061.2021.228313

Keywords:

Smart City, optimal funding strategies, decision support, Python, Plotly library

Abstract

This paper has proposed a model of the computational core for the decision support system (DSS) when investing in the projects of information security (IS) of the objects of informatization (OBI). Including those OBI that can be categorized as critically important. Unlike existing solutions, the proposed model deals with decision-making issues in the ongoing process of investing in the projects to ensure the OBI IS by a group of investors. The calculations were based on the bilinear differential quality games with several terminal surfaces. Finding a solution to these games is a big challenge. It is due to the fact that the Cauchy formula for bilinear systems with arbitrary strategies of players, including immeasurable functions, cannot be applied in such games. This gives grounds to continue research on finding solutions in the event of a conflict of multidimensional objects. The result was an analytical solution based on a new class of bilinear differential games. The solution describes the interaction of objects investing in OBI IS in multidimensional spaces. The modular software product "Cybersecurity Invest decision support system " (Ukraine) for the Windows platform is described. Applied aspects of visualization of the results of calculations obtained with the help of DSS have been also considered. The Plotly library for the Python algorithmic language was used to visualize the results. It has been shown that the model reported in this work can be transferred to other tasks related to the development of DSS in the process of investing in high-risk projects, such as information technology, cybersecurity, banking, etc.

Author Biographies

Valeriy Lakhno, National University of Life and Environmental Sciences of Ukraine

Doctor of Technical Sciences, Professor

Department of Computer Systems and Networks

Volodimir Malyukov, National University of Life and Environmental Sciences of Ukraine

Doctor of Physical and Mathematical Sciences, Associate Professor

Department of Computer Systems and Networks

Berik Akhmetov, National Aviation University

PhD

Department of Information Technology Security

Dmytro Kasatkin, National University of Life and Environmental Sciences of Ukraine

PhD, Associate Professor

Department of Computer Systems and Networks

Liubov Plyska, National University of Life and Environmental Sciences of Ukraine

Postgraduate Student

Department of Computer Systems and Networks

References

  1. Cui, M., Wang, J., Yue, M. (2019). Machine Learning-Based Anomaly Detection for Load Forecasting Under Cyberattacks. IEEE Transactions on Smart Grid, 10 (5), 5724–5734. doi: https://doi.org/10.1109/tsg.2018.2890809
  2. Yulianto, S., Lim, C., Soewito, B. (2016). Information security maturity model: A best practice driven approach to PCI DSS compliance. 2016 IEEE Region 10 Symposium (TENSYMP). doi: https://doi.org/10.1109/tenconspring.2016.7519379
  3. Akdeniz, E., Bagriyanik, M. (2016). A knowledge based decision support algorithm for power transmission system vulnerability impact reduction. International Journal of Electrical Power & Energy Systems, 78, 436–444. doi: https://doi.org/10.1016/j.ijepes.2015.11.041
  4. Lakhno, V., Malyukov, V., Roskladka, A., Rzaieva, S., Gamaliy, V., Kraskevich, V., Kasatkina, O. (2021). Computer Support System for Choosing the Optimal Managing Strategy by the Mutual Investment Procedure in Smart City. Advances in Intelligent Systems and Computing, 278–287. doi: https://doi.org/10.1007/978-3-030-50454-0_26
  5. Kim, A. C., Lee, S. M., Lee, D. H. (2012). Compliance risk assessment measures of financial information security using system dynamics. International Journal of Security and Its Applications, 6 (4), 191–200.
  6. Fazlida, M. R., Said, J. (2015). Information Security: Risk, Governance and Implementation Setback. Procedia Economics and Finance, 28, 243–248. doi: https://doi.org/10.1016/s2212-5671(15)01106-5
  7. Joshi, C., Singh, U. K. (2017). Information security risks management framework – A step towards mitigating security risks in university network. Journal of Information Security and Applications, 35, 128–137. doi: https://doi.org/10.1016/j.jisa.2017.06.006
  8. Bergström, E., Lundgren, M., Ericson, Å. (2019). Revisiting information security risk management challenges: a practice perspective. Information & Computer Security, 27 (3), 358–372. doi: https://doi.org/10.1108/ics-09-2018-0106
  9. Chhetri, S. R., Rashid, N., Faezi, S., Al Faruque, M. A. (2017). Security trends and advances in manufacturing systems in the era of industry 4.0. 2017 IEEE/ACM International Conference on Computer-Aided Design (ICCAD). doi: https://doi.org/10.1109/iccad.2017.8203896
  10. Vaseashta, A. (2018). Roadmapping the Future in Defense and Security: Innovations in Technology Using Multidisciplinary Convergence. Advanced Nanotechnologies for Detection and Defence Against CBRN Agents, 3–14. doi: https://doi.org/10.1007/978-94-024-1298-7_1
  11. Schatz, D., Bashroush, R. (2016). Economic valuation for information security investment: a systematic literature review. Information Systems Frontiers, 19 (5), 1205–1228. doi: https://doi.org/10.1007/s10796-016-9648-8
  12. Filimonova, L. A., Skvortsova, N. K. (2017). On Issue of Algorithm Forming for Assessing Investment Attractiveness of Region Through Its Technospheric Security. IOP Conference Series: Materials Science and Engineering, 262, 012196. doi: https://doi.org/10.1088/1757-899x/262/1/012196
  13. Gordon, L. A., Loeb, M. P., Lucyshyn, W., Sohail, T. (2006). The impact of the Sarbanes-Oxley Act on the corporate disclosures of information security activities. Journal of Accounting and Public Policy, 25 (5), 503–530. doi: https://doi.org/10.1016/j.jaccpubpol.2006.07.005
  14. Gordon, L. A., Loeb, M. P., Lucyshyn, W. (2003). Sharing information on computer systems security: An economic analysis. Journal of Accounting and Public Policy, 22 (6), 461–485. doi: https://doi.org/10.1016/j.jaccpubpol.2003.09.001
  15. Wang, Q., Zhu, J. (2018). Research on the game of information security investment based on the Gordon-Loeb model. Journal on Communications, 39 (2), 174–182. doi: https://doi.org/10.11959/j.issn.1000-436x.2018027
  16. Li, X. (2020). Decision making of optimal investment in information security for complementary enterprises based on game theory. Technology Analysis & Strategic Management, 1–15. doi: https://doi.org/10.1080/09537325.2020.1841158
  17. Weishäupl, E., Yasasin, E., Schryen, G. (2018). Information security investments: An exploratory multiple case study on decision-making, evaluation and learning. Computers & Security, 77, 807–823. doi: https://doi.org/10.1016/j.cose.2018.02.001
  18. Akhmetov, B., Lakhno, V., Akhmetov, B., Alimseitova, Z. (2018). Development of Sectoral Intellectualized Expert Systems and Decision Making Support Systems in Cybersecurity. Advances in Intelligent Systems and Computing, 162–171. doi: https://doi.org/10.1007/978-3-030-00184-1_15
  19. Fu, Y., Zhu, J., Gao, S. (2017). CPS Information Security Risk Evaluation System Based on Petri Net. 2017 IEEE Second International Conference on Data Science in Cyberspace (DSC). doi: https://doi.org/10.1109/dsc.2017.65
  20. Diesch, R., Pfaff, M., Krcmar, H. (2020). A comprehensive model of information security factors for decision-makers. Computers & Security, 92, 101747. doi: https://doi.org/10.1016/j.cose.2020.101747
  21. Haqaf, H., Koyuncu, M. (2018). Understanding key skills for information security managers. International Journal of Information Management, 43, 165–172. doi: https://doi.org/10.1016/j.ijinfomgt.2018.07.013
  22. Silva, M. M., de Gusmão, A. P. H., Poleto, T., Silva, L. C. e, Costa, A. P. C. S. (2014). A multidimensional approach to information security risk management using FMEA and fuzzy theory. International Journal of Information Management, 34 (6), 733–740. doi: https://doi.org/10.1016/j.ijinfomgt.2014.07.005
  23. Safa, N. S., Von Solms, R. (2016). An information security knowledge sharing model in organizations. Computers in Human Behavior, 57, 442–451. doi: https://doi.org/10.1016/j.chb.2015.12.037
  24. Lakhno, V., Malyukov, V., Gerasymchuk, N., Shtuler, I. (2017). Development of the decision making support system to control a procedure of financial investment. Eastern-European Journal of Enterprise Technologies, 6 (3 (90)), 35–41. doi: https://doi.org/10.15587/1729-4061.2017.119259
  25. Dor, D., Elovici, Y. (2016). A model of the information security investment decision-making process. Computers & Security, 63, 1–13. doi: https://doi.org/10.1016/j.cose.2016.09.006
  26. Pontryagin, L. S., Mishchenko, A. S. (1988). The Linear Differential Game of Pursuit (Analytic Theory). Mathematics of the USSR-Sbornik, 59 (1), 129–154. doi: https://doi.org/10.1070/sm1988v059n01abeh003128
  27. Pontryagin, L. S. (1978). Optimization in differential games. Russian Mathematical Surveys, 33 (6), 25–32. doi: https://doi.org/10.1070/rm1978v033n06abeh003895
  28. Friesz, T. L. (2010). Dynamic optimization and differential games. Vol. 135. Springer, 502. doi: https://doi.org/10.1007/978-0-387-72778-3
  29. Fibich, G., Gavious, A., Lowengart, O. (2003). Explicit Solutions of Optimization Models and Differential Games with Nonsmooth (Asymmetric) Reference-Price Effects. Operations Research, 51 (5), 721–734. doi: https://doi.org/10.1287/opre.51.5.721.16758
  30. Gromov, D., Gromova, E. (2017). On a Class of Hybrid Differential Games. Dynamic Games and Applications, 7 (2), 266–288. doi: https://doi.org/10.1007/s13235-016-0185-3
  31. Krasovskii, N. N. (1972). Extremal control in a nonlinear differential game. Journal of Applied Mathematics and Mechanics, 36 (6), 930–947. doi: https://doi.org/10.1016/0021-8928(72)90026-3

Downloads

Published

2021-04-30

How to Cite

Lakhno, V., Malyukov, V., Akhmetov, B., Kasatkin, D., & Plyska, L. (2021). Development of a model for choosing strategies for investing in information security. Eastern-European Journal of Enterprise Technologies, 2(3 (110), 43–51. https://doi.org/10.15587/1729-4061.2021.228313

Issue

Vol. 2 No. 3 (110) (2021): Control processes

Section

Control processes

License

Copyright (c) 2021 Валерій Анатолійович Лахно, Володимир Павлович Малюков, Берiк Бахитжанович Ахметов, Дмитро Юрійович Касаткін, Любов Дмитрівна Плиска

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

The consolidation and conditions for the transfer of copyright (identification of authorship) is carried out in the License Agreement. In particular, the authors reserve the right to the authorship of their manuscript and transfer the first publication of this work to the journal under the terms of the Creative Commons CC BY license. At the same time, they have the right to conclude on their own additional agreements concerning the non-exclusive distribution of the work in the form in which it was published by this journal, but provided that the link to the first publication of the article in this journal is preserved.

A license agreement is a document in which the author warrants that he/she owns all copyright for the work (manuscript, article, etc.).
The authors, signing the License Agreement with TECHNOLOGY CENTER PC, have all rights to the further use of their work, provided that they link to our edition in which the work was published.
According to the terms of the License Agreement, the Publisher TECHNOLOGY CENTER PC does not take away your copyrights and receives permission from the authors to use and dissemination of the publication through the world's scientific resources (own electronic resources, scientometric databases, repositories, libraries, etc.).
In the absence of a signed License Agreement or in the absence of this agreement of identifiers allowing to identify the identity of the author, the editors have no right to work with the manuscript.
It is important to remember that there is another type of agreement between authors and publishers – when copyright is transferred from the authors to the publisher. In this case, the authors lose ownership of their work and may not use it in any way.