Management of information protection based on the integrated implementation of decision support systems

Authors

DOI:

https://doi.org/10.15587/1729-4061.2017.111081

Keywords:

cyber security, object of informatization, decision support system, expert assessment, Delphi method

Abstract

We developed the method and the model for managing protection of objects of informatization, based on the integrated implementation of decision support systems for the tasks on cybersecurity. The proposed solutions differ from the existing ones by the possibility to automate the procedure of generating variants for controlling actions using the decision support system, designed as a web application. The described model for the coordination of experts' opinions is based on the Delphi method. The approach proposed makes it possible to coordinate expert opinions, including to take into account different interval estimates of the degree of protection and information security metrics of the objects of informatization.

Results are presented of testing under actual conditions at the enterprises of Ukraine the software complex "Decision support system for managing cyber security of an enterprise ‒ DMSSCSE". The DSS is adapted for the on-line work of experts. It was established that the DSS "DMSSCSE" makes it possible to improve effectiveness of the applied organizational and technical measures to protect objects of informatization. The proposed solutions enabled bringing down the cost of organizing comprehensive information protection systems by 12−15 % compared to the existing methods

Author Biographies

Valeriy Lakhno, European University Akademika Vernadskoho blvd., 16 V, Kyiv, Ukraine, 03115

Doctor of Technical Science, Associate Professor

Department of Managing Information Security

Valeriy Kozlovskii, National Aviation University Kosmonavta Komarova ave., 1, Kyiv, Ukraine, 03058

Doctor of Technical Sciences, Professor

Department of technical information security tools 

Yuliia Boiko, National Aviation University Kosmonavta Komarova ave., 1, Kyiv, Ukraine, 03058

Phd, Associate Professor

Department of Information Technology Security 

Andrii Mishchenko, National Aviation University Kosmonavta Komarova ave., 1, Kyiv, Ukraine, 03058

Doctor of Technical Science, Professor

Department of information security protection

Ivan Opirskyy, Lviv Polytechnic National University Stepana Bandery str., 12, Lviv, Ukraine, 79013

PhD, Associate Professor

Department of Information Security

References

  1. Radziwill, M., M. C. Benton (2017). Cybersecurity Cost of Quality: Managing the Costs of Cybersecurity Risk Management. arXiv. Available at: https://arxiv.org/ftp/arxiv/papers/1707/1707.02653.pdf
  2. Jalali, M. S., Siegel, M., Madnick, S. (2017). Decision Making and Biases in Cybersecurity Capability Development: Evidence from a Simulation Game Experiment. arXiv. Available at: https://arxiv.org/ftp/arxiv/papers/1707/1707.01031.pdf
  3. Gordon, L. A., Loeb, M. P., Zhou, L. (2016). Investing in Cybersecurity: Insights from the Gordon-Loeb Model. Journal of Information Security, 07 (02), 49–59. doi: 10.4236/jis.2016.72004
  4. Akhmetov, B., Lakhno, V., Boiko, Y., Mishchenko, A. (2017). Designing a decision support system for the weakly formalized problems in the provision of cybersecurity. Eastern-European Journal of Enterprise Technologies, 1 (2 (85)), 4–15. doi: 10.15587/1729-4061.2017.90506
  5. Kim, K., Kim, I., Lim, J. (2016). National cyber security enhancement scheme for intelligent surveillance capacity with public IoT environment. The Journal of Supercomputing, 73 (3), 1140–1151. doi: 10.1007/s11227-016-1855-z
  6. Li, S., Xu, L. D. (2017). Securing the Internet of Things. Syngress, 154.
  7. Rees, L. P., Deane, J. K., Rakes, T. R., Baker, W. H. (2011). Decision support for Cybersecurity risk planning. Decision Support Systems, 51 (3), 493–505. doi: 10.1016/j.dss.2011.02.013
  8. Chang, L.-Y., Lee, Z.-J. (2013). Applying fuzzy expert system to information security risk Assessment – A case study on an attendance system. 2013 International Conference on Fuzzy Theory and Its Applications (iFUZZY). doi: 10.1109/ifuzzy.2013.6825462
  9. Medhat, K., Ramadan, R. A., Talkhan, I. (2017). Security in Mission Critical Communication Systems. Advances in Wireless Technologies and Telecommunication, 270–291. doi: 10.4018/978-1-5225-2113-6.ch012
  10. Mai, B., Parsons, T., Prybutok, V., Namuduri, K. (2016). Neuroscience Foundations for Human Decision Making in Information Security: A General Framework and Experiment Design. Lecture Notes in Information Systems and Organisation, 91–98. doi: 10.1007/978-3-319-41402-7_12
  11. Elnajjar, A. E. A., Naser, S. S. A. (2017). DES-Tutor: An Intelligent Tutoring System for Teaching DES Information Security Algorithm. International Journal of Advanced Research and Development, 2 (1), 69–73.
  12. Fielder, A., Panaousis, E., Malacaria, P., Hankin, C., Smeraldi, F. (2016). Decision support approaches for cyber security investment. Decision Support Systems, 86, 13–23. doi: 10.1016/j.dss.2016.02.012
  13. Farhangi, H. (2016). Cyber-Security Vulnerabilities: An Impediment Against Further Development of Smart Grid. Power Systems, 77–93. doi: 10.1007/978-3-319-28077-6_6
  14. Lakhno, V., Tkach, Y., Petrenko, T., Zaitsev, S., Bazylevych, V. (2016). Development of adaptive expert system of information security using a procedure of clustering the attributes of anomalies and cyber attacks. Eastern-European Journal of Enterprise Technologies, 6 (9 (84)), 32–44. doi: 10.15587/1729-4061.2016.85600
  15. Goztepe, K. (2012). Designing Fuzzy Rule Based Expert System for Cyber Security. International Journal of Information Security Science, 1 (1), 13–19.
  16. Garae, J., Ko, R. K. L. (2017). Visualization and Data Provenance Trends in Decision Support for Cybersecurity. Data Analytics, 243–270. doi: 10.1007/978-3-319-59439-2_9
  17. Lakhno, V., Boiko, Y., Mishchenko, A., Kozlovskii, V., Pupchenko, O. (2017). Development of the intelligent decision-making support system to manage cyber protection at the object of informatization. Eastern-European Journal of Enterprise Technologies, 2 (9 (86)), 53–61. doi: 10.15587/1729-4061.2017.96662
  18. Page, J., Kaur, M., Waters, E. (2017). Directors’ liability survey: Cyber attacks and data loss–a growing concern. Journal of Data Protection & Privacy, 1 (2), 173–182.
  19. Guo, J., Wang, Y., Guo, C., Dong, S., Wen, B. (2016). Cyber-Physical Power System (CPPS) reliability assessment considering cyber attacks against monitoring functions. 2016 IEEE Power and Energy Society General Meeting (PESGM). doi: 10.1109/pesgm.2016.7741899
  20. Krishnan, G. S. S., Anitha, R., Lekshmi, R. S., Kumar, M. S., Bonato, A., Graña, M. (Eds.) (2014). Computational Intelligence, Cyber Security and Computational Models. Springer Science & Business Media, 416. doi: 10.1007/978-81-322-1680-3
  21. Liu, X., Li, Z. (2017). Trilevel modeling of cyber attacks on transmission lines. IEEE Transactions on Smart Grid, 8 (2), 720–729. doi: 10.1109/tsg.2015.2475701
  22. Nugraha, Y., Brown, I., Sastrosubroto, A. S. (2016). An Adaptive Wideband Delphi Method to Study State Cyber-Defence Requirements. IEEE Transactions on Emerging Topics in Computing, 4 (1), 47–59. doi: 10.1109/tetc.2015.2389661
  23. Johnson, A. M. (2009). Business and Security Executives Views of Information Security Investment Drivers: Results from a Delphi Study. Journal of Information Privacy and Security, 5 (1), 3–27. doi: 10.1080/15536548.2009.10855855
  24. Pruitt-Mentle, D. (2011). A Delphi Study of Research Priorities in Cyberawareness. Educational Technology Policy, Research and Outreach-CyberWatch. Available at: http://www.c3schools.org/etpro/Documents/2011/CISSE/Delphi_study_CISSE_2011_short_paper.pdf
  25. Savola, R. M. (2007). Towards a taxonomy for information security metrics. Proceedings of the 2007 ACM workshop on Quality of protection – QoP '07, 28–30. doi: 10.1145/1314257.1314266
  26. Rostami, M., Koushanfar, F., Karri, R. (2014). A Primer on Hardware Security: Models, Methods, and Metrics. Proceedings of the IEEE, 102 (8), 1283–1295. doi: 10.1109/jproc.2014.2335155
  27. Aggarwal, P., Gonzalez, C., Dutt, V. (2016). Cyber-Security: Role of Deception in Cyber-Attack Detection. Advances in Human Factors in Cybersecurity, 85–96. doi: 10.1007/978-3-319-41932-9_8
  28. Dang, Y., Wang, B., Brant, R., Zhang, Z., Alqallaf, M., Wu, Z. (2017). Anomaly Detection for Data Streams in Large-Scale Distributed Heterogeneous Computing Environments. ICMLG2017 5th International Conference on Management Leadership and Governance, 121.
  29. Ben-Asher, N., Gonzalez, C. (2015). Effects of cyber security knowledge on attack detection. Computers in Human Behavior, 48, 51–61. doi: 10.1016/j.chb.2015.01.039
  30. Liang, G., Weller, S. R., Zhao, J., Luo, F., Dong, Z. Y. (2017). The 2015 Ukraine Blackout: Implications for False Data Injection Attacks. IEEE Transactions on Power Systems, 32 (4), 3317–3318. doi: 10.1109/tpwrs.2016.2631891

Downloads

Published

2017-10-19

How to Cite

Lakhno, V., Kozlovskii, V., Boiko, Y., Mishchenko, A., & Opirskyy, I. (2017). Management of information protection based on the integrated implementation of decision support systems. Eastern-European Journal of Enterprise Technologies, 5(9 (89), 36–42. https://doi.org/10.15587/1729-4061.2017.111081

Issue

Vol. 5 No. 9 (89) (2017): Information and controlling system

Section

Information and controlling system

License

Copyright (c) 2017 Valeriy Lakhno, Valeriy Kozlovskii, Yuliia Boiko, Andrii Mishchenko, Ivan Opirskyy

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

The consolidation and conditions for the transfer of copyright (identification of authorship) is carried out in the License Agreement. In particular, the authors reserve the right to the authorship of their manuscript and transfer the first publication of this work to the journal under the terms of the Creative Commons CC BY license. At the same time, they have the right to conclude on their own additional agreements concerning the non-exclusive distribution of the work in the form in which it was published by this journal, but provided that the link to the first publication of the article in this journal is preserved.

A license agreement is a document in which the author warrants that he/she owns all copyright for the work (manuscript, article, etc.).
The authors, signing the License Agreement with TECHNOLOGY CENTER PC, have all rights to the further use of their work, provided that they link to our edition in which the work was published.
According to the terms of the License Agreement, the Publisher TECHNOLOGY CENTER PC does not take away your copyrights and receives permission from the authors to use and dissemination of the publication through the world's scientific resources (own electronic resources, scientometric databases, repositories, libraries, etc.).
In the absence of a signed License Agreement or in the absence of this agreement of identifiers allowing to identify the identity of the author, the editors have no right to work with the manuscript.
It is important to remember that there is another type of agreement between authors and publishers – when copyright is transferred from the authors to the publisher. In this case, the authors lose ownership of their work and may not use it in any way.