A linguistic model for assessing information system risks

Authors

  • Владимир Олегович Шапорин Odessa National Polytechnic University, Av. Shevchenko, 1, Odessa, Ukraine, 65044, Ukraine https://orcid.org/0000-0001-6494-7648
  • Петр Металинович Тишин Odessa National Polytechnic University, 1 Shevchenko ave., Odessa, Ukraine, 65044, Ukraine
  • Руслан Олегович Шапорин Odessa National Polytechnic University, 1 Shevchenko ave., Odessa, Ukraine, 65044, Ukraine https://orcid.org/0000-0003-4407-2367
  • Николай Борисович Копытчук Odessa National Polytechnic University, 1 Shevchenko ave., Odessa, Ukraine, 65044, Ukraine

DOI:

https://doi.org/10.15587/1729-4061.2015.48239

Keywords:

Coras methodology, asset, risk, fuzzy knowledge bases, linguistic variables. References

Abstract

Modern trends in the development of information systems require more appropriate ways of providing information security. The most important step in devising complex information protection is to analyze the risks in the target information system.

The study has revealed that the existing methods have several disadvantages such as absence of facts testifying to uncertain security threats and probabilistic approaches that do not account for the complexity of processes occurring in the system.

Given the difficulties and shortcomings, the authors have suggested that risks should be analyzed through the theory of fuzzy sets and linguistic variables. The approach includes development of fuzzy models allowing to assess risks as probable or emerging and to evaluate whether the information system assets are satisfactory.

The suggested approach can help analyze the risks of an information system, using natural language that is understood by any owner of the assets; it adds experience in security design.

Author Biographies

Владимир Олегович Шапорин, Odessa National Polytechnic University, Av. Shevchenko, 1, Odessa, Ukraine, 65044

Senior Lecturer

Department of computer intellectual systems and networks

Петр Металинович Тишин, Odessa National Polytechnic University, 1 Shevchenko ave., Odessa, Ukraine, 65044

Candidate of Physical and Mathematical Sciences

Department of Computer intellectual systems and networks

Руслан Олегович Шапорин, Odessa National Polytechnic University, 1 Shevchenko ave., Odessa, Ukraine, 65044

Candidate of Technical Sciences

Department of Computer intellectual systems and networks

Николай Борисович Копытчук, Odessa National Polytechnic University, 1 Shevchenko ave., Odessa, Ukraine, 65044

Doctor of Technical Sciences

Department of Computer intellectual systems and networks

References

  1. Mironova, V. G. (2012). Seti Petri–Markova kak instrument sozdaniya analiticheskikh modelei dlya osnovnykh vidov nesanktsionirovannogo dostupa v informatsionnoi sisteme. Doklady TUSURa, 2 (1 (25)), 20–24.
  2. Lund, M. S., Solhaug, B., Stolen, K. (2011). Model-Driven Risk Analysis. Springer-Verlag. Berlin, 55–62. doi: 10.1007/978-3-642-12323-8
  3. Yaqub, S. C. (2007). Relating CORAS diagrams and Markov chains. Master thesis. University of Oslo.
  4. Zadeh, L. A. (1997). Toward a theory of fuzzy information granulation and its centrality in human reasoning and fuzzy logic. Fuzzy Sets and Systems, 90 (2), 111–127. doi: 10.1016/s0165-0114(97)00077-8
  5. Azhmukhamedov, I. M. (2009). Modelirovanie na osnove ekspertnykh suzhdenii protsessa otsenki informatsionnoi bezopasnosti. AGTU bulletin. Upravlenie, vychislitel'naya tekhnika i informatika, 2, 101–109.
  6. Nieto-Morote, A., Ruz-Vila, F. (2011). A fuzzy approach to construction project risk assessment. International Journal of Project Management, 29 (2), 220–231. doi: 10.1016/j.ijproman.2010.02.002
  7. Shaporin, V. O., Tishin, P. M., Kopytchuk, N. B., Shaporin, R. O. (2014). Razrabotka nechetkikh lingvisticheskikh modelei atak dlya analiza riskov v raspredelennykh informatsionnykh sistemakh. Sovremennye informatsionnye i elektronnye tekhnologii: 15-ya mezhdunarodnaya nauchno-prakticheskaya konferentsiya, 131–132.
  8. Shaporin, V. O., Tishin, P. M., Kopytchuk, N. B., Shaporin, R. O. (2013). Otsenka veroyatnosti provedeniya ataki na setevye resursy s ispol'zovaniem apparata nechetkoi logiki. Elektrotekhnicheskie i komp'yuternye sistemy, 12 (88), 95–101.
  9. Nesterenko, S. A., Tishin, P. M., Makovetskii, A. S. (2013). Model' ontologii apriornogo podkhoda prognozirovaniya problemnykh situatsii v slozhnykh vychislitel'nykh sistemakh. Elektrotekhnicheskie i komp'yuternye sistemy, 10 (86), 111–119.
  10. Kopytchuk, N. B., Tishin, P. M., Tsyurupa, M. V. (2014). Protsedura sozdaniya nechetkikh modelei analiza riskov v slozhnykh vychislitel'nykh sistemakh. Elektrotekhnicheskie i komp'yuternye sistemy, 13 (89), 215–222.
  11. Ryzhov, A. P. (2003). Elementy teorii nechetkikh mnozhestv i ee prilozhenii. Dialog – MGU, 53–65.
  12. Shtovba, S. D. (2003). Proektirovanie nechetkikh sistem sredstvami MATLAB. Goryachaya liniya – Telekom, 263–275.
  13. Azhmukhamedov, I. M. (2012). Reshenie zadach obespecheniya informatsionnoi bezopasnosti na osnove sistemnogo analiza i nechetkogo kognitivnogo modelirovaniya. Monografiya. Astrakhan', 344.

Published

2015-08-25

How to Cite

Шапорин, В. О., Тишин, П. М., Шапорин, Р. О., & Копытчук, Н. Б. (2015). A linguistic model for assessing information system risks. Eastern-European Journal of Enterprise Technologies, 4(2(76), 30–35. https://doi.org/10.15587/1729-4061.2015.48239