Fuzzy simulation of integrity break risks of project documents

Abstract

Simulation and risk management in accordance with international standards is the basis for building an information security policy of the enterprise. An overview of the current state of development in this area, the current update of cybersecurity tasks and the corresponding increase in costs indicate the need to develop new approaches to measuring information security risks. One of the possible areas of research is the simulation of project security risks, as project activities are inherent in enterprises of many industries, including IT companies, construction companies and others. In the article the issue of information security of the project is considered on the basis of its formal presentation in the form of a set of documents and operations on them. During the processing of each document, which generally includes the creation, storage, editing and transmission of the document, there are risks of breach of its confidentiality, integrity or accessibility. Blurring and incomplete information regarding the characteristics of information security risks of documents necessitates using of fuzzy logic to formalize them. In this paper, a model is proposed to assess the possibility of violation of the integrity of project documents and the damage from such a violation on the basis of the mathematical apparatus of fuzzy logic. The developed model has a generalized structure, as it is based on the formalization of set of project documents and operations on them using certain information systems and personnel. To assess the damage from the implementation of the threat of violation of the document integrity, it is proposed to use the method of hierarchies analysis on the basis of the tree of criteria. The developed model can be used in the creation of specialized information systems for risk assessment of projects and used to manage information security in enterprises whose activities are of a project nature.

Keywords: information security risk, project risk assessment, fuzzy logic, risk of integrity breach.

References
1. ISMS Framework. [Electronic resource] URL: https://www.enisa.europa.eu /topics/threat-risk-management/risk-management/current-risk/risk-management-inventory/rm-isms/framework.
2. Zadeh L.A. Fuzzy sets // Information and Control. – 1965. – Vol. 8. – PP. 338–353.
3. Anikin, I. V., Emaletdinova L.Yu. “Analysis of approaches to assessing information security risks in corporate information networks”. Bulletin of Kazan State Power Engineering University. - 2015. NQ (25). PP. 55-67.
4. Mishchenko A.V., Kurilo O.V., Zolotukhina O.A. “A vague model for assessing the security of information security and the level of security of ERP systems”. Telecommunications and Information Technologies. 2020. №1(66). DOI: 10.31673/2412-4338.2020.011451 c.142-151.
5. Bharadwaj R. K. Manthaa, Borja Garcia de Sotob. “Cyber security challenges and vulnerability assessment in the construction industry”. Conference Creative Construction 2019. 29 June - 2 July 201. Budapest, Hungary. DOI:10.3311/CCC2019-005. PP 30-37.
6. Construction Industry Institute. СII. CyberSecurity for Construction. July 21, 2021. [Electronic resource] URL: https://www.construction-institute.org/events/education/free-webinar-cybersecurity-for-construction.
7. NIST. Measurements for Information Security. Created September 15, 2020, Updated December 3, 2020. [Electronic resource] URL: https://www.nist.gov/cybersecurity/measurements -information-security.
8. Asieieva L.A. Shushura O. M. Assessment of confidentiality risks of information security of projects based on fuzzy logic. Telecommunications and information technologies. 2021. № 1 (70). Kyiv 2021. ISSN 2412-4338. DOI:10.31673/2412-4338.2021.0108895 . С. 88-95.
9. Common Vulnerability Scoring System v3.1. [Electronic resource] URL:https://www.first.org/cvss/v3.1/user-guide.
10. Shushura O. M. “Infological modeling of information systems subject industries in solving of fuzzy control tasks”. Link. 2018. № 2. PP. 53–56.