Assessment of confidentiality risks of information security of projects based on fuzzy logic

Abstract

One of the main components of enterprise information security management is its risk assessment. This is especially true for critical infrastructure enterprises and their business partners, including construction companies. However, measuring cybersecurity, even with the current skyrocketing costs of cybersecurity, remains an underdeveloped topic, so developing and agreeing on reliable ways to measure its risks and effectiveness is relevant for research. In many industries, the activities of enterprises are of a design nature and information security management must also be implemented within the framework of the project, which requires further research in this area. Given the incompleteness and vagueness of information about the components of information security, fuzzy logic is actively used in risk assessment models. The article proposes an approach for assessing the risks of violating the confidentiality of documents when solving information security problems of projects. The set of project documents is formalized in the form of a generalized hierarchical structure and the relationship of documents with operations and information systems that are used during operations with documents is determined. Based on the formalized structure of documents, a model has been developed for assessing the risk of violating the confidentiality of a document based on fuzzy logic, which allows one to take into account the incompleteness and blurring of data. The results of the work can be used when making decisions on information security measures for projects at enterprises with project activities, including at critical infrastructure enterprises, IT enterprises, construction companies and others. The proposed approaches can serve as a basis for the development of information technologies to automate the assessment of information security risks of projects.

Keywords: information security risk, project risk assessment, fuzzy logic, confidentiality risk.

References
1. Bharadwaj R. K. Manthaa, Borja Garcia de Sotob. “Cyber security challenges and vulnerability assessment in the construction industry”. Conference Creative Construction 2019. 29 June - 2 July 201. Budapest, Hungary. DOI:10.3311/CCC2019-005. PP 30-37.
2. Anikin, I. V., Emaletdinova L.Yu. “Analysis of approaches to assessing information security risks in corporate information networks”. Bulletin of Kazan State Power Engineering University. - 2015. NQ (25). PP. 55-67.
3. Construction Industry Institute. СII. CyberSecurity for Construction. July 21, 2021. [Electronic resource] URL: https://www.construction-institute.org/events/education/freewebinar-cybersecurity-for-construction.
4. NIST. Measurements for Information Security. Created September 15, 2020, Updated December 3, 2020. [Electronic resource] URL: https://www.nist.gov/cybersecurity/measurements-information-security.
5.Zadeh L.A. “Fuzzy sets”. Information and Control. 1965. Vol. 8. PP. 338–353.
6. Mishchenko A.V., Kurilo O.V., Zolotukhina O.A. “A vague model for assessing the security of information security and the level of security of ERP systems”. Telecommunications and Information Technologies. 2020. №1(66). DOI: 10.31673/2412-4338.2020.011451 c.142-151.
7. Common Vulnerability Scoring System v3.1. [Electronic resource] URL: https://www.first.org/cvss/v3.1/user-guide.
8. Shushura O. M. “Infological modeling of information systems subject industries in solving of fuzzy control tasks”. Link. 2018. № 2. PP. 53–56.
9. Oleksii Shushura, Liudmyla Asieieva, Iryna Husyeva, Mykhailo Stepanov, Oksana Datsiuk. “Construction of Membership Functions in Fuzzy Modeling Tasks Using the Analytic Hierarchy Process”. International Journal of Advanced Trends in Computer Science and Engineering. Volume 9, No.3, May - June 2020/ р.2702-2707. Https://DOI.org/10.30534/ijatcse/2020/33932020.