Finding the optimal way to build an information security system based on Markov chains

Objective. The study examined the main aspects of building an information security system from the point of view of optimizing the resources spent and funds to ensure information security. Method. In this subject area, the possibilities of structural-parametric models and Markov chains for identifying the optimal line for constructing a multi-level information security system are considered. Practice shows that the construction and implementation of a multi-level information security system reduces the possibility for an attacker of compromise and unauthorized access to protected information. Result. An analysis of the functionality of the constructed models was carried out as a means of finding the optimal way to build an information security system. An assessment of information security risks was carried out at the most vulnerable points in the information security processes. An approach to building a multi-level information security system using the functionality of structural-parametric models and Markov chains has been developed and proposed. A pattern has been formulated that makes it possible to determine the correctness of the constructed information security system based on the analysis and assessment of information security risks at the most vulnerable points of a multi-level information security system, in the process of transition from one state to another. Conclusion. Ensuring information security using mathematical modeling methods is a relevant and valuable tool based on the dynamism of threats and their uncertainty at different periods of time. The development, testing and implementation of new approaches based on modeling allows us to predict and prevent the most likely actions and steps of an attacker, thereby reducing the level of risk and possible damage to protected information resources and systems.

1. Dombrovskaya L. A., Yakovleva N. A., Stakhno R. E. Modern approaches to information protection, methods, means and tools of protection. Science, technology and education. 2016; 4 (22):16-19. (In Russ)

2. Ponomarev K. G., Koshelev S. O. Construction of an information security system for the state information system. Modern technologies: current issues, achievements and innovations. 2020;35-38. (In Russ)

3. Prokushev Ya. E., Ponomarenko S. V., Shishov N. V. Modeling processes for designing information security systems in critical information infrastructures. Computational nanotechnology. 2022;9(2): 45-55. (In Russ)

4. Modeling processes and information security systems [Text]: textbook / E. V. Stelmashonok, V. L. Stelmashonok; Ministry of Education and Science of the Russian Federation, Federal State Budgetary Educational Institution of Higher Education "St. Petersburg State Economic University", Department of Computer Systems and Programming. - St. Petersburg: Publishing house of the St. Petersburg State. Economic University, 2017; 75. (In Russ)

5. Ovchinnikov A.I. et al. Mathematical model of the optimal choice of means of protection against threats to the security of an enterprise computer network. Bulletin of the Moscow State Technical University. NE Bauman. Series "Instrument making". 2007;3:115-121. (In Russ)

6. Lipatnikov V. A., Parfirov V. A. Structural-parametric method of protecting a special-purpose information and telecommunication network in conditions of information conflict. Control, communication and security systems. 2023;4:105-156. (In Russ)

7. Menshikh V.V., Chirkova N.E. Construction of a structural-parametric model of a heterogeneous security system using metagraph theory. Bulletin of the Voronezh Institute of the Ministry of Internal Affairs of Russia. 2021; 1: 54-61. (In Russ)

8. Kasenov A. A. et al. Markov model for optimizing information security tools. Dynamics of systems, mechanisms and machines. 2019;7( 4): 77-84. (In Russ)

9. Shcheglov K. A., Shcheglov A. Yu. Markov models of threats to the security of an information system. News of higher educational institutions. Instrumentation. 2015; 58(12): 957-965. (In Russ)

10. GOST R ISO 22301-2021 Reliability in technology. Business continuity management systems. Requirements. (In Russ)

11. GOST R ISO/IEC 27001-2021 Information technology. Methods and means of ensuring security. Information security management systems. Requirements; (In Russ)

12. Solovyov S.V. et al. State and prospects for the development of methodological support for technical information protection in information systems. Issues of cybersecurity. 2023; 1: 41-57. (In Russ)

13. Makarova D. G., Starikova A. A., Taratynova U. V. Construction of an information protection system for the state information system using international standards. Interexpo Geo-Siberia. 2017; 8: 226-230. (In Russ)

14. Kozharsky Yu. A., Maseev D. D. Features of constructing a system for ensuring information security at an enterprise. National Science. 2023;1(6): 25-32. (In Russ)

15. Modeling of information security processes and systems. AnyLogic [Text]: tutorial / A. V. Shaburova, V. A. Selifanov, V. V. Selifanov, P. A. Zvyagintseva, Yu. A. Isaeva, A. S. Goldobina, A. V. Selifanov. – Novosibirsk: SGUGiT, 2020;70. (In Russ)