EXPERIMENTAL EVALUATION OF THE OPERATIONAL CHARACTERISTICS OF INFORMATION PROTECTION SYSTEMS

Objective. The article is devoted to solving the practical problem of evaluating the operational indicator of the quality characteristics of the information security system usability.

Methods. Evaluation of the operational characteristics of software systems can be performed theoretically and by measurement. Since the theoretical  assessment of operational characteristics has some disadvantages and  limitations, an experimental assessment is advisable. Simultaneously, it is  advisable to use the "Complexity" indicator of a typical operation performed by a security administrator, which expresses the average time of its  execution as the primary indicator of the quality of the functioning of the information security system usability. Measurement evaluation of the  operational characteristics of the information security system was carried out using the eye and mouse movement tracking methods.

Results. The article provides an assessment of the "Complexity" indicator of all typical operations performed by the security administrator during the  Sentinel NT 3.0 ISS operation following the program documentation.

Conclusion. The obtained values of the "Complexity" indicator can be used in the formation of a work plan for the operation and maintenance of  protected automated systems, in particular, with the installed information security system, when evaluating the timeliness of the performance of the  listed works, as well as when justifying the structure of the units responsible  for information protection and their quantity.  

1. Kadnova A.M. Algoritm sozdaniya avtomatizirovannykh sistem v zashchishchennom ispolnenii / A.M. Kadnova, O.YU. Makarov, S.A. Mishin, Ye.A. Rogozin // Bezopasnost' informatsionnykh tekhnologiy. 2019. T. 26. № 4. S. 93–100. [Kadnova A.M. Algorithm for the creation of automated systems in a secure execution / A.M. Kadnova, O.Yu. Makarov, S.A. Mishin, E.A. Rogozin // Security of information technology. 2019. Vol. 26. No. 4. pp. 93–100.

2. Ob utverzhdenii trebovaniy k obespecheniyu zashchity informatsii v avtomatizirovannykh sistemakh upravleniya proizvodstvennymi i tekhnologicheskimi protsessami na kriticheski vazhnykh ob"yektakh, potentsial'no opasnykh ob"yektakh, a takzhe ob"yektakh, predstavlyayushchikh povyshennuyu opasnost' dlya zhizni i zdorov'ya lyudey i dlya okruzhayushchey prirodnoy sredy : prikaz ot 14 marta 2014 g. № 31 [Elektronnyy resurs]. URL: https://fstec.ru/index?id=868:prikaz-fstek-rossii-ot-14-marta-2014-g-n-31 On approval of requirements for information protection in automated control systems for production and technological processes at critical facilities, potentially hazardous facilities, as well as facilities that pose an increased danger to human life and health and the environment: order of March 14, 2014 No. 31 [Electronic resource]. URL: https://fstec.ru/index?id=868:prikaz–fstek–rossii–ot–14–marta–2014–g–n–31

3. Sistema zashchity informatsii «Strazh NT». Rukovodstvo administratora [Elektronnyy resurs]. – URL: http://www.guardnt.ru/download/doc/admin_guide_nt_3_0.pdf. [Information security system «Guard NT». Administrator Guide [Electronic resource]. URL: http: //www.guardnt.ru/download/doc/admin_guide_nt_3_0.pdf.

4. Sistema zashchity informatsii «Strazh NT». Rukovodstvo pol'zovatelya [Elektronnyy resurs]. – URL: http://www.guardnt.ru/download/doc/admin_guide_nt_3_0.pdf. [The information security system «Guard NT». User Guide [Electronic resource]. URL: http://www.guardnt.ru/download/doc/admin_guide_nt_3_0.pdf.

5. Dovgulya M.M. Opoveshcheniye administratora informatsionnoy bezopasnosti o narusheniyakh v rabote korporativnoy seti / M.M. Dovgulya, R.V. Meshcheryakov // Nauchnaya sessiya TUSUR. 2005 : sb. nauch. tr. Tomsk, 2005. S. 96–97. [Dovgulya M.M. Alert of the information security administrator about violations in the work of the corporate network / M.M. Dovgul, R.V. Meshcheryakov // Scientific session TUSUR – 2005: Sat. Scientific tr. Tomsk, 2005. pp. 96–97.

6. Yaremchuk S. Zashchitnik seti / S. Yaremchuk // Sistemnyy administrator. 2003. № 11(12). S. 56–60. [Yaremchuk S. Defender of the network / S. Yaremchuk // System Administrator. 2003. No. 11 (12). pp. 56–60.

7. Bormotov S.V. Sistemnoye administrirovaniye na 100% : monografiya / S.V. Bormotov. Sankt-Peterburg : Piter, 2006. 256 s. [Bormotov S.V. 100% system administration: monograph / S.V. Bormotov. St. Petersburg: Peter, 2006. 256 p.

8. Khvostov V.A. Metody i sredstva povysheniya zashchishchennosti avtomatizirovannykh sistem : monografiya / V.A. Khvostov [i dr.]. Voronezh: Voronezhskiy institut MVD Rossii, 2013. 108 s. [Khvostov V.A. Methods and means of increasing the security of automated systems: monograph / V.A. Tails [et al.]. – Voronezh: Voronezh Institute of the Ministry of Internal Affairs of Russia, 2013. 108 p.

9. Kadnova A.M. Sposob otsenki operatsionnykh kharakteristik sistem zashchity informatsii ot nesanktsionirovannogo dostupa na osnove / A.M. Kadnova, O.I. Bokova, Ye.A. Rogozin, N.S. Khokhlov, O.YU. Makarov // Aktual'nyye problemy prikladnoy matematiki, informatiki i mekhaniki : sb. nauch. tr. Voronezh, 2020. S. 656–659. [Kadnova A.M. A method for assessing the operational characteristics of information security systems against unauthorized access based on / A.M. Kadnova, O.I. Bokova, E.A. Rogozin, N.S. Khokhlov, O.Yu. Makarov // Actual problems of applied mathematics, computer science and mechanics: collection of articles. Scientific tr. Voronezh, 2020. pp. 656–659.

10. Kadnova A.M. K voprosu o reshenii nauchnoy zadachi kolichestvennoy otsenki ergatotekhnicheskikh kharakteristik sistem zashchity informatsii ot nesanktsionirovannogo dostupa v avtomatizirovannykh sistemakh OVD / A.M. Kadnova, Ye.A. Rogozin // Obshchestvennaya bezopasnost', zakonnost' i pravoporyadok v III tysyacheletii. 2019. № 5–2. S. 307–310. [Kadnova A.M. On the issue of solving the scientific problem of quantifying the ergatotechnical characteristics of information protection systems against unauthorized access in automated ATS systems / А.М. Kadnova, E.A. Rogozin // Public safety, law and order in the III millennium. 2019. No. 5–2. pp. 307–310.

11. Skrypnikov A.V. Normirovaniye trebovaniy k kharakteristikam programmnykh sistem zashchity informatsii / A.V. Skrypnikov, V.A. Khvostov, Ye.V. Chernyshova, V.V. Samtsov, M.A. Abasov // Vestnik Voronezhskogo gosudarstvennogo universiteta inzhenernykh tekhnologiy. 2018. T. 80. № 4(78). S. 96–110. [Skrypnikov A.V. Rationing requirements for the characteristics of software information protection systems / A.V. Skrypnikov, V.A. Khvostov, E.V. Chernyshova, V.V. Samtsov, M.A. Abasov // Bulletin of the Voronezh State University of Engineering Technologies. 2018. Vol. 80. No. 4 (78). pp. 96–110.

12. Korolev D.A. Ergonomika i yuzabiliti pol'zovatel'skogo interfeysa programmnogo obespecheniya: metodicheskoye posobiye / D.A. Korolev. Moskva: Moskovskiy gosudarstvennyy institut elektroniki i matematiki (tekhnicheskiy universitet), 2004. 214 s. [Korolev D.A. Ergonomics and usability of the software user interface: methodological manual / D.A. Korolev. Moscow: Moscow State Institute of Electronics and Mathematics (Technical University), 2004. 214 p.

13. Popov A.A. Ergonomika pol'zovatel'skikh interfeysov v informatsionnykh sistemakh : uchebnoye posobiye /A.A. Popova [i dr.]. Moskva: Rossiyskiy ekonomicheskiy universitet im. G.V. Plekhanova, 2012. 21 s. [Popov A.A. Ergonomics of user interfaces in information systems: a training manual / A.A. Popova [et al.]. Moscow: Russian University of Economics G.V. Plekhanova, 2012. 21 p.

14. Soukoreff R.W. Towards a standard for pointing device evaluation, perspectives on 27 years of Fitts ’law research / R.W. Soukoreff I.S. MacKenzie // Int. J. of Human–Computer Stud. 2004. Vol. 61 (6). pp. 751–789.

15. Gump A. Application of Fitts' law to individuals with cerebral palsy / A. Gump, M. LeGare, D.L. Hunt // Perceptual and motor skills. 2002. Vol. 94 (1). pp. 884–895.

16. Amazeen E.L. The effects of attention and handedness on coordination dynamics in a bimanual Fitts' law task / E.L. Amazeen, S.D. Ringenbach, P.G. Amazeen // Exper. brain research. 2005. Vol. 164 (4). R. 484–499.

17. Spirin I.A. Issledovaniye i primeneniye eye-tracking tekhnologii na cheloveke / I.A. Spirin // Molodoy uchenyy. 2016. №2. S. 227–230 [Spirin I.A. Research and application of eye–tracking technology in humans / I.A. Spirin // Young scientist. 2016. No. 2. S. 227–230.

18. Kadnova A.M. Metodicheskiy podkhod k otsenke veroyatnostnogo pokazatelya svoyevremennosti vypolneniya tipovykh operatsiy administratorom sistemy zashchity informatsii avtomatizirovannoy sistemy /A.M. Kadnova // Vestnik Dagestanskogo gosudarstvennogo tekhnicheskogo universiteta. 2019. T. 46. № 3. S. 87–96. 19. IOGraph [Elektronnyy resurs]. URL : https://iographica.com. [Kadnova A.M. Methodological approach to assessing the probability indicator of the timeliness of typical operations by the administrator of the information protection system of the automated system / A.M. Kadnova // Herald of the Daghestan State Technical University. 2019. Vol. 46. No. 3. рр. 87–96.

19. IOGrаph [Electronic resource]. URL: https://iographic.com.