2. Home
  3. ARCHIVE
  4. 2024
  5. VOL 46, NO 4 (2024)
  6. pp. 03-18

RISK-ORIENTED MODEL OF THE OBJECT OF CRITICAL INFORMATION INFRASTRUCTURE BASED ON THE TOPOLOGY OF EXTERNAL CONNECTIONS

L.V. Kovalchuk, H.V. Nelasa

Èlektron. model. 2024, 46(4):03-18

https://doi.org/10.15407/emodel.46.04.003

ABSTRACT

The article considers the problem of reducing the losses caused by the implementation of threats to the topology of connections. Threats considered may relate to the integrity, confidentiality and availability of the information transmitted by the corresponding connection. At the same time, it is assumed that the amount of total funding allocated to protect against these threats is limited to a certain amount. This amount should be divided into parts, each of which will correspond to the financing of protection against a certain threat. A corresponding mathematical model was created to solve this problem. In this model, we make the reasonable assumption that the more funding is provided to protect against a threat, the less is the probability of its occuring. With this assumption, the problem is reduced to an optimization problem, which, generally speaking, cannot be solved by analytical methods. But for a small number of variables (up to 100 variables), this problem can be solved numerically using the tools of the Mathematica package. The article also provides the program code that implements the solution of this problem, and numerical examples of its solution using this code.

KEYWORDS

connection topology, risk management, optimization problem.

REFERENCES

  1. Drahuntsov, R., & Zubok, V. (2023). Modeling of cyber threats related to massive power outages and summary of potential countermeasures. Electronic Modeling, 45(3), 116-
    https://doi.org/10.15407/emodel.45.03.116
  2. Zubok, V., Davydiuk, A., & Klymenko, T. (2023). Electronic Cybersecurity of critical infrastructure in Ukrainian legislation and in directive (EU) 2022/2555. Electronic Modeling, 45(5), 54-
    https://doi.org/10.15407/emodel.45.05.054
  3. Zubok, V., & Mokhor, V. (2022) Cybersecurity of Internet topology: monograph / IPME named after H.E. Pukhov. https://zenodo.org/records/6795229
  4. Alsafwani, N., Fazea, Y., & Alnajjar, F. (2024). Strategic Approaches in Network Communication and Information Security Risk Assessment. Information, 15(6:353). 
    https://doi.org/10.3390/info15060353
  5. Roukny, T., Bersini, H., Pirotte, H., Caldarelli, G., & Battiston, S. (2013). Default Cascades in Complex Networks: Topology and Systemic Risk. Scientific reports, 3, 2759.
    https://doi.org/10.1038/srep02759
  6. Kitsak, M., Ganin, A., Elmokashfi, A., Cui, H., Eisenberg, D.A., Alderson, D.L., Korkin, D., & Linkov, I. (2023). Finding shortest and nearly shortest path nodes in large substantially incomplete networks by hyperbolic mapping. Nature Communications, 14, 186. 
    https://doi.org/10.1038/s41467-022-35181-w
  7. Barraza de la Paz, J.V., Rodríguez-Picón, L.A., Morales-Rocha, V., & Torres-Argüelle, S.V. (2023). A Systematic Review of Risk Management Methodologies for Complex Organizations in Industry 4.0 and 5.0. Systems, 11(5), 218. 
    https://doi.org/10.3390/systems11050218
  8. Cheimonidis, P., & Rantos, K. (2023). Dynamic Risk Assessment in Cybersecurity: A Systematic Literature Review. Future Internet, 15(10), 324. 
    https://doi.org/10.3390/fi15100324
  9. Jeong, G., Kim, K., Yoon, S., Shin, D., & Kang, J. (2023). Exploring Effective Approaches to the Risk Management Framework (RMF) in the Republic of Korea: A Study. Information, 14 (10), 561. 
    https://doi.org/10.3390/info14100561
  10. Kryvyi, S., Pogorely, S., Glibovets, N., Boyko, Yu., & Sidorova, N. (2018).  IT infrastructure design. Cybernetics and system analysis, 54(6), 141-158. 
    https://doi.org/10.1007/s10559-018-0101-5

Full text: PDF