Analysis of Features and Prospects of Application of Dynamic Iterative Assessment of Information Security Risks

Berestov, Denis and Kurchenko, Oleg and Shcheblanin, Yuri and Korshun, Natalia and Опришко, Тетяна Сергіївна (2021) Analysis of Features and Prospects of Application of Dynamic Iterative Assessment of Information Security Risks CEUR Workshop Proceedings, Workshop on Cybersecurity Providing in Information and Telecommunication Systems (2923). pp. 329-335. ISSN 16130073

[thumbnail of T_Opryshko_CEUR_21_L.pdf] Text

Download (1MB)


The article is devoted to the approach to information security risk analysis. The factors influencing the risk analysis process are defined. In such a task there is always a prior probabilistic information about the implementation of threats, which may be changed after the receipt of new expert assessments or as a result of observation of relevant events. One way of “revision” of the relative acceptability of probabilistic models is Bayesian approach, the essence of which implies that the degrees of trust in possible probabilistic models to obtain data are considered. After the information has been received, the probabilities are re-evaluated. In the analysis of information security risks, probabilistic models of the studied systems are used. Probabilistic space of events in the field of information security is determined and in probabilistic space the probabilistic measure is set by this or that method. To solve this problem an artificial neural network can be used. As an alternative to Bayesian approach, the method of maximum function of likelihood can be considered, which is used in the statistical estimation of distribution parameters. Bayesian approach to solving problems has advantages, as many properties of estimates obtained using the likelihood ratio are not performed in the case of a small sample size. Applying Bayesian approach also helps to solve the question of mathematical methods of assessment of prior values that can take the parameters of information security risk. In the presence of a large amount of statistics, the wrong choice of a prior distribution of probabilities will not significantly affect a posterior one. In the absence of such data it is expedient to choose a distribution that minimally affects a posterior distribution. The estimation of probability of realization of threats to information security exploiting relevant vulnerabilities is obtained by using Bayesian network.

Item Type: Article
Uncontrolled Keywords: Bayesian approach; Information system model; Neural network; Prognostication; Risk; Vulnerability
Subjects: Статті у наукометричних базах > Scopus
Divisions: Бібліотека
Факультет інформаційних технологій та математики > Кафедра інформаційної та кібернетичної безпеки імені професора Володимира Бурячка
Depositing User: Тамара Ростовцева
Date Deposited: 20 Aug 2021 10:31
Last Modified: 08 Apr 2022 17:30

Actions (login required)

View Item View Item