Assessment of the maturity level of the information security monitoring center in the context of ensuring the sustainability of risk management

Assessment of the effectiveness of the security monitoring and management centers is an urgent task, the solution of which depends on both the reliability of the entire system and monitoring and forecasting. The purpose of the work is to conduct a systematic analysis of factors and metrics (indicators) affecting the maturity level of monitoring centers. This problem is realized by identifying control parameters and predicting (modeling) the stability of risk management of centers when servicing requests. In particular, the formation of an integral stability index is of interest. The hypotheses of the study are considered an acceptable "tolerance band," control stability, attack planning and vulnerability analysis, the need for situational modeling. Methods of system analysis and synthesis, modeling, probability theory, heuristic approach were used. The main results of the article: 1) analysis of the sustainability of information and economic security policies and classification of direct and indirect threats in the digital business ecosystem; 2) based on the analysis done, an adaptive scheme for modeling the risk stability of a corporate system and a formal optimization model for predicting sustainable protection (based on the cost of ensuring the required security measure) were proposed; 3) as practical applications, a probabilistic model of servicing requests in a distributed system (at a given intensity of "mixing" requests of intruders) and a heuristic procedure for assessing the level of stability monitoring are proposed. The work is developed in the direction of complication of models, their elasticity and "depth" of risk accounting.

1. Kaziev M.V., Medvedeva L.B., Tyutrin N.O., Khizbullin F.F., Takhumova V.O. Improvement and modeling of the company's activity based on the innovative KPI system. Journal of Fundamental and Applied Sciences. 2018;10(5S):1406–1415.

2. Veligodskiy S.S., Miloslavskaya N.G. Unified model of maturity of network security centers of information and telecommunication networks. Izvestiya YuFU. Tekhnicheskie nauki = Izvestiya SFedU. Engineering Sciences. 2023;(3):157–172. (In Russ.). https://doi.org/10.18522/2311-3103-2023-3-157-172

3. Maksimova E. Cognitive modeling of destructive malicious impacts on critical information infrastructure objects. Trudy uchebnykh zavedenii svyazi = Proceedings of Telecommunication Universities. 2020;6(4):91–103. (In Russ.). https://doi.org/10.31854/1813-324X-2020-6-4-91-103

4. Andryukhin E.V., Ridli M.K., Pravikov D.I. Prediction of faults and failures in distributed control systems based on time series forecasting models. Voprosy kiberbezopasnosti. 2019;(3):24–32. (In Russ.).

5. Skryl' S.V., Gaifulin V.V., Domrachev D.V., Sychev V.M., Gracheva Yu.V. Topical issues of the problem of assessment of threats of cyber attacks on information resources of significant facilities of critical information infrastructure. Bezopasnost' informatsionnykh tekhnologii = IT Security (Russia). 2021;28(1):84–94. (In Russ.). https://doi.org/10.26583/bit.2021.1.07

6. Gaskova D.A., Massel A.G. The technology of cyber threat analysis and risk assessment of cybersecurity violation of critical infrastructure. Voprosy kiberbezopasnosti. 2019;(2):42–49. (In Russ.).

7. Lapsar' A.P., Nazaryan S.A., Vladimirova A.I. Ensuring the resistance of critical information infrastructure objects to advanced persistent threats. Voprosy kiberbezopasnosti. 2022;(2):39–51. (In Russ.).

8. Tanygin M.O., Budnikova Yu.A., Bulgakov A.S., Marchenko M.A. A model for assessing information security incidents damage. Bezopasnost' informatsionnykh tekhnologii = IT Security (Russia). 2021;28(2):98–106. (In Russ.). https://doi.org/10.26583/bit.2021.2.09

9. Zolotavin V.S., Nechta I.V. Overview of Man-in-the-middle (MITM) network attacks. In: Obrabotka informatsii i matematicheskoe modelirovanie: Materialy Vserossiiskoi nauchno-tekhnicheskoi konferentsii s mezhdunarodnym uchastiem, 19–20 April 2023, Novosibirsk, Russia. Novosibirsk: Siberian State University of Telecommunications and Information Science; 2023. pp. 279–285. (In Russ.).

10. Tikhonenko O.M. Queuing system with processor sharing and limited resources. Automation and Remote Control. 2010;71(5):803–815. https://doi.org/10.1134/S0005117910050073