Copyright © 2019 for this paper by its authors. Use permitted under Creative Commons License Attribution 4.0 International (CC BY 4.0) Resource-time Model to Increase the Security of Confidential Data Minakov Vladimir Fedorovich Shepeleva Olga Yuryevna Lobanov Oleg Sergeevich Doctor of Technical Sciences Higher Assistant Candidate of economic science St. Petersburg State University of St. Petersburg State University of St. Petersburg State University of Economics, Economics, Economics, St. Petersburg, St. Petersburg, St. Petersburg, m-m-m-m-m@mail.ru shepeleva-olga@list.ru thelobanoff@gmail.com Abstract. A mathematical model has been developed for the transactions, the launch of business processes, and the integrated assessment of the probability of ensuring a safe state of management of economic activity resources. the company's information resources in the face of threats and dangers of unauthorized access to commercial confidential In such conditions, the opportunities for unauthorized information. This model is distinguished by taking into account the access to material and financial resources, and, accordingly, the influence of resource factors for ensuring information security, as number of computer crimes in relation to the management of well as the time factor. Based on the proposed mathematical model, listed resources, are growing [8, 9, 10]. According to estimates the dependence of the probability of providing a protected state of by McAfee experts, the direct financial damage from computer the company's information resources in a given range of time and crimes for 2018 alone exceeded $ 600 billion, and the damage, resource indicators is constructed. The high efficiency of the joint taking into account losses in reputation, disrupting transactions, use of time and resource factors was established to increase the respectively, lost - $ 3 trillion. Consequently, the relevance of likelihood of a company breaking even by reducing the risk of ensuring information security in the economy is increasing. It damage resulting from unauthorized access to confidential is not by chance that interest in breakthrough information commercial information. The possibility of using this model in the technologies, for example, distributed registries (blonchain) tasks of strategic management of the company is justified. and cryptocurrencies, their issuers and payments using them, is growing. Similar processes are observed in smart contract Keywords: threats, dangers, unauthorized access, model, systems. efficiency. II. DYNAMIC RESOURCE SECURITY MODEL IN THE DIGITAL I. INTRODUCTION ECONOMY Modern digitalization processes extend not only to local technological operations of enterprises, but also to the The reliability of the security system of the information interaction of economic entities. These are the procedures for resources of economic entities is predetermined by the generating proposals for goods, work and services by operation of protective equipment in the face of threats and manufacturers, their choice by consumers and the formation of dangers of unauthorized access. The analysis of such tools [5, requests for their purchase. Thus, through digital resources, the 6, 7, 8, 9, 10] allows us to establish that they are aimed at flow of material and labor resources is provided [1, 2]. solving the problems of a) identification; b) prevention; c) Payment for goods and services is also made more often by neutralization; d) suppression; e) localization; f) destruction; g) bank transfer (electronic payments). For this, banking services reflection; h) containment of consequences. Each of the are used: payment systems, remote banking services in client- functional information systems that solves the named class of bank systems, using bank cards, etc., as well as services of tasks requires the enterprise to spend on the acquisition, closed payment systems Yandex-Money, Web-Money, etc. The implementation and maintenance of computer security tools. share of non-cash payments is approximately equal to the share Therefore, to solve each problem, investments are needed. cash, and with cardholders this share is 90% (according to the Obviously, the class of remedies reduces the probability q of a Central Bank of Russia). It is also important that digital computer crime k times: technology has transformed economic processes [3, 4]. q_1 (R) = q_0 / k (R_1), q_2 (R) = q_0 / k (R_1) / k (R_2) Information and communication technologies (ICT) play a (1) system-forming role. Thus, financial, transport, marketing aggregators have become a factor in rapprochement and where R is the cost of security convergence of participants in economic processes. It is the For weighted average cost digital platforms of aggregators that ensure the coordination of interests of consumers and producers of goods and services, R = (R_1 + R_2 +... + R_n) / N, (2) ensuring the adoption and execution of decisions on 52 we have the average value of k and, therefore, we obtain in Obviously, the use of additional protective equipment in the a general form form of innovative solutions for which no hacking tools have been created due to the unknown operation principle and q (R) = q_0 / k ^ R = q_0 ∙ k ^ (- R), (3) characteristics of innovations increases the probability of the A, expressing the multiplicity through fixing the base of the security state by a certain value p_max2, with p_max1 + natural logarithm of e p_max2 = p_ (max). Otherwise: p_ (max) = p_ (max) ∙ (a_ (1) 〖+ a〗 _ (2)) In [10, p. 54, fig. 2] the “dependence of the through the ratio probability of protection” is obtained in time in the form of a k ^ (- R) = e ^ (- R / R_o) (4) sigmoid. We represent the probability sigmoid as a function of the form where R_o is the numerical value of the costs, providing a decrease in the probability q by e times: p (t) = p_max2 / (1 + e ^ (d-t \ / T)) (9) q (R) = q_0 〖∙ e〗 ^ (- R / R_o), (5) where: T is the time constant of the change in the effect of protection in the conditions of use of the safety equipment; The character of the dependence q (R) is shown in Fig. one. e≈2.71828, d is the number of time constant of the displacement of the median value of the sigmoid relative to the beginning of the reference time. Now, taking into account the simultaneous influence of previously used protective equipment and innovative solutions, we obtain the resulting probability of protection in the form of the sum of components (as an example, we used the time constant T = 2 years as the average period between software updates in the information security system, Ro = 4, a_ (1) = 0.5; a_ (2) = 0.5): p (t, R) = 0.5 / (1 + e ^ (4-t \ / 2)) + 0.5 ∙ (1-e ^ (- R \ / 4)), (10) Fig. 1. The dependence of the likelihood of computer crime on In fig. 1, the effect of increasing the likelihood of the cost of information security counteracting damage from unauthorized access to commercial confidential information is visualized. As can be seen from the Figure 1 shows that information security costs figure, the increase in the likelihood of protection of digital asymptotically reduce the likelihood of cybercrime [9, 16]. resources significantly depends on the ratio of time and Indeed, it is impossible to achieve absolute security with a zero resource support of information security. This allows you to lay value of the probability of committing malicious acts in virtual down design decisions on the basis of solving the problem of space. ensuring the required level of risks, determining a ratio of Given that the sum of the probabilities of the safe operation resources, and, therefore, costs, and project implementation of information resources p and the probability of the time, which is most suitable for the company’s goals, project implementation of computer crimes q implementation capabilities in accordance with its strategy [11, 12, 13]. Moreover, the obtained dependence is a tool for q (R) + p (R) = 1, (6) constructing a scenario field for making managerial decisions we get to ensure a safe state of not only informational, but also financial and material resources of a company [14, 15]. p (R) = 1-q (R), (7) Obviously, the ratio between the effects of increasing the Thus, the reliability indicator - the probability of failure- probability of preventing unauthorized access a_ (1) and a_ (2) free operation of the protection system, is described by the can be selected on the basis of the obtained model in an dependence on the volume of resource provision with security optimization way, when the model can be used in the integral tools: software and hardware, the development of new indicators of the company’s activity for a certain time. methods, organizational mechanisms, etc. This can be It is important to note that the development of a resource- expressed by the formula: costing paradigm for ensuring information security by the p (R) = p_max1 ∙ (1-e ^ (- R \ / R_o)), (8) influence of time leads to a generalized model. Indeed, substituting the only numerical value of time (for example, the where: e≈2.71828, current moment of time) into the proposed model leads to a p, p_max1 - the probabilities (current value and the particular case of solving the problem of ensuring information maximum possible) of successfully countering the threats and security, for example, during operational control. For the tasks dangers of committing a computer crime, and accordingly - the of tactical management in the medium term, time intervals are economic damage caused by it with the basic version of determined by tactical objectives. To develop a strategy for the ensuring information security. development of an enterprise security system, the model can be 53 used at long time intervals during which long-term goals are to information technologies makes unpredictable new places of be achieved. vulnerabilities critical for economic processes. At the same time, the development of adequate methods and means of In addition, fixing the estimated time, we obtain a model of protecting information and digital business processes is being variable solutions in terms of choosing appropriate investments carried out taking into account new types of threats and in information security resources. For example, to select dangers of information security in real time. The companies- alternative projects offered by information security outsourcers. developers of such tools always make offers to consumers indicating the terms of development and implementation of information protection tools, as well as the price of products. These indicators are the source data for the developed model. And its use allows, on the basis of direct calculations, to obtain quantitative estimates of the achieved result in terms of information security. The model can also be used in addition to methods for analyzing hierarchies, decision trees, and many others in decision support systems. It is important that the development of these methods significantly develops the principles of informed management decisions taking into account the time factor. This circumstance is crucial for ensuring the sustainability of enterprises, their development. Obviously, the time factor plays a crucial role in managing change. Its quantitative accounting allows you to change the Fig. 2. The influence of resources (R) and time (t) on the paradigm of tactical and strategic management of the probability of ensuring a safe state enterprise. Instead of tracking changes and following them with a lag in time, it is possible to form changes, providing the The analytical type model compares favorably with the company with competitive advantages due to the primacy of presentation of information security management processes by the changes. It is equally important that this paradigm is in systems of differential equations, firstly, by the possibility of good agreement with project management methodologies. Note its practical use. Indeed, office applications (including cloud) that the traditional project management paradigm leads, as allow any user to perform calculations using standard practice shows, to low feasibility of projects. And investments functions, for example, table processors, based on which - in the development and implementation of projects in the evaluate alternative solutions to the problem of ensuring economic activities of enterprises are significantly superior to information security. It is important that regardless of the type investments in information security tools. of protective equipment, the methods used in them, the final indicator assessed by the model is the result in the form of an assessment of the achieved probability of safe operation of the CONCLUSIONS information resources of enterprises, their associations, state A model is proposed for an integrated assessment of the authorities and many other structures. The model is invariant to probability of ensuring a safe state of the company's the types of their activities, sectors of the economy, patterns of information resources in the face of threats and dangers of ownership and other features. unauthorized access to commercial confidential information. A distinctive feature of the model is the consideration of the time The invariance property extends the applicability of the factor when using innovative solutions to ensure information proposed model. It remains fair to new developments not security in addition to the resource factors for its increase, presented on the modern market. This property is of particular based on increased costs. A rather high degree of increase in value in connection with the unprecedented dynamics of the the probability of breaking-even operation of the company is market of information and communication systems and established, exceeding in a specific example considered the technologies. Firstly, according to the regularity established by effect of the resource approach to reducing risks. The Gordon Moore in relation to the concentration of active keys in possibility of using the model in the tasks of strategic the microprocessor hardware and supplemented by David management of the company, project management of House with observations of the dynamics of growth in information security, as well as cost optimization. The computing performance, the first and second indicators double reliability of the proposed model is confirmed by the proof of each 18 and 24 months, respectively. Consequently, the use by model validity by rigorous mathematical calculations. attackers of more powerful computing power, even based on the simple brute force method, reduces the likelihood of maintaining a protected state of enterprise information systems. Secondly, innovative directions of digitalization of the REFERENCES economy based on smart technologies, processing of large [1] Borisov, V.N., Pochukaeva, O.V. Innovative machine engineering as a volumes of data, M2M technologies, intelligent systems, cloud factor of developing import substitution // Studies on Russian Economic services, platforms and infrastructures and several others have Development 2015. 26(3), pp. 225-232. DOI: 10.1134/S1075700715030028 been formed and are rapidly developing. The evolution of such 54 [2] Ivanter, V.V., Belkina, T.D., Belousov, D.R., (...), Yankov, K.V., [9] Barabanov A.V., Markov A.S., Tsirlov V.L. Statistics of Software Zaionchkovskaya, Z.A. Recovery of economic growth in Russia // Vulnerability Detection in Certification Testing // Journal of Physics: Studies on Russian Economic Development 2016. 27(5), pp. 485-494 Conference Series. 2018. V. 1015. P. 042033. DOI: 10.1088 / 1742-6596 DOI: 10.1134/S1075700716050105 / 1015/4/042033. [3] Glinskiy V., Serga L., Khvan M. Assessment of environmental [10] Mal'cev G.N., Pankratov A.V., Lesnyak D.A. Issledovanie parameters impact on the level of sustainable development of territories veroyatnostnyh harakteristik izmeneniya zashchishchennosti // В сборнике: Procedia CIRP 13. Сер. "13th Global Conference on informacionnoj sistemy ot nesankcionirovannogo dostupa narushitelej. Sustainable Manufacturing - Decoupling Growth from Resource Use" Informacionno-upravlyayushchie sistemy. 2015. No 1 (74). P. 50-58. 2016. pp. 626-631. DOI: 10.1016/j.procir.2016.01.145 DOI: 10.15217/issn1684-8853.2015.1.50 [4] Glinskiy V., Serga L., Chemezova E., Zaykov K. Clusterization [11] Borisov, V.N., Kuvalin, D.B., Pochukaeva, O.V. Improving the Factor economy as a way to build sustainable development of the region // В Efficiency of Machinery in the Regions of the Russian Federation // сборнике: Procedia CIRP 13. Сер. "13th Global Conference on Studies on Russian Economic Development 2018. 29(4), pp. 377-386 Sustainable Manufacturing - Decoupling Growth from Resource Use" DOI: 10.1134/S1075700718040044 2016. pp. 324-328. DOI: 10.1016/j.procir.2016.01.050 [12] Litvintseva G.P., Glinskiy V.V., Stukalenko E.A. Interregional [5] Vasil’ev, Y.S., Zegzhda, D.P., Poltavtseva, M.A. Problems of Security differentiation of population incomes in russian federation in the post- in Digital Production and Its Resistance to Cyber Threats (2018) crisis period // Academy of Strategic Management Journal. 2017. Т. 16. Automatic Control and Computer Sciences, 52 (8), pp. 1090-1100. DOI: № 4. 10.3103/S0146411618080254 [13] Glinskiy V., Serga L., Novikov A., Bulkina A., Litvintseva G. [6] Zegzhda, P.D., Poltavtseva, M.A., Pechenkin, A.I., Lavrova, D.S., Investigation of correlation between the regions sustainability and Zaitseva, E.A. A Use Case Analysis of Heterogeneous Semistructured territorial differentiation // Procedia Manufacturing. 2017. Т. 8. С. 323- Objects in Information Security Problems (2018) Automatic Control and 329. DOI: 10.1016/j.promfg.2017.02.041 Computer Sciences, 52 (8), pp. 918-930. DOI: [14] Borisov V.N., Pochukaeva O.V. Investment and innovative 10.3103/S0146411618080278 technological efficiency: case study of the arctic project // Studies on [7] Petrenko S.A., Makoveichuk K.A., Chetyrbok P.V., Petrenko A.S. Russian Economic Development. 2017. Т. 28. № 2. С. 169-179. DOI: About Readiness for Digital Economy. In Proceedings of the 2017 IEEE 10.1134/S1075700717020022 II International Conference on Control in Technical Systems, IEEE, [15] Ivanter V.V., Belkina T.D., Belousov D.R., Blokhin A.A., Borisov V.N. CTS, 2017, pp. 96–99. DOI: 10.1109/CTSYS.2017.8109498. et al. Recovery of economic growth in Russia // Studies on Russian [8] Olifirov, A.V., Makoveichuk, K.A., Zhytnyy, P.Y., Filimonenkova, Economic Development. 2016. Т. 27. № 5. С. 485-494. DOI: T.N., Petrenko, S.A. Models of Processes for Governance of Enterprise 10.1134/S1075700716050105 IT and Personnel Training for Digital Economy. In Proceedings of 2018 [16] Dorofeev A.V., Markov A.S., Tsirlov V.L. Social Media in Identifying 17th Russian Scientific and Practical Conference on Planning and Threats to Ensure Safe Life in a Modern City, Communications in Teaching Engineering Staff for the Industrial and Economic Complex of Computer and Information Science, 2016, vol. 674, pp. 441-449. DOI: the Region, IEEE, PTES, 2018, pp. 216 – 219. DOI: 10.1007/978-3-319-49700-6_44. 10.1109/PTES.2018.8604166. 55