To predict proper risks the approach for modeling decision management process is proposed below. According to ISO Guide 73 risk is understood as effect of uncertainty on objectives considering consequences (an effect is a deviation from the expected — positive and/or negative).

To predict the risks for a given prognostic time it is proposed to use the following quantitative probabilistic measures:

rel( ) − the probability of failure to reliable perform decision management process without consideration of threats to system information security; sec( ) − the probability of violating system information security requirements; int ( ) − the integral probability of failure to reliable perform decision management process considering system information security.

To calculate the risk measures, the entities under study can be considered as a system of simple or complex structure. Models and methods for risks prediction use data obtained "upon the occurrence of events", according to the identified prerequisites for the occurrence of events, and data collected and accumulated statistics and possible conditions for their implementation of the process.

A simple structure system for modeling is a system consisting of a single element or a set of elements logically combined for analysis as a single element. The analysis of a simple structure system is carried out according to the «Black box" principle, when the inputs and outputs are known, but the internal details of the system operation are unknown. A system of a complex structure for modeling is represented as a set of interacting elements, each of which is represented as a «Black box" operating under conditions of uncertainty.

In general case the modeling is based on using concept of the probabilities of "success" and/or "unsuccess" (risk of "failure" considering consequences) during the given prognostic time period. There are recommended some «Black box” models for which probabilistic space (Ω, B, P) is created (see for example [ 1, 3, 6, 7, 13, 15 ] etc.), where: Ω - is a limited space of elementary events; B – a class of all subspace of Ω-space, satisfied to the properties of σ-algebra; P – is a probability measure on a space of elementary events Ω. Because, Ω={ωk} is limited, there is enough to establish a reflection ωk→pk =P(ωk) like that pk≥0 and ∑ pk = 1. Using these probabilistic models the measures k rel( ) and sec( ) can be estimated considering uncertainty conditions, periodical diagnostics, monitoring between diagnostics, recovery of the lost integrity for «Black box”.

Applicable models for predicting such different risks, including the ways for generating models for complex system with parallel or serial structure, see in [ 1, 3, 6, 7, 13, 15 ]. These models can be used for analyzing the impact of information security on the performance of decision management process.

The integral probability of failure to reliable perform decision management process considering system information security int ( ) for the period T is proposed to be calculated by the formula: int ( ) = 1 − [1 − rel( )] · [1 − sec( )]. (1) Here the probabilistic measure rel( ) is the probability of failure to reliable perform decision management process without consideration of threats to system information security and sec( ) is probability of violating system information security requirements. They are estimated according to recommendations of section 3 considering the possible damage (the condition of independence between the random time before failure in performing the decision management process and the random time before violating system information security requirements is supposed).

Without deviation from the general understanding of the proposed approach, the examples are given with reference to the standard decision management process in application to ISO 15704 “Enterprise modelling and architecture — Requirements for enterprise-referencing architectures and methodologies”. The examples demonstrate the proposed approach to analyzing the impact of information security on the performance of decision management process.

Let some enterprise of hazardous production form a complex of architectural decisions according to the recommendations ISO 15704 on the general architecture of the enterprise. Separately, they define: architectural and organizational decisions focused on people; process-oriented architectural decisions; architectural decisions focused on the applied technologies.

Without going into the details of the considered architectures, the complex structure of architectural decisions for modeling is presented by Figure 1. The elements of the modelled system are: 1st element - architecture for a group of people involved in making analytical decisions; 2nd element - architecture for the working staff of the enterprise; 3rd element - the architecture of system equipment operation process; 4th element - the architecture of system equipment maintenance process; 5th element - the architecture of production safety technologies; 6th element - architecture for the maintenance of production safety technologies.

According to definition reliable perform the necessary actions of decision management process (without consideration of threats to system information security) is provided during a given period, if during this period the actions needed are reliable performed "AND" for the architectural and organizational decisions focused on people (by elements 1, 2), "AND" for process-oriented architectural decisions (by elements 3, 4), "AND" for architectural solutions focused on the applied technologies (by elements 5, 6). The given prognostic period itself for an individual element can be interpreted as referring both to the stage of creation (for threats inherent in this stage) and to the stage of operation in the future (for potentially possible threats). By modeling the acceptability of architectural decisions and guarantees of risk retention within admissible limits are confirmed.

Let taking into account possible damages, the objectives of risk prediction are formulated by the company's management as follows: - to quantify the risks of violating the reliability of the process performance without taking into account the requirements for system information security (both piecemeal and for a complex of architectural decisions); - quantify the risks of violating system information security requirements (both piecemeal and for a complex of architectural decisions); - quantify the risks of violating the reliability of the process performance, taking into account the requirements for system information security (entirely for the complex of architectural decisions); - estimate such a period during which the guarantees of retaining risks within admissible limits are maintained; - identify critical conditions in the development of various threats.

Example 1 is devoted to prediction the risk of violating the reliability of the process performance without taking into account the requirements for system information security. Example 2 is devoted to prediction the risk of violating the requirements for system information security. Example 3 illustrates the prediction of the integral risk of violating the process performance taking into account the requirements for system information security. 5.2.

The risk of violating the reliability of the process performance without taking into account the requirements for system information security is estimated for modelled structure of Figure 1. At the same time, the threats associated not only with the causes of human errors at the decision-making levels, but also hypothetical threats associated with the consequences of these errors at the stage of the enterprise's operation are taken into account. The generated input data for modeling, which cover each of the 6 composite elements, are presented in Table 1.

Input for the model

Probability of failure to reliable perform decision management process without consideration of threats to system information security is estimated by the model [..]. The analysis of calculation results showed that during a year this probability will be about 0.040 for all complex of decisions see Figure 2. If the prognostic period is increased from six months to 2 years, the risk increases from 0.018 to 0.083 (see Figure 3). For an acceptable risk at the level of 0.05, a period of up to 15 months is justified, in which guarantees of risk retention within admissible limits are maintained in the conditions of the example 1 (see Table 1). information security - rel ( = 1year )

At the same time, the "bottleneck", the characteristics of which need to be analyzed for risk reducing, is only the 1st element - this is the architecture for a group of people associated with making analytical decisions (for managers, designers, designers, engineers, analysts, integrators). The identification of this "bottleneck" becomes the reason for an additional system analysis to reduce the risk. The simplest option is to combine efforts in solving the same problem on the part of several persons involved in making analytical decisions. These efforts imply mutual control and coordination of activities. And from the point of view of modeling, instead of the 1st element, the 1st subsystem appears in the structure, represented as two parallel elements – see Figure 4.

All the input data for each of the parallel combined elements of the 1st subsystem are the same as for the 1st element from Table 1. As a result of additional modeling, it was revealed that due to the measures taken, a 42% reduction in the risk of violating the reliability of the process performance without taking into account the requirements for system information security and an increase by 27% of the period for which guarantees of risk retention within acceptable limits are preserved (from 15 to 19 months – see Figure 4). In practice, it is these measures (combining the efforts of several persons in the parallel solution of one task with mutual control and coordination of the prepared solutions) that lead to the reliable performance of the process under consideration. The example shows only a quantitative estimation of such measures in terms of predicted risks (for each element). 5.3.

Additionally the real and hypothetical threats to system information security are considered – see Figure 5 and input data in Table 2.

From 6 months to 2 years (to estimate such a period during which the guarantees of retaining risks

within admissible limits are maintained)

The analysis of the calculations results showed that in probabilistic terms, the risk of violating information security requirements during the year will be about 0.071 for the entire complex of architectural solutions (see Figure 6), amounting to 0.034 for the 1st element ("bottleneck"), 0.021 for the 3rd element, and no more than 0.010 for the 2nd, 4th, 5th and 6th elements.

With an increase in the prognostic period from six months to 2 years, the risk increases from 0.040 to 0.140 (see Figure 7). For an acceptable risk at the level of 0.05, a period of up to 8 months is justified, in which guarantees of risk retention within acceptable limits are maintained in the selected architectural solutions characterized by the conditions of the example from Table 2.

The "bottleneck" is connected with element 1. The reason for the "bottleneck" is the accepted model of the violator (see Table 2, the value for β - mean activation time of threats up to violation of information security), who is able to use within 2 weeks the admitted information security vulnerabilities in architectural solutions connected with analytical decision makers. 5.4.

In continuation of Examples 1 and 2, the integral probability ( ) of failure to reliable perform decision management process considering system information security is calculated using the recommendations of section 4.

Considering that ( = ) = 0.028 and ( = ) = 0.071, by formula (1) ( =

) = 1 ─ (1 ─ 0,028)·(1 ─ 0,071) ≈ 0,097.

For commensurate damages in resulting value of integral risk 0.097 the risk of violating system information security requirements (0.071) is 2.5 times higher than the risk of failure to reliable perform decision management process without consideration of threats to system information security. Comparing with the admissible level of 0.05, we can state that the calculated risks exceed the acceptable risk (in probability value). It means the rationale that the system decisions are not balanced and the improvement of decision management process is needed (connected with architectural and organizational decisions focused on people, process-oriented architectural decisions, architectural decisions focused on the applied technologies). And the main goal is to reduce the risk of violating information security requirements.

Thus, the examples 1-3 demonstrate the impact of information security on the performance of decision management process by risks measures.

The proposed methodological approach allows to analyze an impact of a violation of information security requirements on the performance of decision management process. It uses the measure for uncertainty conditions – the integral probability of failure to reliable perform decision management process considering system information security. Considering threats to system information security the approach use helps to confirm that the planned or applied system decisions are balanced (or not), to identify "bottlenecks" and the ways to reduce risks in decision management process, and justify conditions and period, in which guarantees of risks retention within admissible limits are maintained, taking into account the requirements for system information security.

[14] V. Varenitca, A. Markov, V. Savchenko. Recommended Practices for the Analysis of Web Application Vulnerabilities. 2019. Vol-2603. P. 75-78. URL: http://ceur-ws.org/Vol2603/short16.pdf [15] A. Kostogryzov, V. Korolev. Probabilistic methods for cognitive solving some problems of artificial intelligence systems. Probability, combinatorics and control. IntechOpen, 2020, pp. 3-34.

URL: https://www.intechopen.com/books/probability-combinatorics-and-control [16] V.A. Nadein, N.A. Makhutov, V.I. Osipov, G.I. Shmal’, P.A. Truskov Hybrid modelling of offshore platforms’ stress-deformed and limit states with taking into account probabilistic parameters. Probability, combinatorics and control. IntechOpen, 2020, pp. 73-116. URL: https://www.intechopen.com/books/probability-combinatorics-and-control [17] I. Sinitsyn, A. Shalamov Probabilistic analysis, modeling and estimation in CALS technologies.

Probability, combinatorics and control. IntechOpen, 2020, pp. 117-142. URL: https://www.intechopen.com/books/probability-combinatorics-and-control [18] D. Neganov., N. Makhutov. Combined calculated, experimental and determinated and probable justification for strength of trunk oil pipelines. Probability, combinatorics and control. IntechOpen, 2020, pp. 143-164. URL: https://www.intechopen.com/books/probabilitycombinatorics-and-control [19] N. Makhutov, M. Gadenin, Yu. Dragunov, S. Evropin, V. Pimenov Probability modeling taking into account nonlinear processes of a deformation and fracture for the equipment of nuclear power plants. Probability, combinatorics and control. IntechOpen, 2020, pp. 191-220. URL: https://www.intechopen.com/books/probability-combinatorics-and-control [20] I. Goncharov, N. Goncharov, P. Parinov, S. Kochedykov, A. Dushkin Modelling the information-psychological impact in social networks. Probability, combinatorics and control. IntechOpen, 2020, pp. 293-308. URL: https://www.intechopen.com/books/probabilitycombinatorics-and-control