=Paper=
{{Paper
|id=Vol-3035/paper08
|storemode=property
|title=Analysis of the Impact of Information Security on the Performance of Decision Management Process
|pdfUrl=https://ceur-ws.org/Vol-3035/paper08.pdf
|volume=Vol-3035
|authors=Andrey I. Kostogryzov
}}
==Analysis of the Impact of Information Security on the Performance of Decision Management Process==
https://ceur-ws.org/Vol-3035/paper08.pdf
Analysis of the Impact of Information Security on the
Performance of Decision Management Process
Andrey I. Kostogryzov1
1
Federal Research Center “Computer Science and Control” of the Russian Academy of Sciences, 44/2 Vavilova
Street., Moscow, 119333, Russia
Abstract
The approach for analyzing an impact of a violation of information security requirements on
the performance of decision management process in terms of predicted risks is proposed. The
use of the proposed approach helps to identify "bottlenecks", reduce risks in decision
management process, taking into account the requirements for system information security,
and justify conditions and period, in which guarantees of risks retention within admissible
limits are maintained. The usability of the approach is illustrated by examples.
Keywords 1
Analysis, system information security, model, risk, decision management process
1. Introduction
The main goal of decision management process is to provide an analytical basis for definition,
characterizing and evaluating a variety of alternative decisions, choosing the most preferred decision
and the ways of practical actions at any stage of the system life cycle. In the conditions of existing
uncertainties, various risks arise that require rational management, including risks associated with
violation of system information security requirements. Despite many works on risk management for
different application areas (see, for example, [1-20]) the problems associated with the analysis of
various impacts on the performance of decision management process and on output results in terms of
predicted risks continue to be relevant.
In this paper an universal methodological approach to do the probabilistic analysis of an impact of
information security on the performance of decision management process is proposed. It includes a
description of general propositions, review and recommendations for probabilistic modeling
(considering [1-20]), the approach to the estimation of integral risk, examples connected with decision
management process in application to ISO 15704 “Enterprise modelling and architecture —
Requirements for enterprise-referencing architectures and methodologies” and interpretation
comments about a calculated impact of a violation of information security requirements on the
performance of architectural decisions.
2. General propositions
In general, the main output of decision management process are:
- decisions that require alternative system analysis;
- the alternative ways of actions;
- preferred decisions and the ways of actions;
- the documented rationale of decisions, conditions and assumptions made during the process.
In the life cycle of systems, both the reliable performance of decision management process itself
and the system information security proper to this process should be ensured.
BIT-2021: XI International Scientific and Technical Conference on Secure Information Technologies, April 6-7, 2021, Moscow, Russia
EMAIL: akostogr@gmail.com
ORCID: https://orcid.org/0000-0002-0254-5202
© 2021 Copyright for this paper by its authors.
Use permitted under Creative Commons License Attribution 4.0 International (CC BY 4.0).
CEUR Workshop Proceedings (CEUR-WS.org)
66
� To predict proper risks the approach for modeling decision management process is proposed
below. According to ISO Guide 73 risk is understood as effect of uncertainty on objectives
considering consequences (an effect is a deviation from the expected — positive and/or negative).
3. The recommendations for modeling
To predict the risks for a given prognostic time 𝑇𝑇 it is proposed to use the following quantitative
probabilistic measures:
𝑅𝑅rel (𝑇𝑇 ) − the probability of failure to reliable perform decision management process without
consideration of threats to system information security;
𝑅𝑅sec (𝑇𝑇 ) − the probability of violating system information security requirements;
𝑅𝑅int (𝑇𝑇 ) − the integral probability of failure to reliable perform decision management process
considering system information security.
To calculate the risk measures, the entities under study can be considered as a system of simple or
complex structure. Models and methods for risks prediction use data obtained "upon the occurrence of
events", according to the identified prerequisites for the occurrence of events, and data collected and
accumulated statistics and possible conditions for their implementation of the process.
A simple structure system for modeling is a system consisting of a single element or a set of
elements logically combined for analysis as a single element. The analysis of a simple structure
system is carried out according to the «Black box" principle, when the inputs and outputs are known,
but the internal details of the system operation are unknown. A system of a complex structure for
modeling is represented as a set of interacting elements, each of which is represented as a «Black
box" operating under conditions of uncertainty.
In general case the modeling is based on using concept of the probabilities of "success" and/or
"unsuccess" (risk of "failure" considering consequences) during the given prognostic time period.
There are recommended some «Black box” models for which probabilistic space (Ω, B, P) is created
(see for example [1, 3, 6, 7, 13, 15] etc.), where: Ω - is a limited space of elementary events; B – a
class of all subspace of Ω-space, satisfied to the properties of σ-algebra; P – is a probability measure
on a space of elementary events Ω. Because, Ω={ωk} is limited, there is enough to establish a
reflection ωk→pk =P(ωk) like that pk≥0 and ∑ p k = 1 . Using these probabilistic models the measures
k
𝑅𝑅rel (𝑇𝑇 ) and 𝑅𝑅sec (𝑇𝑇 ) can be estimated considering uncertainty conditions, periodical diagnostics,
monitoring between diagnostics, recovery of the lost integrity for «Black box”.
Applicable models for predicting such different risks, including the ways for generating models for
complex system with parallel or serial structure, see in [1, 3, 6, 7, 13, 15]. These models can be used
for analyzing the impact of information security on the performance of decision management process.
4. Estimation of integral measure
The integral probability of failure to reliable perform decision management process considering
system information security 𝑅𝑅int (𝑇𝑇 ) for the period T is proposed to be calculated by the formula:
𝑅𝑅int (𝑇𝑇) = 1 − [1 − 𝑅𝑅rel (𝑇𝑇 )] · [1 − 𝑅𝑅sec (𝑇𝑇 )]. (1)
Here the probabilistic measure 𝑅𝑅rel (𝑇𝑇 ) is the probability of failure to reliable perform decision
management process without consideration of threats to system information security and 𝑅𝑅sec (𝑇𝑇 ) is
probability of violating system information security requirements. They are estimated according to
recommendations of section 3 considering the possible damage (the condition of independence
between the random time before failure in performing the decision management process and the
random time before violating system information security requirements is supposed).
67
�5. Examples
5.1. General
Without deviation from the general understanding of the proposed approach, the examples are
given with reference to the standard decision management process in application to ISO 15704
“Enterprise modelling and architecture — Requirements for enterprise-referencing architectures and
methodologies”. The examples demonstrate the proposed approach to analyzing the impact of
information security on the performance of decision management process.
Let some enterprise of hazardous production form a complex of architectural decisions according
to the recommendations ISO 15704 on the general architecture of the enterprise. Separately, they
define: architectural and organizational decisions focused on people; process-oriented architectural
decisions; architectural decisions focused on the applied technologies.
Without going into the details of the considered architectures, the complex structure of
architectural decisions for modeling is presented by Figure 1.
Figure 1. The complex structure of the architectural decisions
The elements of the modelled system are:
1st element - architecture for a group of people involved in making analytical decisions;
2nd element - architecture for the working staff of the enterprise;
3rd element - the architecture of system equipment operation process;
4th element - the architecture of system equipment maintenance process;
5th element - the architecture of production safety technologies;
6th element - architecture for the maintenance of production safety technologies.
According to definition reliable perform the necessary actions of decision management process
(without consideration of threats to system information security) is provided during a given period, if
during this period the actions needed are reliable performed "AND" for the architectural and
organizational decisions focused on people (by elements 1, 2), "AND" for process-oriented
architectural decisions (by elements 3, 4), "AND" for architectural solutions focused on the applied
technologies (by elements 5, 6). The given prognostic period itself for an individual element can be
interpreted as referring both to the stage of creation (for threats inherent in this stage) and to the stage
of operation in the future (for potentially possible threats). By modeling the acceptability of
architectural decisions and guarantees of risk retention within admissible limits are confirmed.
Let taking into account possible damages, the objectives of risk prediction are formulated by the
company's management as follows:
- to quantify the risks of violating the reliability of the process performance without taking into
account the requirements for system information security (both piecemeal and for a complex
of architectural decisions);
- quantify the risks of violating system information security requirements (both piecemeal and
for a complex of architectural decisions);
68
� - quantify the risks of violating the reliability of the process performance, taking into account
the requirements for system information security (entirely for the complex of architectural
decisions);
- estimate such a period during which the guarantees of retaining risks within admissible limits
are maintained;
- identify critical conditions in the development of various threats.
Example 1 is devoted to prediction the risk of violating the reliability of the process performance
without taking into account the requirements for system information security. Example 2 is devoted to
prediction the risk of violating the requirements for system information security. Example 3 illustrates
the prediction of the integral risk of violating the process performance taking into account the
requirements for system information security.
5.2. Example 1
The risk of violating the reliability of the process performance without taking into account the
requirements for system information security is estimated for modelled structure of Figure 1. At the
same time, the threats associated not only with the causes of human errors at the decision-making
levels, but also hypothetical threats associated with the consequences of these errors at the stage of the
enterprise's operation are taken into account. The generated input data for modeling, which cover each
of the 6 composite elements, are presented in Table 1.
Table 1
Example 1 input for modeling complex structure by the model (see models in [13, 15])
Input Values and comments
for the model for 1 /2 elements
st nd
for 3rd /4th elements for 5th/6th elements
σ - frequency of 1 time in a year 1 time in a year (this is 1 time in 2 years (this is
the occurrences of / 1 time in a year commensurate with the commensurate with the
potential threats (there are threats of equipment failure frequency of
human errors or due to frequency during technological failure
health problems of the operating time) during operating time)
staff) / 1 time in 5 years (this / 1 time in 5 years (this is
is due to rare failures in due to rare failures in
the process of the process of
maintaining the system maintaining the
equipment) technological safety)
β - mean 2 weeks (this is 12 months (this is 1 month (this is
activation time of commensurate with the commensurate with the commensurate with the
threats time of mathematical mean time for gradual mean time for gradual
modeling for making failure considering failure considering the
decision) equipment maintenance of
/ 5 years (this is maintenance) technological safety)
commensurate with the / 6 months (this is / 6 months (this is
mean time between complained of complained of
failures in decisions capabilities to operate capabilities to operate
implementations) in outdated in outdated
environment) environment)
Tbetw - time 8 hours / 8 hours 1 hour / 1 month 1 hour / 1 month
between the end (this time is determined (this time is determined (this time is determined
of diagnostics and by the regulations for by the regulations for by the regulations for
the beginning of monitoring the control, except technological safety
the next readiness of personnel) technological safety) control)
diagnostics
69
� Input Values and comments
for the model for 1 /2 elements
st nd
for 3rd /4th elements for 5th/6th elements
Tdiag - diagnostics 10 minutes / 10 minutes 30 seconds/30 seconds 30 seconds/30 seconds
time (this is the mean time (this is commensurate (this is commensurate
of medical personnel with the automatic with the automatic
examination before equipment integrity monitoring of
work) monitoring) technological safety)
Trecov - recovery 1 hour / 1 hour 30 minutes (including 1 day
time (this is the mean time to system reinstallation) (including recovery of
replace a person with a / 1 week (including the technological operation)
stand-in) search for new / 1 week (including the
contractors to system search for new
maintenance) contractors to system
maintenance)
T - given From 6 months to 2 years
prognostic period (to estimate such a period during which the guarantees of retaining risks
within admissible limits are maintained)
Probability of failure to reliable perform decision management process without consideration of
threats to system information security is estimated by the model [..]. The analysis of calculation
results showed that during a year this probability will be about 0.040 for all complex of decisions -
see Figure 2. If the prognostic period is increased from six months to 2 years, the risk increases from
0.018 to 0.083 (see Figure 3). For an acceptable risk at the level of 0.05, a period of up to 15 months
is justified, in which guarantees of risk retention within admissible limits are maintained in the
conditions of the example 1 (see Table 1).
Figure 2. The probability of failure to reliable Figure 3. Dependence 𝑅𝑅rel (𝑇𝑇 ) on the
perform decision management process during a prognostic period 𝑇𝑇 lasting from 6 to 24
year without consideration of threats to system months
information security - 𝑅𝑅rel 𝑖𝑖 (𝑇𝑇 = 1year )
At the same time, the "bottleneck", the characteristics of which need to be analyzed for risk
reducing, is only the 1st element - this is the architecture for a group of people associated with making
analytical decisions (for managers, designers, designers, engineers, analysts, integrators). The
identification of this "bottleneck" becomes the reason for an additional system analysis to reduce the
risk. The simplest option is to combine efforts in solving the same problem on the part of several
persons involved in making analytical decisions. These efforts imply mutual control and coordination
of activities. And from the point of view of modeling, instead of the 1st element, the 1st subsystem
appears in the structure, represented as two parallel elements – see Figure 4.
70
� Figure 4. The risk of failure to reliable perform decision management process (without
consideration of threats to system information security) is decreased (left), and guarantees of risk
retention within admissible limits (≤0.05) are increased (right)
All the input data for each of the parallel combined elements of the 1st subsystem are the same as
for the 1st element from Table 1. As a result of additional modeling, it was revealed that due to the
measures taken, a 42% reduction in the risk of violating the reliability of the process performance
without taking into account the requirements for system information security and an increase by 27%
of the period for which guarantees of risk retention within acceptable limits are preserved (from 15 to
19 months – see Figure 4). In practice, it is these measures (combining the efforts of several persons
in the parallel solution of one task with mutual control and coordination of the prepared solutions) that
lead to the reliable performance of the process under consideration. The example shows only a
quantitative estimation of such measures in terms of predicted risks (for each element).
5.3. Example 2
Additionally the real and hypothetical threats to system information security are considered – see
Figure 5 and input data in Table 2.
Figure 5. The structure of the simulated system in the form of a complex of architectural solutions
in terms of accounting for information security requirements
71
�Table 2
Example 2 input for modeling complex structure by the model [13,15]
Input Values and comments
for the model for 1st /2nd elements for 3rd /4th elements for 5th/6th elements
σ - frequency of 1 time in a year 1 time in a year (this is 1 time in 2 years (this is
the occurrences of / 1 time in a year commensurate with the commensurate with the
potential threats (there are threats to equipment failure frequency of
to information information security frequency during technological failure
security from the staff) operating time) during operating time)
/ 1 time in 5 years / 1 time in 5 years (there
(there are threats to are threats to
information security in information security in
the process of the process of
maintaining the system maintaining the
equipment) technological safety)
β - mean 2 weeks (this is 1 day / 1 day 1 day / 1 day
activation time of commensurate with the (it is assumed that due (it is assumed that due
threats up to time of using to masking, the sources to masking, the sources
violation of vulnerabilities in the of threats are not of threats are not
information part of information activated immediately, activated immediately,
security security) but with a certain delay but with a certain delay
/ 5 years (this is of at least of at least
commensurate with the 1 day) 1 day)
mean time between
failures connected with
information security)
Tbetw - time 1 day / 1 day 1 hour / 1 hour 1 hour / 1 hour
between the end (this time is determined (this time is determined (this time is determined
of diagnostics and by the regulations for by the regulations for by the regulations for
the beginning of monitoring the software and assets technological safety
the next readiness of personnel) control in the part of control in the part of
diagnostics information security, information security)
connected with except technological
information safety)
security
Tdiag - diagnostics 30 seconds/30 seconds 30 seconds/30 seconds 30 seconds/30 seconds
time (automatic control of (automatic control of (automatic technological
personnel according to software and assets safety control according
information security according to to information security
requirements) information security requirements)
requirements)
Trecov - recovery 5 minutes / 5 minutes 5 minutes / 5 minutes 5 minutes / 5 minutes
time after (including system (including system (including system
information reinstallation) reinstallation) reinstallation)
security violation
T - given From 6 months to 2 years
prognostic period (to estimate such a period during which the guarantees of retaining risks
within admissible limits are maintained)
The analysis of the calculations results showed that in probabilistic terms, the risk of violating
information security requirements during the year will be about 0.071 for the entire complex of
72
�architectural solutions (see Figure 6), amounting to 0.034 for the 1st element ("bottleneck"), 0.021 for
the 3rd element, and no more than 0.010 for the 2nd, 4th, 5th and 6th elements.
With an increase in the prognostic period from six months to 2 years, the risk increases from 0.040
to 0.140 (see Figure 7). For an acceptable risk at the level of 0.05, a period of up to 8 months is
justified, in which guarantees of risk retention within acceptable limits are maintained in the selected
architectural solutions characterized by the conditions of the example from Table 2.
Figure 6. The probability of violating system Figure 7. Dependence 𝑹𝑹𝐬𝐬𝐬𝐬𝐬𝐬 (𝑻𝑻 ) on the
information security requirements prognostic period 𝑻𝑻 lasting from 6 to 24 months
- 𝑹𝑹𝐬𝐬𝐬𝐬𝐬𝐬 𝒊𝒊 (𝑻𝑻 = 𝟏𝟏𝐲𝐲𝐲𝐲𝐲𝐲𝐲𝐲 )
The "bottleneck" is connected with element 1. The reason for the "bottleneck" is the accepted
model of the violator (see Table 2, the value for β - mean activation time of threats up to violation of
information security), who is able to use within 2 weeks the admitted information security
vulnerabilities in architectural solutions connected with analytical decision makers.
5.4. Example 3
In continuation of Examples 1 and 2, the integral probability 𝑹𝑹𝐢𝐢𝐢𝐢𝐢𝐢 (𝑻𝑻 ) of failure to reliable
perform decision management process considering system information security is calculated using the
recommendations of section 4.
Considering that 𝑹𝑹𝐫𝐫𝐫𝐫𝐫𝐫 (𝑻𝑻 = 𝟏𝟏𝐲𝐲𝐲𝐲𝐲𝐲𝐲𝐲 ) = 0.028 and 𝑹𝑹𝐬𝐬𝐬𝐬𝐬𝐬 (𝑻𝑻 = 𝟏𝟏𝐲𝐲𝐲𝐲𝐲𝐲𝐲𝐲 ) = 0.071, by formula (1)
𝑹𝑹𝐢𝐢𝐢𝐢𝐢𝐢 (𝑻𝑻 = 𝟏𝟏𝐲𝐲𝐲𝐲𝐲𝐲𝐲𝐲 ) = 1 ─ (1 ─ 0,028)·(1 ─ 0,071) ≈ 0,097.
For commensurate damages in resulting value of integral risk 0.097 the risk of violating system
information security requirements (0.071) is 2.5 times higher than the risk of failure to reliable
perform decision management process without consideration of threats to system information
security. Comparing with the admissible level of 0.05, we can state that the calculated risks exceed
the acceptable risk (in probability value). It means the rationale that the system decisions are not
balanced and the improvement of decision management process is needed (connected with
architectural and organizational decisions focused on people, process-oriented architectural decisions,
architectural decisions focused on the applied technologies). And the main goal is to reduce the risk of
violating information security requirements.
Thus, the examples 1-3 demonstrate the impact of information security on the performance of
decision management process by risks measures.
73
�6. Conclusion
The proposed methodological approach allows to analyze an impact of a violation of information
security requirements on the performance of decision management process. It uses the measure for
uncertainty conditions – the integral probability of failure to reliable perform decision management
process considering system information security. Considering threats to system information security
the approach use helps to confirm that the planned or applied system decisions are balanced (or not),
to identify "bottlenecks" and the ways to reduce risks in decision management process, and justify
conditions and period, in which guarantees of risks retention within admissible limits are maintained,
taking into account the requirements for system information security.
7. References
[1] A. Kostogryzov, G.Nistratov and A.Nistratov. Some Applicable Methods to Analyze and
Optimize System Processes in Quality Management. Total Quality Management and Six Sigma,
InTech, 2012: 127-196. DOI: 10.5772/46106
[2] A. Barabanov, A. Markov, V. Tsirlov. Methodological Framework for Analysis and Synthesis of
a Set of Secure Software Development Controls, Journal of Theoretical and Applied Information
Technology, 2016, vol. 88, No 1, pp. 77-88
[3] M. Eid, and V. Rosato. Critical Infrastructure Disruption Scenarios Analyses via Simulation.
Managing the Complexity of Critical Infrastructures. A Modelling and Simulation Approach,
SpringerOpen, 2016: 43-62.
[4] A. Markov, A. Fadin, V. Tsirlov. Multilevel Metamodel for Heuristic Search of Vulnerabilities in
the Software Source Code, International Journal of Control Theory and Applications, 2016, vol.
9, No 30, pp. 313-320.
[5] Zegzhda, P., Zegzhda, D., Pavlenko, E., Dremov, A. Detecting Android application malicious
behaviors based on the analysis of control flows and data flows. ACM International Conference
Proceeding Series, 2017, pp. 280-286. DOI: 10.1145/3136825.3140583.
[6] V. Artemyev, Ju. Rudenko, G. Nistratov. Probabilistic modeling in system engineering.
Probabilistic methods and technologies of risks prediction and rationale of preventive measures
by using “smart systems”. Applications to coal branch for increasing Industrial safety of
enterprises. IntechOpen, 2018: 23-51.
[7] V. Kershenbaum, L. Grigoriev, P. Kanygin, A. Nistratov. Probabilistic modeling in system
engineering. Probabilistic modeling processes for oil and gas systems. IntechOpen, 2018: 55-79.
[8] A. Markov, A. Barabanov and V. Tsirlov. Probabilistic modeling in system engineering. Periodic
Monitoring and Recovery of Resources in Information Systems. IntechOpen, 2018: Chapter 10.
URL: http://www.intechopen.com/books/probabilistic-modeling-in-system-engineering
[9] I. Goncharov, N. Goncharov, S. Kochedykov and P. Parinov. Probabilistic modeling in system
engineering. Probabilistic analysis of the influence of staff qualification and information-
psychological conditions on the level of systems information security. IntechOpen, 2018: Chapter
11. URL: http://www.intechopen.com/books/probabilistic-modeling-in-system-engineering
[10] A. Barabanov, A. Markov, V. Tsirlov. Information Security Controls Against Cross-Site Request
Forgery Attacks on Software Application of Automated Systems. Journal of Physics: Conference
Series. 2018. V. 1015. P. 042034. DOI :10.1088/1742- 6596/1015/4/04203.
[11] A. Berdyugin, P. Revenkov. Approaches to measuring the risk of cyberattacks in remote banking
services of Russia. 2019. Vol-2603. P. 23-38. URL: http://ceur-ws.org/Vol-2603/short2.pdf
[12] N. Korneev, V. Merkulov. Intellectual analysis and basic modeling of complex threats. 2019. Vol-
2603. P. 23-38. URL: http://ceur-ws.org/Vol-2603/paper6.pdf
[13] A. Kostogryzov. Risks Prediction for Artificial Intelligence Systems Using Monitoring Data.
2019. Vol-2603. P. 29-33. URL: http://ceur-ws.org/Vol-2603/short7.pdf
74
�[14] V. Varenitca, A. Markov, V. Savchenko. Recommended Practices for the Analysis of Web
Application Vulnerabilities. 2019. Vol-2603. P. 75-78. URL: http://ceur-ws.org/Vol-
2603/short16.pdf
[15] A. Kostogryzov, V. Korolev. Probabilistic methods for cognitive solving some problems of
artificial intelligence systems. Probability, combinatorics and control. IntechOpen, 2020, pp. 3-34.
URL: https://www.intechopen.com/books/probability-combinatorics-and-control
[16] V.A. Nadein, N.A. Makhutov, V.I. Osipov, G.I. Shmal’, P.A. Truskov Hybrid modelling of
offshore platforms’ stress-deformed and limit states with taking into account probabilistic
parameters. Probability, combinatorics and control. IntechOpen, 2020, pp. 73-116. URL:
https://www.intechopen.com/books/probability-combinatorics-and-control
[17] I. Sinitsyn, A. Shalamov Probabilistic analysis, modeling and estimation in CALS technologies.
Probability, combinatorics and control. IntechOpen, 2020, pp. 117-142. URL:
https://www.intechopen.com/books/probability-combinatorics-and-control
[18] D. Neganov., N. Makhutov. Combined calculated, experimental and determinated and probable
justification for strength of trunk oil pipelines. Probability, combinatorics and control.
IntechOpen, 2020, pp. 143-164. URL: https://www.intechopen.com/books/probability-
combinatorics-and-control
[19] N. Makhutov, M. Gadenin, Yu. Dragunov, S. Evropin, V. Pimenov Probability modeling taking
into account nonlinear processes of a deformation and fracture for the equipment of nuclear
power plants. Probability, combinatorics and control. IntechOpen, 2020, pp. 191-220. URL:
https://www.intechopen.com/books/probability-combinatorics-and-control
[20] I. Goncharov, N. Goncharov, P. Parinov, S. Kochedykov, A. Dushkin Modelling the
information-psychological impact in social networks. Probability, combinatorics and control.
IntechOpen, 2020, pp. 293-308. URL: https://www.intechopen.com/books/probability-
combinatorics-and-control
75
�