Cyber protection objects (CPO) in the state are the following: 1) communication systems of all forms of ownership, in which national information resources are processed and/or used in the interests of state authorities, local authorities, law enforcement bodies and military formations formed in accordance with the law; 2) objects of critical information infrastructure; 3) communication systems that are used to meet public needs and/or implement legal relations in the areas of electronic government, electronic government services, electronic commerce, electronic document management [1-3].

The creation of an effective information security system of the CPO requires the inclusion of a subsystem of situational centers, rigidly interconnected at the information and performance levels for making appropriate anticrisis decisions in solving various functional monitoring tasks, preventing the emergence of threats to information circulating during functioning of the CPO, as well as eliminating or minimizing their consequences [4-7].

One of the topical directions to create a subsystem of situational centers in the information security system of the CPO is the development of a justification methodology, under the uncertainty of initial information for experts of the system of situational centers, optimal anti-crisis solutions to prevent the emergence of threats to information circulating in the process of functioning of the CPO, as well as to eliminate or minimize their consequences.

An obligatory stage in the functioning of the system of situational centers is decision making. At the same time, not only incorrect, but also ineffective decisions lead to losses or irrational use of financial, time, labor, energy and other resources when managing the processes of prevention and elimination of emergency situations. In this regard, the problem of developing a scientifically grounded methodology to make effective decisions is one of the urgent scientific problems.

According to V.M. Hlushkov, the necessary conditions for the effectiveness of decisions are their timeliness, completeness and optimality. The listed requirements are contradictory and their satisfaction is connected with serious difficulties.

Provision the completeness (complexity) of decisions requires the fullest possible consideration of internal and external factors affecting decision-making, a deep analysis of their interrelationships, which leads to increase in the dimension of the decision-making problem, its multicriteria. In turn, this leads to increase in the uncertainty of the initial data, which is due to the incompleteness of knowledge about the relationship of factors and, as a consequence, its inaccurate description, the impossibility or inaccuracy of measuring some factors, random external and internal influences, etc. An additional complication is in the fact that uncertainties are heterogeneous and can be represented as random variables, fuzzy sets or simply interval values.

Thus, an increase in the efficiency of decisions made is connected with the need to solve multicriteria optimization problems in conditions of uncertainty.

The traditional, widespread approach to solving such problems, based on their heuristic simplification, determinization as a means of removing uncertainty, becomes less and less effective as the tasks become more complex and the significance of solutions increases [8].

In these conditions, it is extremely important to develop formal, normative methods and models for a comprehensive solution to the problem of decision-making in conditions of multi-criteria and uncertainty.

In this direction, principal, fundamental results have been obtained [9,10, 15-17], however, the only solution to the problem is far from completion and the continuation of research in this direction is undoubtedly relevant both in theoretical and applied aspects for the development of a substantiation methodology, under conditions of uncertainty in the input information for experts of the system of situational centers, optimal anti-crisis solutions to ensure the required level of safety for functioning of the CPO.

situation center performance as a component of the support system for anti-crisis decisionmaking at the cyber protection objects

The situational center while operating in the information security system of the CPO shall, in accordance with the data in Fig. 1, ensure the collection, processing and analysis of information, as well as modeling the development of information threat to the CPO and the development and implementation of anti-crisis management to prevent the emergence of threats to information circulating during functioning of the CPO, as well as to eliminate or minimize their consequences.

Functioning which is shown in Fig. 1, schemes in the conditions of completeness of the initial information and the presence of one partial criterion for assessing the set of feasible solutions does not present difficulties in substantiating optimal anti-crisis solutions. On the other hand, modern problematic situations are characterized by incompleteness of knowledge (uncertainty) of the initial data and many particular evaluation criteria. Thus, the traditional approach based on the decomposition of the problem into two socalled independent problems – multiobjective optimization in deterministic, that is, without concidering uncertainty, formulation and decision-making under uncertainty for a scalar objective function in modern conditions, does not meet the requirements of practice under accuracy and efficiency.

CYBER PROTECTION

OBJECT (CPO)

SUBSYSTEM OF IMPLEMENTATION OF THE DECISION ON PREVENTION OF THREATS AND

ELIMINATION OF THEATS FOR INFORMATION CIRCULATING IN THE PROCESS OF FUNCTIONING THE CPO

THREAT MONITORING SUBSYSTEM FOR INFORMATION CIRCULATED IN THE PROCESS OF FUNCTIONING OF THE CPO l a m i t p o n teh tio

u ing lso s o o h C y b s ltiouon itirrea s c f f no teo io s t lau teh a v E fo sn tse it o u a l fo seo n l

b tio i a ss rm im oF ad

assessment

of threats to information circulating during the cyber defense object functioning

Based on the basic postulates of the riskoriented approach, the risk indicator for the information circulating in the process of functioning of the CPO shall be represented as [18]: . = ∑3=1 . , ( 1 ) where

1 . – is a risk indicator for information circulating during functioning of the CPO, which is characterized by the disclosure of information;

. – is a risk indicator for the information circulating in the process of functioning of the CPO

which is characterized by information leakage;

. – is a risk indicator for computer information circulating during the functioning.

The components of risk for the information circulating in the process of functioning of the CPO are presented in Fig. 2. The risk components for the information circulating in the process of functioning of the CPO are calculated by the formula: . . = . . . , .

( 2 ) 3 where

. exceeding the normative indicator for the j-th aspect of the i-th process of danger for the information circulating in the

process of – is assessment of the probability of – is assessment of functioning of the CPO;

. the th CPO.

damage from

exceeding the normative indicator of the impact of the j-th aspect of the iprocess of danger for the

information circulating in the process of functioning of the

At the same influence on the information circulating in the process of functioning of the CPO, several processes of danger, it is necessary to consider a possibility of display of synergetic effect. In this case, the probability of exceeding the norm for two common aspects of the danger to the information circulating in the process of functioning of the CPO shall be calculated as: . .

. = .1

. + .2 − . .1 . .2

. ( 3 )

The assessment of the damage from exceeding the normative indicator is calculated as the amount of damage, the type of threat components for the information circulating in the process of is determined by the formula: functioning of the CPO. Total expected loss .

( 4 ) . = ∑ , . , , where

.

CPO; . ,

– is the mathematical expectation of the general economic damage of the CPO from processes of danger for the

information circulating in the process of functioning of the

– is the mathematical expectation of damage of the CPO concerning the risk of the j-th aspect of the i-th process of danger for the information circulating in the

process of functioning of the CPO.

Based on the material presented in the form of expressions ( 1 )–( 4 ) concerning the distribution of the risk-based approach to assessing the vulnerability of the CPO and based on the basic tenets of systems theory and synergetics, the level , the situation center under security in the probable manifestation of various aspects of the information threat process of a particular cyber protection object.

MAIN TYPES OF THREATS FOR INFORMATION CIRCULATING IN THE PROCESS OF CYBER PROTECTION

PERFORMANCE DISCLOSURE OF INFORMATION threats to the information circulating in the process of functioning the cyber protection object ° = arg extr〈 ( )〉, ∀ = 1, ( 6 ) of particular criteria ( ).

In general [12–14,19], the admissible set of solutions contains subsets of consistent and contradictory (compromise)

solutions. A feature of the latter is the impossibility of improving any particular criterion ( ), = ̅1̅̅,̅̅ without deteriorating the quality of at least one particular criterion. In this case, by definition, an effective solution ° necessarily belongs to the area of compromise. This means that the problem of multiobjective optimization has no solution, i.e. is incorrect according to Adamar, since in the general case it does not provide the definition of the only optimal solution from the set of compromises .

Thus, the problem of

multiobjective optimization arises. The main idea of the methods for single solution from the area of compromises .

There are two possible

approaches to the implementation of such a task: heuristic, when the decision-maker (DM) makes a choice based on their experience, and formal, based on some formal rules (compromise schemes) [20,21].

The main methods of

regularizing the problem of multicriteria optimization are the principle of the main criterion, functional-cost analysis optimization.

and

the Each principle where − is the isomorphism coefficients that bring heterogeneous particular criteria ( ) to isomorphic form.

The theoretical basis for the formation of multicriteria scalar estimates is the utility theory, which assumes the existence of a quantitative assessment of the preference of decisions. It means that 1, 2 , 1 ≻ 2, then ( 1) > ( 2), ( 8 ) where ( 1), ( 2) – are the utility functions.

In the general case, the converse is also true.

Thus, utility is a quantitative measure of the “quality” of decisions, therefore ( 9 ) of ∘ = arg max ( ).

and the principle of ranking decisions reflects the subjective preferences of a particular decision maker.

Consider the systemological grounds for choosing the metric of the utility function.

The synthesis of any mathematical model, including the synthesis of the utility function, presupposes the need to solve two interrelated problems: structural and parametric identification. The first of them provides for: identification of significant factors that affect the output of the model; structure

definition, i.e. the kind of operator that determines the connection between the input and output data of the model.

The solution to the problem of parametric identification is to determine the specific quantitative values of the model parameters.

The problem of structural identification of a model is connected with the heuristic advance and verification of a hypothesis. In the case under consideration, the form of the decision utility function is determined by particular characteristics (criteria) ( )

The next step in solving the problem is to identify the type of operator . There are most widely known two forms of the utility function: additive and multiplicative.

Additive utility function. Fishbern made a great contribution to substantiating this hypothesis. He determined the necessary and sufficient conditions for the adequacy of the additive utility function for many cases. In the case of factors, the condition for the additivity of the utility function according to Fishbern can be formulated as follows: the factors 1, 2, … , are additively independent if the preference of lotteries on 1, 2, … , marginal probability distributions.

depend only on their

Using this definition, we can formulate the main result of the theory of additive utility: ( ) = ∑ =1 ( ).

The multiplicative form of the utility function has the following form

The analysis showed that the multiplicative form does not allow considering the information about the weight coefficients. The disadvantage of the additive form is that it does not allow considering the nonlinearity and interconnection of particular criteria.

Therefore, in the general case, a more universal structure of the utility function is needed, which would allow considering both the additive form and nonlinear effects.

As such a universal form, the KolmohorovHabor polynomial can be used, which in the general case has the form: ( ) = 0 + ∑ =1 +

+ ∑ =1 ∑ ≤ + + ∑ =1 ∑ ≤ ∑ ≤ + ⋯ , ( 12 ) take the form

For the purposes of evaluating utility, it shall be modified by putting 0 = 0, as a result, it will ( ) = ∑ =1 + ∑ =1 ∑ =1 +…( 13 )

Moreover, in most practical situations, it is sufficient to consider only the members of the second order.

The Kolmohorov-Habor polynomial contains the fragments of the additive and multiplicative functions and is linear in parameters. Considering that, by expanding the space of variables by introducing additional variables such as ∑ =1 ∑ =1 = , we obtain an additive function of the following form ( ) = ∑ =1 , ( 14 )

Based on the above mentioned, we will consider the additive form in more detail, using model ( 10 ) for clarity. All particular criteria, by definition, have different dimensions, intervals and measurement scales, i.e. are not comparable to each other.

Consequently, formula ( 9 ) is valid only if considers the importance of particular criteria and, at coefficients, i.e. lead heterogeneous ( ) to a single dimension and range of change. However, in the general case, it is difficult to determine the values of such isomorphism coefficients. This circumstance can be overcome by presenting the additive utility function in the following form: ( ) = ∑ =1 н( ), where – is the relative dimensionless weight coefficients for which the constraints are satisfied 0 ≤ ≤ 1, ∑ =1 =1, and н( ) – normalized, i.e. partial criteria reduced to isomorphic form. The criteria are normalized according to the formula ( 15 ) ( 16 ) ( 17 ) ( 18 ) ( 19 ) н( ) = ( (н л)−− ннхх) ш нл,

where ( ) – is the value of a particular criterion; нх – respectively, the best and worst value of the particular criterion, which he takes on the area of admissible solutions ∈ .

Depending on the type of extremum (direction of dominance) нл = { ∈ max ( ) , ( ) → ∈ min ( ) , ( ) → нх = { ∈ min ( ) , ( ) → ∈ max ( ) , ( ) →

The estimation model ( 15 ) is constructive only if the weighting coefficients of particular criteria are set by point quantitative values. As it was mentioned above, decision makers are the carriers of this information, which means that some procedures for obtaining it are necessary, i.e. the the values is not always possible, therefore, in the general case, the evaluation of the usefulness of decisions has to be carried out under conditions of a greater or lesser degree of uncertainty about the mutual importance of particular criteria. In general, the general model for determining the utility of a solution ∈ has a form ( ) = [ (

), ( )], = 1, , ( 20 ) of the coefficients of relative importance. where ( ) – is the information about the values Extreme situations are ones when: 1) the weight coefficients are specified in the form of exact point quantitative values;

Typically, between these extremes, there are many situations with varying degrees of uncertainty in the assignment of weighting factors.

Based on the presented approach, the problem of synthesizing a

model for calculating the interval phased value of a scalar multifactorial assessment space of variables, the utility function model ( ) can be viewed as an additive function of the form ( ) = ∑ =1 ( ) ( 21 ) where – is dimensionless weight coefficients that meet the requirements 0 ≤ ≤ 1, ∑ =1 = dimensionless form, the same metric 1, ( ) are normalized, that is, reduced to and dominance direction, partial criteria; the “-” sign means interval uncertainty.

An analysis of the features of the problem of multicriteria scalar estimates showed that fuzzy sets are a widespread form of representing uncertainties in model ( 21 ). Under the accepted assumptions, the parametric identification of the model of the multicriteria optimization problem ( 21 ) consists in determining the interval values of the parameters and particular criteria ( ), their fuzzification and calculating the interval phased value of the solution utility function ( ).

Since the problem of multivariate estimation is an intellectual procedure and there are experts who are carriers of the input information, the problem of parametric identification of model parameters ( 21 ) is solved directly by the methods of expert assessment or by the method of comparative identification.

The method of comparative identification of the additive model for scalar evaluation of the utility of alternatives is as follows. The input information is the relation of a strict or non-strict order,

by experts on a set of admissible alternatives 1 ≻ 2 ∼ 3 ∼ 4 ≻ ⋯, (22) where ,~

are the signs of advantage and equivalence correspond. According to the theory of utility for (22), the following relations hold: ( 1) > ( 2) = ( 3) > ( 4) > ⋯,(23) Based on (23), one can compose a system of equations of the form ( 2) − ( 1) ≤ 0, ( 3) − ( 2) = 0, ( 4) − ( 3) ≤ 0. … … … … … … … … … (24)

By substituting the utility function ( 21 ) into (24), we obtain a system of irregularities that are linear with respect to the parameters, which determine the area of their possible values. The method of linear programming on the selected area determines the interval values [ of the parameters. In this case, regardless of the method, interval estimates of the parameters are , ] determined = [

, size of the intervals depends on the scatter of the subjective individual labels of experts.

The interval uncertainty of the model variables (particular criteria) is determined by non-factors. Their analysis and accounting allows you to determine the range of possible values of ], ∀ = 1, , and the each of them.

The next stage in identifying the model ( 21 ) consists in its fuzzification, that is, in the choice of the type and parameters of the membership function of the interval parameters and changes.

The weight coefficients are interval fuzzy numbers, and the value of particular criteria can be specified both numerically, in the form of fuzzy numbers, and qualitatively, in the form of linguistic terms. 5. Conclusions

1. It is shown that the basis of the information security system of a cyber protection object shall be a classical control loop that provides collection, processing and analysis of information, as well as modeling the development of information danger at a cyber protection object and the development and implementation of anti-crisis management to prevent the emergence of threats to information circulating in the process of functioning of the cyber protection object, as well as the elimination or minimization of their consequences.

2. The indicator of risk for information circulating during functioning of the cyber protection object is the sum between the indicators of risk of information disclosure and information leakage, as well as the indicator of risk for computer information circulating during functioning of the cyber protection object.

The indicator of the risk of information leakage includes indicators of the risk of information leakage through technical channels, information leakage through communication channels, speech information leakage, as well as information leakage, shown information.

The risk indicator for computer information includes indicators of the risk of loss and alteration of information, as well as obtaining unauthorized access to information.

3. It is shown that while conducting the audit by the experts of the situational center under security in conditions of probabilistic manifestation of various aspects of the information threat process of a cyber protection object, the procedure for making management decisions is complicated by the fact that the necessary conditions for the effectiveness of decisions are their timeliness, completeness and optimality. Therefore, increasing the efficiency of the decisions made is associated with the need to solve the problem of multi-criteria optimization under the uncertainty, which requires the development of formal, normative methods and models for a comprehensive solution to the problem of decision-making under the multicriteria and uncertainty in managing the processes of preventing the occurrence of threats to information circulating during functioning of the cyber protection object, as well as elimination or minimization of their consequences.

4. In order to solve the problem of multicriteria optimization under the uncertainty, in the study, firstly, it is formalized the methods for obtaining initial information about the advantages of a decision-maker, based on both traditional heuristic procedures for expert evaluation and formal methods of comparative identification. It is shown that regardless of the method of obtaining the initial information and the form of its presentation, the most adequate is the interval assessment of the preferences of the decisionmaker. Secondly, a model of a multicriteria scalar assessment of the usefulness of feasible alternative solutions has been synthesized.

5. The presented results represent the scientific basis for the development of a support system for making anti-crisis decisions in critical situations by experts of the situational center to ensure the appropriate level of information security of the cyber protection object.