Formalization of the enterprise information security model in the multicriteria linear programming problem form

Previously, the authors proposed a methodology for assessing the functional efficiency of the software and technical solutions (STS) subsystem of an information security complex system (ISCS) of an enterprise. Using it makes it possible to evaluate not only the overall efficiency of the ISCS STS subsystem, but also the efficiency of its components, such as subsystems and their functions. In this article, based on the proposed methodology, an optimization model of enterprise information security is formulated in the form of a multicriteria linear programming problem. Its target functions are the efficiency estimations of all possible components of the ISCS STS subsystem. The variables are the expected estimates of the auditors after modernizing the ISCS and the costs that provide the corresponding estimates. The solution to this problem gives an answer to the question of how to distribute the available amount of funds in such a way as to maximize not only the efficiency of the ISCS STS subsystem, but also the efficiency of all its components. The proposed multi-criteria problem is reduced to a single-criteria problem, in which, instead of maximizing all efficiency criteria, the minimum of them is maximized. A problem is also proposed, the solution to which gives an answer to the question of what minimum costs are necessary to ensure a given level of efficiency of the ISCS STS subsystem and all its components.

1. Nasedkin P.N., Bazilevskii M.P. Methodology for assessing the level of security of software and hardware solutions of an integrated system for protecting information of an enterprise. Sovremennaya nauka: aktual'nye problemy teorii i praktiki. Seriya: Estestvennye i tekhnicheskie nauki = Modern Science: actual problems of theory & practice. Natural and technical sciences. 2023;3:87–93. DOI: 10.37882/2223–2966.2023.03.27. (In Russ.).

2. Kuznetsov A.V., Sakovich V.A., Kholod N.I. Higher Mathematics: Mathematical Programming. Minsk, Vysheishaya shkola; 1994. 286 p. (In Russ.).

3. Ivanchenko P.Yu., Katsuro D.A., Medvedev A.V., Trusov A.N. Mathematical modeling information and economic security of small and medium business. Fundamental'nye issledovaniya = Fundamental research. 2013;10-13:2860–2863. (In Russ.).

4. Medvedev A.V. Optimization mathematical information security model. Sbornik izbrannykh statei Vserossiiskoi (natsional'noi) nauchno-prakticheskoi konferentsii «Nauchnye issledovaniya v sovremennom mire. Teoriya i praktika», July 10-13 2021, Saint Petersburg. Saint Petersburg, GNII Natsrazvitie; 2021. p. 66–68. (In Russ.).

5. Zikratov I.A., Odegov S.V., Smirnykh A.V. Information security risks optimization in cloudy services on the basis of linear programming. Nauchno-tekhnicheskii vestnik informatsionnykh tekhnologii, mekhaniki i optiki = Scientific and technical journal of information technologies, mechanics and optics. 2013;83(1):141–144. (In Russ.).

6. Klimenko I.S., Kukharova T.V. The solution of the problem information security management by dynamic programming. Sbornik statei XVI Mezhdunarodnoi zaochnoi estestvennonauchnoi konferentsii «TEKhNOKONGRESS», October 30 2017, Kemerovo. Kemerovo, Kemerovo Puplishing House; 2017. p. 26–29. (In Russ.).

7. Sizov V.A., Drozhkin A.A. Modeling economy of information security of business entity based on simplex-method. Vestnik Rossiiskogo ekonomicheskogo universiteta im. G.V. Plekhanova = Vestnik of the Plekhanov Russian University of Economics. 2021;18(1):173–178. (In Russ.).

8. Klyaus T.K., Gatchin Yu.A. Mathematical model for information security system effectiveness evaluation against advanced persistent threat attacks. Sbornik statei XXIII mezhdunarodnoi nauchnoi konferentsii “Volnovaya elektronika i infokommunikatsionnye sistemy”, June 01–05 2020, Saint Petersburg. Saint Petersburg, Saint Petersburg State University of Aerospace Instrumentation; 2020. p. 250–260. (In Russ.).

9. Kasatkin P.A., Kirenberg A.G., Medvedev A.V., Prokopenko E.V. A mathematical model of organization’s information and economic security. Ekonomika i upravlenie = Economics and Innovation management. 2023;24(1):85–92. DOI: 10.26730/2587-5574-2023-1-85-92. (In Russ.).

10. Noskov S.I. Technologies for modeling objects with unstable operation and data veracity. Irkutsk, RITs GP Oblinformpechat'; 1996. 320 p. (In Russ.).