Assessment of the uneven use of information resources in the business process circuit
-
DOIhttp://dx.doi.org/10.21511/ed.19(1).2020.02
-
Article InfoVolume 19 2020, Issue #1, pp. 15-22
- 509 Views
-
92 Downloads
This work is licensed under a
Creative Commons Attribution 4.0 International License
An approach is proposed for assessing the uneven use of information resources in the organization’s business processes. Formal representations of the organization’s business processes and security systems are presented, reflecting both business operations carried out in a certain sequence and information resources that ensure the implementation of the relevant business operations, the place of information resources in the general outline of business processes is indicated. The circuits of the security system business processes of and the business processes of the main object of modeling are considered, including both business processes for managing security and business processes for ensuring security management. The assessment of the non-uniform use of information resources in a business process scheme is based on the consistent construction of an information resource incidence matrix for individual business operations, a frequency relationship matrix reflecting the sharing of information resources, and a matrix of derivatives in a discrete formulation. The proposed approach is demonstrated on a conditional example containing both the notional costs of information resources and weighting factors of the importance of business operations that reflect their criticality in the general contour of business processes. Estimates obtained as a result of applying the approach make it possible to group information resources, focusing on the frequency of their joint use in the business processes, which ultimately makes it possible to justify the choice of information resources for protection against threats from cyber intruders.
- Keywords
-
JEL Classification (Paper profile tab)C65, G2, M15
-
References18
-
Tables4
-
Figures1
-
- Figure 1. The circuits of the business processes of the organization and the security system
-
- Table 1. Matrix of incidents of information resources for business processes
- Table 2. Valuation of information resources incidental to business processes
- Table 3. Business processes valuations
- Table 4. Values of business processes
-
- Evseev, S. (2016). Methodology for information technologies security evaluation for automated banking systems of Ukraine. Ukrainian Scientific Journal of Information Security, 22(3), 297-309. (In Ukrainian).
- Evseev, S. et al. (2019). Development of a methodology for building an information security system in the corporate research and education system in the context of university autonomy. Eastern-European Journal of Enterprise Technologies, 3(9), 49-63. (In Ukrainian).
- Evseev, S., & Dorohov, A. (2011). Information threats and safety in Ukrainian bank payment systems. Russian journal of criminology, 16(2), 68-75. (In Russian).
- Evseev, S., Kots, G., & Korol, O. (2015). Analysis of the legal framework for the information security management system of the NSМEP. Vostochno-evropeyskiy zhurnal peredovyih tehnologiy, 5(3)(77), 48-59. (In Ukrainian).
- Evseev, S., Rzayev, K., Mammadova, T., Samedov, F., & Romashchenko, N. (2018). Classification of cyber cruise of informational resources of automated banking systems. Cybersecurity: Education, Science, Technique, 2(2), 47-67. (In Ukrainian).
- Gorbatov, V. (1976). Teoriya chastichno-uporyadochennyih system [Theory of Partially Ordered Systems] (336 p.). Moskva: Sovetskoe radio. (In Russian)
- Gorbatov, V. (2000). Fundamentalnyye osnovy diskretnoy matematiki. Informatsionnaya matematika [Fundamentals of discrete mathematics. Informational mathematics] (556 p.) Moskva: Nauka. (In Russian)
- Hamdan, B. (2013). Evaluating the Performance of Information Security: A Balanced Scorecard Approach. SAIS 2013 Proceedings.
- Isaev, R. (2015). Sekrety uspeshnykh bankov: biznes-protsessy i tekhnologii [Secrets of successful banks: business processes and technologies] (222 p.) Moskva: INFRA-M. (In Russian)
- Kotenko, I., & Karsaev, O. (2001). Ispolzovanie mnogoagentnyih tehnologiy dlya kompleksnoy zaschityi informatsionnyih resursov v kompyuternyih setyah [The use of multi-agent technologies for the comprehensive protection of information resources in computer networks]. Izvestiya Yuzhnogo federalnogo universiteta. Tekhnicheskiye nauki - News of the Southern Federal University. Technical science, 4(22), 38-50. (In Russian).
- Magomaeva, L. (2017). Information resources as a strategic active in modern business systems. Aktualnyye voprosy ekonomicheskikh nauk i sovremennogo menedzhmenta - Actual issues of economic sciences and modern management, 4, 43-48. (In Russian).
- Milov, A., & Korol, O. (2019) Razrabotka ontologii povedeniya vzimodeystvuyuschih agentov v sistemah bezopasnosti [Development of an ontology of the behavior of interacting agents in security systems] (pp. 832-842). 4th International Congress on 3D Printing (Additive Manufacturing) Technologies and Digital Industry (11-14 April, 2019). (In Russian)
- Rigin, V. (2012). Informatization in the aspect of a process-oriented approach to the enterprise management. Problems of Territory’s Development, 2(58), 86-91. (In Russian).
- Stelmashonok, E. (2006). Organizatsiya informatsionnoy zashchity biznes-protsessov [Organization of information protection of business processes]. Applied informatics, 2(2), 42-57. (In Russian).
- Weishaupl, E., Yasasin, E., & Schiyen, G. (2015). IT Security Investments Through the Lens of the Resource-Based View: A new Theoretical Model and Literature Review. European Conference on Information Systems.
- Yudin, O., & Buchyk, S. (2015). Classification of Threats to State Informative Resources of Normatively-Legal Aspiration. Methodology of Construction of Classifier. Ukrainian Information Security Research Journal, 17(2), 108-116. (In Ukrainian).
- Yudin, O., & Buchyk, S. (2015). Derzhavni informatsiini resursy. Metodolohiia pobudovy klasyfikatora zahroz [State information resources. Methodology for building the threat classifier] (212 p.). Kyiv: NAU. (In Ukrainian).
- Yudin, O., Buchyk, S., Chunarova, A., & Varchenko, O. (2014). Methodology of construction of classifier of threats to state informative resources. Science-Based Technologies, 2(22), 200-210. (In Ukrainian).