Modeling of Ensuring Information Security of a Credit and Financial Facility

The subject of our study was the analysis of information security of the object of a particular credit and financial sphere, issuing microloans. The authors built a plan-scheme of a typical object of the credit and fnancial sector. We also described the organizational structure and staff structure of the microloans organization. Further, we conducted an analysis of the organization’s staff, their activities, and areas in which they have the right to access. On the basis of the obtained data, we constructed a model of threats to information security of the microloans organization. The authors determined the correspondence of the types of threats to the types of violators of information security. We have built a three-dimensional model of information security, which allows us to calculate the vulnerability factor of the object of credit and fnancial sector, based on the data obtained in the company issuing micro-loans, as well as available statistics. The main parameters that determine the security indicators are identifed: the number and characteristics of destabilizing factors that can manifest themselves and have a negative impact on the protected information; the number and characteristics of the methods used to protect information; the number and categories of persons who can potentially be violators of information security rules; types of protected information. By calculating the security coeffcient of the object, it is possible to create an effective system of its information security and to optimize the choice of a set of technical means and methods of protection of information. It can signifcantly reduce the damage arising from the threats to information security. The method of mathematical modelling developed by the authors allows estimating the current level of information security in any organization of the fnancial sphere.

1. Andrianov V.V., Zefrov S.L., Golovanov V.B., Golduev N.A. Ensuring information security of business. 2nd ed. Moscow: Alpina Publ.; 2011. (In Russ.).

2. Johnson J. R., Johnson R. W., Rodriguez D., Tolimieri R. A methodology for designing, modifying, and implementing Fourier transform algorithms on various architectures. Circuits, Systems and Signal Processing. 1990;9(4):449–500. DOI: 10.1007/BF01189337

3. Koz’minykh S.I. Methodological bases for ensuring complex security of an object, frm, business activity. Moscow: Moscow Univ. of the MIA of Russia; 2005. 432 p. (In Russ.).

4. Skiba V. Yu., Kurbatov V. A. A guide to protection against internal threats to information security. St. Petersburg: Piter Publ.; 2008. 235 p. (In Russ.).

5. Akimov V.A., Lesnykh V.V., Radaev N.N. Fundamentals of risk analysis and management in the natural and man­made spheres. Moscow: Delovoi ekspress; 2004. 352 p. (In Russ.).

6. Gabrichidze T.G. Complex multi­stage security system for critically important, potentially hazardous objects. Izhevsk: Nauchnaya kniga; 2007. 154 p. (In Russ.).

7. Rad’ko N.M., Skobelev I.O. Risk­models of information and telecommunication systems in the realization of threats of remote and direct access. Moscow: Radio Soft; 2010. 234 p. (In Russ.).

8. Farrier D.R., Durrani T.S., Nightingale J.M. Fast beam forming techniques for circular arrays. The Journal of the Acoustical Society of America. 1975;58(4):920–922. DOI: 10.1121/1.380745

9. Cooley J.W., Tukey J.W. An algorithm for the machine calculation of complex Fourier series. Mathematics of Computation. 1965;19(90): 297–301. DOI: 10.2307/2003354

10. Baldin K.V., Vorob’ev S.N. Management of risks. Moscow: Unity­Dana; 2005. 512 p. (In Russ.).

11. Emel’yanov A.A. Simulation modelling in risk management. St. Petersburg: ENGECON; 2000. 376 p. (In Russ.).

12. Stepanov O.A., Baranov V.V., Klement’ev A.S., Nekishev A.V., Shmonin A.V. Actual problems of counteraction to crimes in the sphere of high technologies. Moscow: Acad. of Manag. of the MIA of Russia; 2013. 124 p. (In Russ.).

13. Hart D., Shirley G., eds. Information systems foundations: Theory, representation and reality. Canberra: ANU Press; 2007.

14. Tipton H.F., Krause M. Information security management handbook. 6th ed. Boca Raton, FL: Auerbach Publ.; 2007.

15. Miloslavskaya N. G., Senatorov M. Yu., Tolstoi A. I. Inspection and assessment of information security management. Moscow: Goryachaya Liniya — Telekom; 2012. 166 p. (In Russ.).

16. Goroshko I.V., Sichkaruk A.V., Floka A.B. Methods and models of data analysis in law enforcement. Moscow: AS­Trast; 2007. 224 p. (In Russ.).

17. Schwartau W. On a threshold of world information war. Framingham, MA: Network World; 2007. 321 p.

18. Weidman G. Penetration testing: A hands­on introduction to hacking. San Francisco, CA: No Starch Press, Inc.; 2014. 528 p.

19. Knoke M.E., Peterson K.E., eds. Physical security principles. Alexandria, VA: ASIS International; 2015. 584 p.

20. Gusev V.S., Demin V.A., Kuzin B.I. et al. Economics and organization of security of business entities. 2nd ed. St. Petersburg: Piter; 2004. 288 p.