Models for assessing threats of documentary information leakage in the process of developing a secure information system

Authors: Avsentiev O. S., Butov V. V., Tomilova E. A.

Annotation: The paper considers the issues of assessing the threats to the leakage of information contained in the documents developed in the process of creating a secure information system, with the aim of its certification for compliance with information security requirements. Descriptive models of the processes for creating such documents are developed. Timing diagrams illustrating a general overview of these processes are constructed. The appli-cation of the flow theory and Poisson's formula for calculating the probability of their implementation is justified. In order to assess to the leakage of information contained in the developed documents, a general description of these threats is given, tak-ing into account not only the temporal factor in their implemen-tation, but also the specific features of the document develop-ment processes using computers. Descriptive and functional models of scenarios for the realization of information leakage threats contained in the documents under development by inter-nal and external intruders are developed. Analytical relations for calculating the probabilities of realization of these threats in the absence of protection measures are obtained. The possibility of increasing the security of information contained in the docu-ments under development against leakage through the applica-tion of organizational and technical measures based on a securi-ty monitoring system has been substantiated. To assess the impact of these measures, as well as the security of information against leakage with their application, appropriate descriptive and functional models are required, as well as indicators and analytical models for their calculation, taking into account the time factor and logical conditions that determine the dynamics of the realization of the processes under study. For this pur-pose, it is advisable to use the apparatus of composite Petri-Markov nets. Functional models developed in the article and the constructed timing diagrams can be used as a basis for the ap-plication of this apparatus.

Keywords: threat realization scenario, conditions and factors, information leakage threat, document development process, documentary information, secure information system