RU2419155C1 - System to minimise risks - Google Patents

Abstract

FIELD: information technologies.

SUBSTANCE: system to minimise risks comprises the following components: facilities to store size of damage, a unit to determine a residual risk, a facility to store probabilities of substance properties damage by threats, facilities to store forecasted time of substance properties violation in case threats are realised, a facility to store dependencies between functions of countermeasures, facilities to store indices of countermeasures, a unit to detect cost

of a set of countermeasures z, a unit to detect a residual risk

for a set of countermeasures z, facilities to store dependencies between functions of countermeasures, facilities to store indices of countermeasures, a unit to detect residual damage

for a set of countermeasures z, a facility to display results of countermeasures.

EFFECT: automation of searching for an optimal risk-minimising solution and improved accuracy of parametres calculation.

6 cl, 3 dwg

Description

The invention relates to methods and devices for processing digital data and digital computing methods, designed to make the most effective decisions, as well as to monitor the effectiveness of decisions already made.

Almost all types of activities require decision-making, the effectiveness of which types of activity as a whole depends on their effectiveness. Efficiency is the ratio of the effect or the result achieved and the cost of obtaining it.

An example of such activities and decisions is, for example:

- commercial activity (purchase and sale of goods and services), which, for example, requires decision-making on the selection of goods, their purchase, logistics, security, storage, retrieval and verification of customers;

- production activities (production of products, services), which, for example, require decisions on opening new (closing existing) production facilities, organizing protection and protection, manufacturing products, and investing in new types of services;

- financial activities (venture capital investment, purchase of shares, seling operations, credit operations, etc.), which, for example, require decisions on investing in a particular enterprise, purchase of shares, and issuing a loan;

- consulting activities requiring decisions on the organization of work, its promotion in the market;

- insurance activities.

The effectiveness of these solutions depends on the ratio of the magnitude of possible losses to the magnitude of the possible benefits associated with the implementation of these decisions.

Any type of activity is characterized by a set of material or intangible entities that are used for its implementation. Such entities can be, for example, premises, machines, equipment, computers, information, people and other resources.

Each entity has one or more properties, the state of which determines the possibility of effective use of the entity for the implementation of the activity in question. Examples of properties are entity integrity, accessibility (availability in the right place at the right time), and the confidentiality of entity information.

The occurrence of losses is associated with the existence of objective factors (threats, risks) that negatively affect these types of activities, for example, fires, thefts, delays, accidents, malfunctions of systems, dismissals.

The identification of potential losses relates to the field of risk assessment.

There are two approaches to risk assessment:

- qualitative analysis;

- quantitative analysis.

Qualitative analysis is associated with a qualitative assessment of the probability of occurrence of threats and the magnitude of possible losses from the implementation of threats.

Quantitative analysis is the determination of the size of losses and the probability of threats in some quantitative units.

In quantitative analysis, the risk can be determined by the value of possible losses in value (money) terms.

If it is possible in one way or another to predict and evaluate possible losses from any activity, then a quantitative risk assessment has been obtained.

Speaking about the fact that risk is measured by the value of possible (probable) losses, the random nature of such losses should be taken into account. The probability of the occurrence of an event can be determined by the objective method and subjective.

The objective method is used to determine the probability of an event occurring on the basis of calculating the frequency with which this event occurs.

The subjective method is based on the use of subjective criteria, which are based on various assumptions. Such assumptions may include the opinion of the appraiser, his personal experience, expert assessment, and the opinion of the auditor.

Thus, the basis of risk assessment is finding the relationship between certain sizes of losses and the probability of their occurrence.

The most commonly used approach to quantifying risk assessment is to calculate the mathematical expectation of losses by the formula:

where p is the probability of a threat occurring during the year,

ν - the cost of damage in case a threat occurs.

After performing a risk assessment, the optimal risk management strategy is selected. The basic strategies include:

- risk reduction (for example, the use of an automatic fire extinguishing system reduces the likelihood of a fire);

- avoiding risk (for example, the possibility of refusing to use the remote access service allows you to get away from threats implemented by mobile users);

- risk transfer (for example, when insuring certain risks, possible losses are transferred to the insurance company);

- Acceptance of risk (when, for example, risk cannot be reduced, perhaps the best strategy is to accept it).

Each of the strategies can be implemented by one or more countermeasures. For example, a “risk reduction” strategy in relation to a threat such as a fire can be implemented:

- installation of an automatic fire extinguishing system;

- installation of a fire alarm system;

- using special heat-resistant constructions.

The use of certain countermeasures reduces the likelihood of a threat in relation to the activity in question and, accordingly, reduces the expected values of losses. Thus, the risk transfer strategy transfers the risk of a threat to another organization, thereby reducing the likelihood of its occurrence in relation to the activity in question.

The set of countermeasures that are used to protect against risks for a certain type of activity (for example, a certain enterprise or organization as a whole) constitute a risk protection system.

The risk minimization system allows you to obtain information about such a protection system that minimizes the risks of the type of activity under consideration in one or more parameters.

The traditionally used approach to assessing the effectiveness of countermeasures that implement the strategy of “risk reduction” is to calculate the mathematical expectation of losses provided that countermeasures (the so-called residual risk) are used according to the formula:

where p _k is the probability of a threat occurring during the year provided that countermeasures are used,

ν - the cost of damage in case a threat occurs.

The above mathematical principles are laid in the basis of the risk optimization process in products, for example, such as:

- “RiskWatch” (http://www.riskwatch.com/);

- "AvanGard";

- “GRIF” (http://www.dsec.ru).

Qualitative risk assessments are used in, for example, products,

as:

- “CRAMM” (http://www.cramm.com);

- “COBRA” (http://www.security-nsk-analysis.com/riskcon.htm);

- “CONDOR” (http://www.dsec.ru).

The disadvantages of the mentioned products of quantitative risk assessment include the lack of integrated accounting for the following factors:

- when taking into account residual risk, as a rule, residual damage is not taken into account - damage that may occur even if the countermeasure successfully responds to the threat. For example, in case of loss of information from the database server, and even if there is a system of information backup, it takes time to restore this information. This time of unavailability of information can lead to damage associated with downtime. Moreover, the operation of various countermeasures in the general case leads to different levels of residual damage;

- when calculating the residual damage, it is not taken into account that the damage resulting from the threat is a non-linear value in the general case that changes over time;

- the relationships between different countermeasures are not taken into account when the results of the functioning of one countermeasure can be used by other countermeasures;

- in the mentioned products only countermeasures that implement the risk management strategy “risk reduction” are taken into account, which may potentially not allow choosing the optimal set of countermeasures;

- the methods, models laid down in the basis of these products are limited and designed to optimize risks for information processing processes, not allowing comprehensive assessment of other types of activities;

- a constant estimated time of risk of 1 year does not allow to correctly assess the effectiveness of a set of countermeasures - for many countermeasures, annual operating costs are a significant characteristic, i.e. with an increase in the estimated time, the ratio between the cost of various countermeasures can change significantly.

In addition, a significant drawback of existing products of quantitative risk optimization, both domestic and foreign, is the lack of a mechanism for automatically selecting the most optimal set of countermeasures, i.e. the operator must choose a set of countermeasures for which the product (means) will calculate the level of residual risk. Moreover, even with 10 countermeasures, the number of possible combinations of countermeasures of 2 ¹⁰ actually does not allow you to check all these combinations manually, which obviously leads to the impossibility of choosing the most optimal protection option.

The disadvantages of methods with a qualitative risk assessment include:

- subjectivity - qualitative assessments depend on the opinions of experts and consultants, which may be incorrect, given the complexity of assessing all possible combinations of mutually affecting threats and countermeasures;

- non-formal assessment criteria, which could potentially lead to ambiguity, erroneous risk assessments;

- non-transparency of benefits - qualitative methods do not allow a specific assessment: how beneficial is the use of a complex of countermeasures and whether it is beneficial at all.

The well-known risk assessment and management system “GRIF” of LLC “Digital Security” [1]. The system relates to the field of analysis and risk management of the information system of companies. The GRIF system allows:

- analyze the level of security of valuable resources of the information system,

- assess the possible damage that the company will suffer as a result of the implementation of threats to information security;

- manage risks by choosing countermeasures that are optimal in terms of price / quality ratio.

This system contains the most advanced mathematical apparatus for assessing and managing risks from similar class inventions. Based on the set of essential features, the GRIF risk assessment and management system was adopted as a prototype.

The disadvantages of the GRIF system include the following:

- the scope of the prototype is limited to risk assessment in the field of information security, which are only part of the overall risk management problem, which also covers financial, insurance, commercial, credit, and production risks;

- when analyzing information security risks, the GRIF system takes into account threats only for three information properties (confidentiality, integrity and availability). At the same time, even in information systems, a greater number of types of threats are known, for example, threats in the implementation of which resources are used for other purposes and which are detrimental to activities (for example, employees use the Internet access service for other purposes);

- estimation of cost indicators of countermeasures in the “GRIF” system is carried out by indicating the value “Cost of implementation of countermeasures”. At the same time, it is known that each countermeasure requires expenses not only for implementation, but also for support, maintenance, and such fixed costs can significantly exceed the cost of implementation. In addition to the cost of implementation and the cost of maintenance, there are various countermeasures that require additional costs if used to protect against threats. For example, in the event of a cable break, the cost of calling a repair organization may be required;

- damage by the properties of confidentiality, integrity, accessibility in the GRIF system is introduced as a fixed value of possible costs in the event of a threat per year (for availability, costs per hour). At the same time, the damage after the threat is realized is generally non-linear. For example, a month after the threat of accessibility is realized, the company will incur significant losses related to the forfeit, and up to this point the amount of damage may be insignificant;

- the constant estimated time of risk set at 1 year in the complex does not allow us to correctly assess the effectiveness of the complex of countermeasures - for many countermeasures, annual operating costs are a significant characteristic, i.e. with an increase in the estimated time, the ratio between the cost of various countermeasures may change significantly;

- in the “GRIF” system a limited, predetermined number of countermeasures is used. However, it is known that, for example, two antivirus products from different manufacturers can have completely different levels of effectiveness. The impossibility of taking into account different levels of effectiveness of the same class of funds does not allow us to conclude that it is preferable (especially considering the possible difference in their cost). In addition, the system does not have many alternative countermeasures, for example, such a way of reducing damage as risk insurance;

- the residual risk is taken into account in the calculations, however, in the calculations it is also necessary to take into account the "residual damage" - the damage that may occur even if the countermeasure successfully responds to the threat. For example, if a countermeasure intercepts most of the attacks, then the residual risk will be low, however if at the same time it takes a long time to intercept each attack, during which a threat will act on the resources, for example, 1 hour, then for a critical resource this countermeasure will not be acceptable ;

- the system lacks the ability to account for the links between countermeasures. At the same time, this is an important characteristic of existing countermeasures, when, for example, an attack is detected by a set of protective equipment, possibly from different manufacturers, and the threat is neutralized by a set of protective equipment from other manufacturers. At the same time, the use of these funds separately does not reduce the damage from the threat;

- the system does not have a mechanism for automatically selecting the most optimal set of countermeasures, i.e. the operator must choose a set of countermeasures for which the system will calculate the level of risk. Moreover, if there are even 10 countermeasures, the number of possible combinations of countermeasures of 2 ¹⁰ actually does not allow you to check all these combinations manually, which, obviously, makes it impossible to choose the most optimal protection option;

- the system uses the abstract concepts of “coefficient of protection”, “effectiveness” of countermeasures, expressed in some numerical values, while the relationship between these values and the real effectiveness of countermeasures is not clear.

The technical result of the claimed invention are:

- automatic search for the most optimal solution that minimizes risk;

- multi-parameter system of minimizing risks;

- improving the accuracy of the calculation of parameters;

- expanding the scope of the risk minimization system;

- unification of the methods used to minimize risks used to minimize risks and dependencies between them.

The essence of the claimed invention lies in the fact that the risk minimization system contains:

- A means of storing the extent of the damage;

- unit for determining residual risk;

in addition, each means of storing the amount of damage is made with the possibility of storing the dependence of the amount of damage on the time elapsed since the violation of the nature of the entity. Moreover, the system further comprises:

- a means of storing the probabilities of violating the properties of entities by threats, configured to store, for each threat, with respect to each property of each entity, the probability that the implementation of the threat will violate the properties of the entity;

- A means of storing the predicted time of violation of the properties of entities in the event of threats;

- a means of storing dependencies between the functions of countermeasures. The tool is presented in the form of a directed graph. Each arc of the graph corresponds to one function of a countermeasure, and each node of the graph corresponds to the state of the type of activity, characterized by the degree of protection against one or more threats. In this case, the nodes of the graph are divided into initial, intermediate and target. The initial nodes do not contain arcs included in them. The set of initial nodes corresponds to the state of such a system of protection against risks, in which there are no countermeasures. Target nodes do not contain arcs emerging from them. Each target node corresponds to the state of the risk protection system, in which one or more threats are completely neutralized by countermeasures, the functions of which are in the graph the paths from one or more starting nodes to the target node. The intermediate nodes contain incoming and outgoing arcs and characterize the intermediate states of the risk protection system, which are the result of countermeasures of the functions whose arcs are included in these nodes;

- From the means of storing countermeasure indicators, made with the possibility of storing in the composition of the parameters for each countermeasure: the cost of the countermeasure, the values of the time taken to implement each countermeasure function, the probabilities that the countermeasure will not fulfill its function with respect to the threat determined for each countermeasure function in with respect to each threat that this function seeks to neutralize;

набора контрмер z, выполненный с возможностью определения стоимости набора контрмер как суммы стоимостей каждой контрмеры, входящей в набор. При этом информационные входы блока определения стоимости набора контрмер связаны с информационными выходами средств хранения показателей контрмер;- cost determination unit

a set of countermeasures z, configured to determine the cost of a set of countermeasures as the sum of the costs of each countermeasure included in the set. In this case, the information inputs of the block for determining the cost of a set of countermeasures are associated with the information outputs of the means of storing countermeasure indicators;

для набора контрмер z выполнен с возможностью определения остаточного риска как суммы по всем свойствам сущностей произведения размера ущерба от нарушения свойства сущности за время, равное прогнозируемому времени нарушения свойства сущности, на сумму по всем угрозам произведения вероятности того, что реализация угрозы приведет к нарушению свойства сущности, на вероятность того, что набор контрмер не сможет снизить ущерб при реализации угрозы. При этом информационные входы блока определения остаточного риска связаны с информационными выходами средств хранения размеров ущерба, средства хранения вероятностей нарушения свойств сущностей угрозами, средств хранения прогнозируемого времени нарушения свойств сущностей, средства хранения зависимостей между функциями контрмер, средств хранения показателей контрмер;- residual risk determination unit

for a set of countermeasures z, it is possible to determine the residual risk as the sum over all properties of the product of the amount of damage from the violation of the property of the entity for a time equal to the predicted time of the violation of the property of the entity, by the sum over all threats of the product of the probability that the threat will lead to a violation of the property of the entity , the likelihood that a set of countermeasures will not be able to reduce damage during the implementation of the threat. In this case, the information inputs of the residual risk determination unit are associated with the information outputs of means for storing damage sizes, means for storing probabilities of violation of the properties of entities by threats, means for storing the predicted time of violation of the properties of entities, means for storing dependencies between functions of countermeasures, means for storing countermeasure indicators;

для набора контрмер z, выполненный с возможностью определения остаточного ущерба как суммы по всем сущностям, всем свойствам сущностей и всем угрозам произведения следующих величин:- residual damage determination unit

for a set of countermeasures z, made with the possibility of determining residual damage as a sum over all entities, all properties of entities and all threats to the product of the following quantities:

a) the likelihood that the implementation of the threat will lead to a violation of the properties of the entity;

b) the mathematical expectation of the probability product of the probability that a specific path will work to neutralize the threat, by the sum of the amount of damage calculated for the time equal to the sum of the response times of all the countermeasure functions included in this path, and the total cost of implementing all the functions of countermeasures that are part of this path.

In this case, the information inputs of the residual damage determination unit are associated with the information outputs of the means of storing the amount of damage, the means of storing the probabilities of violating the properties of entities by threats, the means of storing dependencies between the functions of countermeasures, the means of storing countermeasure indicators;

минимальна. При этом информационные входы блока определения оптимального набора контрмер связаны с информационными выходами блоков определения стоимости набора контрмер, остаточного риска и остаточного ущерба, а управляющий выход блока определения оптимального набора контрмер связан с управляющими входами блоков определения стоимости набора контрмер, остаточного риска и остаточного ущерба;- block determining the optimal set of countermeasures, configured to determine a set of countermeasures z for which the value

is minimal. Moreover, the information inputs of the block for determining the optimal set of countermeasures are connected with the information outputs of the blocks for determining the cost of the set of countermeasures, residual risk and residual damage, and the control output of the block for determining the optimal set of countermeasures is connected with the control inputs of the blocks for determining the cost of the set of countermeasures, residual risk and residual damage;

- a means of outputting results, the input of which is connected with the information output of the unit for determining the optimal set of countermeasures.

Each means of storing the amount of damage can be made in the form of a set of registers that implements a one-dimensional array of damage sizes, the index of which is the time from violation of the property of the entity.

Each means of storing the amount of damage can be performed in the form of a storage unit having a time input and an information output of the amount of damage.

The means of storing the probabilities of violating the properties of entities by threats is expediently performed as a set of registers for storing a two-dimensional table of size B × A, with the first index in the table corresponding to the threat number and the second to the entity property number.

The tool for storing dependencies between the functions of countermeasures can be performed in the form of an array of sets of registers, in which each set of registers belongs to one arc of the graph and contains four registers for storage, respectively:

- numbers of the node from which the arc exits;

- numbers of the node into which the arc enters;

- countermeasure numbers;

- numbers of the countermeasure function that corresponds to the arc.

The risk minimization system is preferably performed in the form of a processor and memory, while the memory should contain data and software instructions executed by the processor for:

- receipt for each property of the entity of the amount of damage at a given point in time from the beginning of the violation of this property of the entity;

- receiving for each property of the entity in relation to each threat the probability that the implementation of the threat will lead to a violation of the property of the entity;

- receipt for each property of the entity of the predicted time of its violation in the event of threats to this property;

- obtaining lists of countermeasure functions such that each list corresponds to a path in the graph of the dependence of countermeasure functions between two given nodes;

- receipt for each countermeasure of its value;

- receiving for each function of each countermeasure the cost of its implementation to neutralize threats;

- receiving for each function of each countermeasure the time required to implement this function;

- receiving for each function of each countermeasure the probabilities that the function will not be performed in relation to each of the threats;

- generating sets of countermeasures;

- calculations based on the above-mentioned obtained values for each set of countermeasures, the cost of a set of countermeasures;

- calculations based on the above values obtained for each set of residual risk countermeasures;

- calculations based on the above values obtained for each set of countermeasures of residual damage;

- definition of a set of countermeasures for which the sum of value, residual risk and residual damage is minimal.

The inventive risk optimization system is illustrated by the following graphic materials. Figure 1 shows a diagram of a system of minimizing risks, figure 2, 3 - diagrams of examples of the dependency graph between the functions of countermeasures.

The inventive risk minimization system contains:

- A means of storage of damage 1;

- a means of storing probabilities of violation of the properties of entities by threats 2;

- A means of storing the predicted time of violation of the properties of entities 4 in the event of threats;

- a means of storing dependencies between the functions of countermeasures 5;

- C means of storage of countermeasures 6 indicators;

- unit for determining the cost of a set of countermeasures 7;

- a unit for determining residual risk for a set of countermeasures 8;

- a unit for determining residual damage to the set of countermeasures 9;

- block determining the optimal set of countermeasures 10;

- a means of outputting the results of the system 11.

Each of the storage means 1, 2, 4, 5, 6 is equipped with at least one information output.

The purpose of the structural elements of the risk optimization system and examples of their implementation will be indicated later in the description of the system.

The information outputs of the storage of indicators of countermeasures 6 are connected to the information inputs of the unit for determining the cost of a set of countermeasures 7.

The information outputs of the storage means 1, 2, 4, 5, 6 are connected to the information inputs of the residual risk determination unit 8.

The information outputs of the storage means 1, 2, 5, 6 are connected to the information inputs of the residual damage determination unit 9.

The information outputs of the unit for determining the cost of the set of countermeasures 7, the unit for determining the residual risk for the set of countermeasures 8, the unit for determining the residual damage for the set of countermeasures 9 are connected to the corresponding information inputs of the unit for determining the optimal set of countermeasures 10.

The control output of the unit for determining the optimal set of countermeasures 10 is connected to the control inputs of the unit for determining the cost of the set of countermeasures 7, the unit for determining the residual risk for the set of countermeasures 8 and the unit for determining the residual damage for the set of countermeasures 9.

The information output of the unit for determining the optimal set of countermeasures 10 is connected to the input of the means for outputting the results of the system 11.

The inventive system of minimizing risks works as follows.

Pre-enter information into the storage system. To do this, do the following.

1. Identify the maximum number of entities on which the effectiveness of the functioning of the considered type of activity depends. Further, O denotes the total number of entities.

2. Define the properties of entities. For each entity o (o = 1, ..., O), all possible properties are determined, the violation of which can potentially damage the efficiency of the activity in question. Further, U ^o denotes the number of properties of the entity o.

, который будет нанесен деятельности при нарушении каждого из свойств каждой сущности в отдельности в условиях отсутствия контрмер.3. Determine the expected amount of damage.

, which will be inflicted upon the violation of each of the properties of each entity individually in the absence of countermeasures.

Here o is the number of the entity, u is the number of the property of the entity, u = 1, ..., U ^o .

,The amount of damage in general is a function of time

,

where t is the time since the violation of property u of entity o.

The amount of damage is determined in monetary or conventional units. Damage can be determined in any way that gives an acceptable result for optimization purposes (analytical, statistical, etc.).

Each of the values of the amount of damage is recorded in a separate means of storage of the amount of damage 1. Moreover, the number A of storage means 1 is determined from the following expression:

Each means of storing the amount of damage 1 can be made in the form of a set of registers that implements a one-dimensional array of damage sizes, the index of which is the time from violation of the property of the entity.

Each means of storing the amount of damage 1 can be made in the form of a storage unit having a time input and an information output of the amount of damage. When a signal corresponding to time t from violation of an entity’s property is applied to the input time, a signal corresponding to the value of the damage size is generated at the information output of the damage size if time t has passed from violation of the entity’s property.

4. Identify threats that can violate the properties of entities and, accordingly, damage the efficiency of the functioning of the considered type of activity. Next, B indicates the total number of threats identified. Further in the text, the index denotes the threat number, y = 1, ... B.

того, что реализация угрозы y приведет к нарушению свойства и сущности о за период времени T.At the same time, for each threat y in relation to each property and each entity o determine the probability

the fact that the implementation of the threat y leads to a violation of the property and entity o over a period of time T.

Hereinafter in the text T is the period of time of existence of the type of activity for which risk minimization is performed.

далее в тексте упоминается как вероятность нарушения свойства сущности угрозой. Эта вероятность

может определяться любым доступным способом, в том числе могут использоваться следующие методы:Probability

further in the text it is referred to as the probability of violation of an entity’s property by a threat. This probability

can be determined in any way possible, including the following methods can be used:

- analytical, by calculating the values;

- statistical, through the application of statistics on the occurrence of threats in similar activities;

- expert, through the collection and processing of expert opinions in the subject area.

заносят в средство хранения вероятностей нарушения свойств сущностей угрозами 2. Указанное средство хранения 2 может быть выполнено в виде набора регистров для хранения двумерной таблицы размером B×A. Первый индекс в таблице соответствует номеру угрозы, а второй - номеру свойства сущности в системе. В каждом регистре хранится одно значение вероятности

The obtained values of the probabilities

recorded in the means of storing probabilities of violation of the properties of entities by threats 2. The specified means of storage 2 can be made in the form of a set of registers for storing a two-dimensional table of size B × A. The first index in the table corresponds to the threat number, and the second to the entity property number in the system. Each register contains one probability value

в промежутке времени T, в течение которого угрозы в случае своей реализации будут нарушать это свойство сущности при отсутствии контрмер.5. For each property u of entity o, the predicted time

in the time interval T, during which threats, if implemented, will violate this property of the entity in the absence of countermeasures.

, как и вероятность нарушения свойств сущностей угрозами

может определяться любым доступным способом, в том числе могут использоваться следующие методы:Indicated time

, as well as the probability of violation of the properties of entities by threats

can be determined in any way possible, including the following methods can be used:

- analytical, by calculating the values;

- statistical, through the application of statistics on the occurrence of threats in similar activities;

- expert, through the collection and processing of expert opinions in the subject area.

записывают в средства хранения прогнозируемого времени нарушения свойств сущностей 4. Каждое из указанных средств хранения 4 целесообразно выполнять в виде регистра данных.Found times

write to the means of storage of the predicted time violations of the properties of entities 4. Each of these means of storage 4 is advisable to perform in the form of a data register.

6. Determine possible countermeasures. At this stage, the maximum possible number of countermeasures (legal, financial, insurance, organizational, technical, organizational and technical and other measures and means) is identified that can allow at least one of the risk management strategies to be implemented in relation to the threats identified in stage 4 and applicable in with respect to the entities identified in stage 1.

Further, C denotes the total number of countermeasures identified.

7. For each countermeasure k, determine the functions f that this countermeasure performs to neutralize threats. Here f is the number of the function, f = 1, ..., F ^k ; F ^k is the number of functions of the countermeasure k.

8. The dependencies between the functions of the countermeasures are determined and recorded in the appropriate storage medium 5. The dependence between the functions of the countermeasures is presented in the form of a directed graph. Each arc of the graph corresponds to one function of a countermeasure.

Each node of the graph corresponds to the state of the type of activity, characterized by a varying degree of protection against one or more threats and resulting from the implementation of countermeasures of its functions. The nodes of the graph are divided into initial, intermediate and target.

The initial nodes do not contain arcs included in them. The set of initial nodes corresponds to the state of such a system of protecting the type of activity from risks, in which there are no countermeasures.

Target nodes do not contain arcs emerging from them. Each target node corresponds to the state of the system of protecting the type of activity from risks, in which one or more threats are completely neutralized by countermeasures, the functions of which are in the graph the paths from one or more starting nodes to the target node.

The intermediate nodes contain incoming and outgoing arcs and characterize the intermediate states of the activity protection system, which are the result of countermeasures of the functions whose arcs are included in these nodes.

, где m - порядковый номер дуги, соединяющей узлы i и j и направленной из узла i в узел j, m=1,…,M_ij. M_ij соответствует числу дуг, выходящих из узла i и входящих в узел j.Each arc of the dependency graph between countermeasure functions originating from node i and entering node j corresponds to a countermeasure function f. Such a function is denoted below.

, where m is the sequence number of the arc connecting nodes i and j and directed from node i to node j, m = 1, ..., M _ij . M _ij corresponds to the number of arcs leaving node i and entering node j.

The means of storing the dependencies between the countermeasure functions 5 for each triple of numbers {i, j, m} associates a pair of numbers {k, j}.

The tool for storing dependencies between the functions of countermeasures 5 can be made in the form of an array of sets of registers, in which each set of registers refers to one arc of the graph and contains four registers for storage:

- numbers of the node from which the arc exits;

- numbers of the node into which the arc enters;

- countermeasure numbers;

- numbers of the countermeasure function that corresponds to the arc.

9. Determine the performance of countermeasures. For each countermeasure k (k = 1, ..., C), the following indicators are determined:

;- cost of countermeasure

;

того, что контрмера k не выполнит свою функцию f в отношении угрозы y в случае ее реализации;- probability

the fact that countermeasure k does not fulfill its function f with respect to the threat y if implemented;

, необходимое на реализацию функции f контрмеры k, в течение которого угрозы наносят ущерб деятельности, нарушая свойства сущностей;- time

required to implement the function f of the countermeasure k, during which the threats damage the activity, violating the properties of the entities;

реализации функции f контрмеры k в случае ее использования для нейтрализации угрозы.- cost

the implementation of the countermeasure function f if used to neutralize the threat.

The parameter values are recorded in the countermeasure metric 6.

определяют как сумму следующих затрат:9.1. Countermeasure Cost

defined as the sum of the following costs:

- fixed costs for the operation of countermeasures;

- one-time costs, for example, for the implementation, application, installation, purchase of countermeasures;

- other possible types of fixed or one-time costs associated with the use of countermeasures.

и время

могут определяться любым доступным способом, в том числе могут использоваться следующие методы:9.2. Probability

and time

can be determined in any way possible, including the following methods can be used:

- analytical, by calculating probability values;

- statistical, through the use of statistics to prevent threats;

- practical, through testing the effectiveness of specific countermeasures;

- expert, through the collection and processing of expert opinions in the subject area regarding the magnitude of the probability of threats.

того, что контрмера k не выполнит свою функцию f в отношении угрозы у, определяется в отдельности для каждой функции f контрмеры в отношении каждой угрозы y, на нейтрализацию которой направлена эта функция f.Probability

the fact that the countermeasure k does not fulfill its function f with respect to the threat y, is determined separately for each function f of the countermeasure with respect to each threat y that this function f is aimed at neutralizing.

необходимое на реализацию функции f контрмеры k, определяется для каждой функции f контрмеры k.Time

necessary for the implementation of the function f of the countermeasure k is determined for each function f of the countermeasure k.

функций контрмер может определяться практически, аналитически либо иным другим способом, дающим приемлемый результат. Практическое определение стоимости реализации функции контрмеры может, например, заключаться в определении стоимости вызова ремонтной организации.9.3. Cost of sales

the functions of countermeasures can be determined practically, analytically or in any other way, giving an acceptable result. A practical determination of the cost of implementing the countermeasure function may, for example, be to determine the cost of calling a repair organization.

Entered information from storage facilities 1, 2, 4, 5, 6 is fed to the input of the following blocks:

- block for determining the cost of a set of countermeasures 7;

- a residual risk determination unit for a set of countermeasures 8;

- a residual damage determination unit for a set of countermeasures 9.

The control input of each of these blocks 7, 8, 9 receives information specifying a set of countermeasures z, the same for all three blocks 7-9. The specified information comes from the control output of the block determining the optimal set of countermeasures 10. Depending on the state of the control input, each of blocks 7-9 gives its output a parameter value characterizing the set of countermeasures z:

варианта системы защиты, представленного набором контрмер z;- the unit for determining the cost of a set of countermeasures 7 gives the value

a variant of the protection system represented by a set of countermeasures z;

варианта системы защиты;- residual risk determination unit 8 provides residual risk

protection system options;

варианта системы защиты.- the residual damage determination unit 9 provides residual damage

protection system options.

определяется как сумма стоимости каждой контрмеры, входящей в набор z.The cost of a set of countermeasures

defined as the sum of the cost of each countermeasure included in set z.

Here C _z is the number of countermeasures in the set z;

z is the number of a set of countermeasures, z = 1, ..., Q;

Q is the number of possible sets of countermeasures, Q = 2 ^C ;

- номер контрмеры, стоящей в наборе z в позиции х.

is the number of countermeasures in the set z at position x.

The residual risk of a protection system variant is determined from the following expression:

.

.

Here, the sum of the products of the probabilities is calculated as the sum of the joint events.

- вероятность того, что набор контрмер z (вариант системы защиты) не сможет снизить ущерб от угрозы y в случае ее реализации.

есть произведение вероятностей недостижения каждого из целевых узлов графа. Расчет

производится следующим образом.Here

- the likelihood that a set of countermeasures z (a variant of the protection system) will not be able to reduce the damage from the threat y if implemented.

is the product of the probabilities of failure to achieve each of the target nodes of the graph. Payment

produced as follows.

For each of the nodes of graph j, starting from the starting nodes, the probabilities of not reaching these nodes are calculated, that is, the probabilities that for any existing path from the starting node to node j there is at least one countermeasure function that will not be performed. In this case, only those arcs of the graph are considered that correspond to the functions of the considered set of countermeasures z. It is obvious that the probabilities of failure to reach the initial nodes are zero, and the probabilities of failure to reach the target nodes, which do not include any countermeasure function, are equal to one.

,

- вероятности недостижения соответственно узлов i и j в наборе контрмер z;Here

,

- the probability of failure to reach nodes i and j, respectively, in the set of countermeasures z;

означает все узлы i, для которых существуют функции f контрмеры k, входящей в набор z, такие, что соответствующие этим функциям дуги графа направлены из узла i в узел j;

means all nodes i for which there are functions f of countermeasure k included in the set z such that the arcs of the graph corresponding to these functions are directed from node i to node j;

- вероятность того, что контрмера к не выполнит свою функцию

в отношении угрозы y.

- the probability that the countermeasure to does not fulfill its function

in relation to the threat y.

как произведение вероятностей

для всех узлов, являющихся целевыми узлами.Then determine

as a product of probabilities

for all nodes that are target nodes.

The residual damage of a protection system variant is determined from the following expression:

- один из n путей нейтрализации угрозы y, характеризуемый маршрутом в графе зависимости между функциями контрмер из начального узла, характеризующего отсутствие контрмер в отношении угрозы y, в один из целевых узлов, характеризующий нейтрализацию угрозы y. n=1,…, N^z,y. N^z,y - количество путей нейтрализации угрозы у в наборе контрмер z;Here

- one of the n ways to neutralize the threat y, characterized by the route in the graph between the functions of countermeasures from the initial node characterizing the absence of countermeasures against the threat y, to one of the target nodes characterizing the neutralization of the threat y. n = 1, ..., N ^{z, y} . N ^{z, y} is the number of ways to neutralize the threat in the set of countermeasures z;

- сумма времен, необходимых на реализацию функций f, соответствующих дугам, входящим в маршрут

нейтрализации угрозы y;

- the sum of the times required to implement the functions f corresponding to the arcs included in the route

neutralize threat y;

- сумма стоимостей реализации функций f, соответствующих дугам, входящим в маршрут

нейтрализации угрозы y;

- the sum of the costs of the implementation of the functions f corresponding to the arcs included in the route

neutralize threat y;

- вероятность того, что для нейтрализации ущерба от угрозы сработает маршрут

, рассчитываемая по формуле

где сумма вероятностей рассчитывается как сумма совместных событий.

- the probability that the route will work to neutralize damage from the threat

calculated by the formula

where the sum of the probabilities is calculated as the sum of the joint events.

The values from the outputs of the unit for determining the cost of a set of countermeasures, the unit for determining the residual risk and the unit for determining the residual damage fall at the inputs of the unit for determining the optimal set of countermeasures.

. При этом частным случаем набора контрмер является, например, полное отсутствие контрмер. Вариант системы защиты, которому соответствует минимальное значение S_z, будет оптимальным с точки зрения минимизации рисков. Сведения об оптимальном варианте системы защиты с выхода блока определения оптимального набора контрмер поступают на средство вывода информации об оптимальном наборе контрмер. Туда же могут поступать сведения о промежуточных этапах работы системы оптимизации рисков и, в частности, текущие значения набора контрмер, его стоимости, остаточного риска и остаточного ущерба.To determine the optimal set of countermeasures, the corresponding block enumerates the options for organizing the protection system (generation of sets of countermeasures), determining the value for each variant

. In this case, a particular case of a set of countermeasures is, for example, the complete absence of countermeasures. A variant of the protection system, which corresponds to the minimum value of S _z , will be optimal from the point of view of minimizing risks. Information about the optimal version of the protection system from the output of the unit for determining the optimal set of countermeasures is sent to the means for outputting information about the optimal set of countermeasures. Information about the intermediate stages of the risk optimization system, and, in particular, the current values of the set of countermeasures, its cost, residual risk, and residual damage, may also be received there.

The generation of options for organizing a risk protection system can be done in an arbitrary way, for example:

- by exhaustive search of all possible options. This method makes it possible to search for the most optimal variant of a risk protection system, however, with a large number of countermeasures it requires significant machine time;

- by using any possible method for optimizing enumeration. This method also makes it possible to search for the most optimal variant of a risk protection system, but, possibly, with some error;

- by arbitrarily setting options, which makes it possible to verify the effectiveness of specific options for organizing a risk protection system.

An example of a system. The system can be implemented in the form of a computer system equipped with a processor and memory, and the memory contains data and software instructions executed by the processor, for:

- receipt for each property of the entity of the amount of damage at a given point in time from the beginning of the violation of this property of the entity;

- receiving for each property of the entity in relation to each threat the probability that the implementation of the threat will lead to a violation of the property of the entity;

- obtaining for each property of the entity the predicted time of its violation in the event of threats and the absence of countermeasures;

- obtaining lists of countermeasure functions such that each list corresponds to a path in the graph of the dependence of countermeasure functions between two given nodes;

- receipt for each countermeasure of its value;

- receiving for each function of each countermeasure the cost of its implementation to neutralize threats;

- receiving for each function of each countermeasure the time required to implement this function;

- receiving for each function of each countermeasure the probabilities that the function will not be performed in relation to each of the threats;

- generating sets of countermeasures;

- calculations based on the above-mentioned obtained values for each set of countermeasures, the cost of a set of countermeasures;

- calculations based on the above values obtained for each set of residual risk countermeasures;

- calculations based on the above values obtained for each set of countermeasures of residual damage;

- definition of a set of countermeasures for which the sum of value, residual risk and residual damage is minimal.

The operation of the risk minimization system is illustrated by the following illustrative example.

1. The following entities were identified:

Entity Number (o) Entity Name one Computer with valuable information 2 Bonus Data Paper

The number of entities O = 2

It is required to minimize the risk during the functioning of the type of activity for one year (T = 1 year).

2. For the identified entities, the properties, the violation of which can potentially damage the efficiency of functioning of the considered type of activity, are:

o Essence Property Number (u) Property Name one Computer with valuable information one Confidentiality of information 2 Information integrity 2 Bonus Data Paper one Confidentiality of information

The number of properties of the entity №1 U ¹ = 2

The number of properties of the entity No. 2 U ² = 1

, который будет нанесен деятельности при нарушении каждого из свойств каждой сущности в отдельности в условиях отсутствия контрмер, определен практически в нескольких временных точках с момента нарушения свойства сущности:3. Expected damage

, which will be applied to the activity in case of violation of each of the properties of each entity individually in the absence of countermeasures, is determined at almost several time points from the moment of violation of the property of the entity:

o Essence u Property Expected damage, thousand rubles T = 0 hour 1 hour 5 days 1 month 1 year one Computer with valuable information one Confidentiality of information 0 0 10 one hundred 1000 2 Information integrity 0 200 200 500 500 2 Bonus Data Paper one Confidentiality of information 500 500 500 500 500

If it is necessary to find the value of the expected amount of damage at an arbitrary point in time, approximation is carried out by known methods. The values of the expected amount of damage are recorded in the means of storage of the amount of damage 1.

4. The properties of entities can violate the following threats:

Threat Number (y) Threat Name one Computer theft 2 Fire 3 Document theft

The number of threats B = 3.

того, что реализация угрозы у приведет к нарушению свойства и сущности о за период времени T, определены на основе статистических данных и показаны в следующей таблице размером B×A:Probabilities

the fact that the implementation of the threat y will lead to a violation of the property and entity o for a period of time T, are determined on the basis of statistical data and are shown in the following table of size B × A:

Threat: y one 2 3 Property: {o, u} {eleven} 0.1 0 0 {12} 0 0.2 0 {2, 1} 0 0 0.1

, в течение которого угрозы в случае своей реализации будут нарушать эти свойства сущностей при отсутствии контрмер, равно одному году.5. For all the properties of entities, the expert method has established that the predicted time

during which threats, if implemented, will violate these properties of entities in the absence of countermeasures, is equal to one year.

6. The following countermeasures are identified:

Countermeasure Number (k) Name of countermeasure one Door Lock Installation 2 Automatic fire extinguishing installation (APT) 3 Safe purchase

The number of countermeasures C = 3

7. Countermeasure No. 1 “installation of a lock on a door” has one function - to prevent threats (f = 1) in relation to threats No. 1 “computer theft” and No. 3 “document theft”.

Countermeasure No. 2 “APT installation” performs two functions with respect to threat No. 2 “fire”:

- threat detection (f = 1);

- neutralization of the threat (f = 2).

Countermeasure No. 3 “purchase of a safe” has one function - to prevent a threat (f = 1) in relation to threat No. 3 “theft of a document”.

8. The directed graph of the relationship between the functions of countermeasures for this example is presented in figure 3. This graph is represented in storage medium 5 by the following correspondences {i, j, m} -> {k, f}:

- {1, 2, 1} -> {1, 1};

- {3, 4, 1} -> {1, 1};

- {3, 4, 2} -> {3, 1};

- {5, 6, 1} -> {2, 1};

- {6, 7, 1} -> {2, 2}.

9. The countermeasures indicators determined by experimental and calculation methods are reflected in the following table:

k

, тыс. руб.

, thousand roubles. y f

hours

, rub. one 2 one one 0.1 0 0 3 one 0.1 0 0 2 300 2 one 0.2 0.2 0 2 0.1 0.3 0 3 10 3 one 0.01 0 0

Enumeration of countermeasures by the unit for determining the optimal set of countermeasures 10 and the results of the calculation by blocks 7, 8, 9 of the values of three parameters are shown in the following table:

Z Countermeasures included in the set

, тыс. руб.

, thousand roubles.

, thousand roubles.

, thousand roubles. S _z , thousand rubles one 2 3 one - - - 0 250 0 250 2 - - + 10 200.5 0 210.5 3 - + - 300 178 21.6 499.6 four - + + 310 128.5 21.6 460.1 5 + - - 2 115 0 117 6 + - + 12 110.05 0 122.05 7 + + - 302 43 21.6 366.6 8 + + + 312 38.05 21.6 371.65

The lowest total cost is set at number 5 (z = 5). The composition of this set includes only one countermeasure - "Installing the lock on the door." Information about this set comes from the block for determining the optimal set of countermeasures 10 in the means of outputting the results of the system 11.

In the claimed invention, the claimed technical result “automatic search for the most optimal solution minimizing risk” is achieved due to the fact that the risk minimization system contains:

- A means of storing the extent of the damage;

- unit for determining residual risk;

wherein each means of storing the amount of damage is made with the possibility of storing the dependence of the amount of damage on the time elapsed since the violation of the essence of the entity, the system further comprises:

- a means of storing the probabilities of violating the properties of entities by threats, configured to store, for each threat, with respect to each property of each entity, the probability that the implementation of the threat will violate the properties of the entity;

- A means of storing the predicted time of violation of the properties of entities in the event of threats;

- a means of storing dependencies between the functions of countermeasures, presented in the form of a directed graph, in which each arc of the graph corresponds to one function of a countermeasure, and each node of the graph corresponds to the state of the activity, characterized by the degree of protection against one or more threats, while the nodes of the graph are divided to the initial, intermediate and target, initial nodes do not contain arcs included in them, the set of initial nodes corresponds to the state of such a system of protection against risks in which countermeasures are absent target nodes do not contain arcs emerging from them, and each target node corresponds to the state of the risk protection system, in which one or more threats are completely neutralized by countermeasures, the functions of which are in the graph paths from one or several initial nodes to the target node, intermediate the nodes contain incoming and outgoing arcs and characterize the intermediate states of the risk protection system that are the result of countermeasures of the functions whose arcs are included in these nodes;

- C means of storing countermeasure indicators made with the possibility of storing in the composition of the parameters for each countermeasure: the cost of the countermeasure, the values of the time spent on the implementation of each countermeasure function, the probabilities that the countermeasure will not fulfill its function with respect to the threat identified for each countermeasure function in with respect to each threat that this function seeks to neutralize;

набора контрмер z, выполненный с возможностью определения стоимости набора контрмер как суммы стоимостей каждой контрмеры, входящей в набор, при этом информационные входы блока определения стоимости набора контрмер связаны с информационными выходами средств хранения показателей контрмер;- cost determination unit

a set of countermeasures z, configured to determine the cost of a set of countermeasures as the sum of the costs of each countermeasure included in the set, while the information inputs of the unit for determining the cost of a set of countermeasures are associated with the information outputs of the means for storing countermeasure indicators;

для набора контрмер z выполнен с возможностью определения остаточного риска как суммы по всем свойствам сущностей произведения размера ущерба от нарушения свойства сущности за время, равное прогнозируемому времени нарушения свойства сущности, на сумму по всем угрозам произведения вероятности того, что реализация угрозы приведет к нарушению свойства сущности, на вероятность того, что набор контрмер не сможет снизить ущерб при реализации угрозы, при этом информационные входы блока определения остаточного риска связаны с информационными выходами средств хранения размеров ущерба, средства хранения вероятностей нарушения свойств сущностей угрозами, средств хранения прогнозируемого времени нарушения свойств сущностей, средства хранения зависимостей между функциями контрмер, средств хранения показателей контрмер;- residual risk determination unit

for a set of countermeasures z, it is possible to determine the residual risk as the sum over all properties of the product of the amount of damage from the violation of the property of the entity for a time equal to the predicted time of the violation of the property of the entity, by the sum over all threats of the product of the probability that the threat will lead to a violation of the property of the entity , the likelihood that a set of countermeasures will not be able to reduce damage during the implementation of the threat, while the information inputs of the residual risk determination unit are associated with the information output size storage means damage probability storage means of the desirable attributes of entities threats storage media predicted time of the desirable attributes of entities, tools storage dependencies between functions countermeasures storage media indicators countermeasures;

для набора контрмер z, выполненный с возможностью определения остаточного ущерба как суммы по всем сущностям, всем свойствам сущностей и всем угрозам произведения следующих величин:- residual damage determination unit

for a set of countermeasures z, made with the possibility of determining residual damage as a sum over all entities, all properties of entities and all threats to the product of the following quantities:

a) the likelihood that the implementation of the threat will lead to a violation of the properties of the entity;

b) the mathematical expectation of the probability product of the probability that a specific path will work to neutralize the threat by the sum of the damage calculated for the time equal to the sum of the response times of all the countermeasure functions included in this path, and the total cost of implementing all the functions of countermeasures that are part of this path,

wherein the information inputs of the residual damage determination unit are associated with the information outputs of the means for storing the amount of damage, the means for storing probabilities of violation of the properties of entities by threats, the means for storing dependencies between the functions of countermeasures, the means for storing countermeasure indicators;

минимальна, при этом информационные входы блока определения оптимального набора контрмер связаны с информационными выходами блоков определения стоимости набора контрмер, остаточного риска и остаточного ущерба, а управляющий выход блока определения оптимального набора контрмер связан с управляющими входами блоков определения стоимости набора контрмер, остаточного риска и остаточного ущерба;- block determining the optimal set of countermeasures, configured to determine a set of countermeasures z for which the value

while the information inputs of the block for determining the optimal set of countermeasures are connected with the information outputs of the blocks for determining the cost of the set of countermeasures, residual risk and residual damage, and the control output of the block for determining the optimal set of countermeasures is connected with the control inputs of the blocks for determining the cost of the set of countermeasures, residual risk and residual damage ;

- a means of outputting results, the input of which is connected with the information output of the unit for determining the optimal set of countermeasures. Thanks to such a technical solution of the claimed risk minimization system, it is possible to automatically generate sets of countermeasures, evaluate their parameters and select the most optimal set according to three given parameters: cost, residual risk and residual damage.

In the claimed invention, the claimed technical result "multi-parameter system of minimizing risks" is achieved due to the fact that the system contains:

- A means of storing the extent of the damage;

- unit for determining residual risk;

wherein each means of storing the amount of damage is made with the possibility of storing the dependence of the amount of damage on the time elapsed since the violation of the essence of the entity, the system further comprises:

- a means of storing the probabilities of violating the properties of entities by threats, configured to store, for each threat, with respect to each property of each entity, the probability that the implementation of the threat will violate the properties of the entity;

- A means of storing the predicted time of violation of the properties of entities in the event of threats;

- a means of storing dependencies between the functions of countermeasures, presented in the form of a directed graph, in which each arc of the graph corresponds to one function of a countermeasure, and each node of the graph corresponds to the state of the activity, characterized by the degree of protection against one or more threats, while the nodes of the graph are divided to the initial, intermediate and target, initial nodes do not contain arcs included in them, the set of initial nodes corresponds to the state of such a system of protection against risks in which countermeasures are absent target nodes do not contain arcs emerging from them, and each target node corresponds to the state of the risk protection system, in which one or more threats are completely neutralized by countermeasures, the functions of which are in the graph paths from one or several initial nodes to the target node, intermediate the nodes contain incoming and outgoing arcs and characterize the intermediate states of the risk protection system that are the result of countermeasures of the functions whose arcs are included in these nodes;

- C means of storing countermeasure indicators made with the possibility of storing in the composition of the parameters for each countermeasure: the cost of the countermeasure, the values of the time spent on the implementation of each countermeasure function, the probabilities that the countermeasure will not fulfill its function with respect to the threat identified for each countermeasure function in with respect to each threat that this function seeks to neutralize;

набора контрмер z, выполненный с возможностью определения стоимости набора контрмер как суммы стоимостей каждой контрмеры, входящей в набор, при этом информационные входы блока определения стоимости набора контрмер связаны с информационными выходами средств хранения показателей контрмер;- cost determination unit

a set of countermeasures z, configured to determine the cost of a set of countermeasures as the sum of the costs of each countermeasure included in the set, while the information inputs of the unit for determining the cost of a set of countermeasures are associated with the information outputs of the means for storing countermeasure indicators;

для набора контрмер z выполнен с возможностью определения остаточного риска как суммы по всем свойствам сущностей произведения размера ущерба от нарушения свойства сущности за время, равное прогнозируемому времени нарушения свойства сущности, на сумму по всем угрозам произведения вероятности того, что реализация угрозы приведет к нарушению свойства сущности, на вероятность того, что набор контрмер не сможет снизить ущерб при реализации угрозы, при этом информационные входы блока определения остаточного риска связаны с информационными выходами средств хранения размеров ущерба, средства хранения вероятностей нарушения свойств сущностей угрозами, средств хранения прогнозируемого времени нарушения свойств сущностей, средства хранения зависимостей между функциями контрмер, средств хранения показателей контрмер;- residual risk determination unit

for a set of countermeasures z, it is possible to determine the residual risk as the sum over all properties of the product of the amount of damage from the violation of the property of the entity for a time equal to the predicted time of the violation of the property of the entity, by the sum over all threats of the product of the probability that the threat will lead to a violation of the property of the entity , the likelihood that a set of countermeasures will not be able to reduce damage during the implementation of the threat, while the information inputs of the residual risk determination unit are associated with the information output size storage means damage probability storage means of the desirable attributes of entities threats storage media predicted time of the desirable attributes of entities, tools storage dependencies between functions countermeasures storage media indicators countermeasures;

для набора контрмер z, выполненный с возможностью определения остаточного ущерба как суммы по всем сущностям, всем свойствам сущностей и всем угрозам произведения следующих величин:- residual damage determination unit

for a set of countermeasures z, made with the possibility of determining residual damage as a sum over all entities, all properties of entities and all threats to the product of the following quantities:

a) the likelihood that the implementation of the threat will lead to a violation of the properties of the entity;

b) the mathematical expectation of the probability product of the probability that a specific path will work to neutralize the threat by the sum of the damage calculated for the time equal to the sum of the response times of all the countermeasure functions included in this path, and the total cost of implementing all the functions of countermeasures that are part of this path,

wherein the information inputs of the residual damage determination unit are associated with the information outputs of the means for storing the amount of damage, the means for storing probabilities of violation of the properties of entities by threats, the means for storing dependencies between the functions of countermeasures, the means for storing countermeasure indicators;

минимальна, при этом информационные входы блока определения оптимального набора контрмер связаны с информационными выходами блоков определения стоимости набора контрмер, остаточного риска и остаточного ущерба, а управляющий выход блока определения оптимального набора контрмер связан с управляющими входами блоков определения стоимости набора контрмер, остаточного риска и остаточного ущерба. Многопараметричность обусловлена обеспечением возможности одновременной оценки эффективности набора контрмер (системы защиты) по трем параметрам: стоимости, остаточного риска и остаточного ущерба.- block determining the optimal set of countermeasures, configured to determine a set of countermeasures z for which the value

while the information inputs of the block for determining the optimal set of countermeasures are connected with the information outputs of the blocks for determining the cost of the set of countermeasures, residual risk and residual damage, and the control output of the block for determining the optimal set of countermeasures is connected with the control inputs of the blocks for determining the cost of the set of countermeasures, residual risk and residual damage . Multiparametricity is due to the possibility of simultaneous assessment of the effectiveness of a set of countermeasures (protection systems) in three parameters: cost, residual risk and residual damage.

In the claimed invention, the claimed technical result "improving the accuracy of the calculation of parameters" is achieved due to the fact that:

- each means of storing the amount of damage is made with the possibility of storing the dependence of the amount of damage on the time elapsed since the violation of the essence of the entity;

- the system contains a means of storing the probabilities of violation of the properties of entities by threats, configured to store, for each threat with respect to each property of each entity, the probability that the implementation of the threat will violate the properties of the entity;

- the system contains A means of storing the predicted time of violation of the properties of entities in the event of threats;

- the system contains a means of storing dependencies between the functions of countermeasures, presented in the form of a directed graph, in which each arc of the graph corresponds to one function of a countermeasure, and each node of the graph corresponds to the state of the activity, characterized by the degree of protection against one or more threats, while the nodes the graphs are divided into initial, intermediate and target, the initial nodes do not contain arcs included in them, the set of initial nodes corresponds to the state of such a system of protection against risks, in which there are no countermeasures, the target nodes do not contain arcs emerging from them, and each target node corresponds to the state of the risk protection system in which one or more threats are completely neutralized by countermeasures, the functions of which are in the graph the paths from one or more starting nodes to the target node , the intermediate nodes contain incoming and outgoing arcs and characterize the intermediate states of the risk protection system, which are the result of countermeasures of the functions whose arcs are included in these nodes;

- the system contains C means for storing countermeasure indicators that can be stored as parameters for each countermeasure: the cost of the countermeasure, the values of the time taken to implement each countermeasure function, the probabilities that the countermeasure will not fulfill its function with respect to the threat defined for each function countermeasures against each threat that this function aims to neutralize;

набора контрмер z, выполненный с возможностью определения стоимости набора контрмер как суммы стоимостей каждой контрмеры, входящей в набор, при этом информационные входы блока определения стоимости набора контрмер связаны с информационными выходами средств хранения показателей контрмер;- the system contains a cost determination unit

a set of countermeasures z, configured to determine the cost of a set of countermeasures as the sum of the costs of each countermeasure included in the set, while the information inputs of the unit for determining the cost of a set of countermeasures are associated with the information outputs of the means for storing countermeasure indicators;

для набора контрмер z, выполненный с возможностью определения остаточного риска как суммы по всем свойствам сущностей произведения размера ущерба от нарушения свойства сущности за время, равное прогнозируемому времени нарушения свойства сущности, на сумму по всем угрозам произведения вероятности того, что реализация угрозы приведет к нарушению свойства сущности, на вероятность того, что набор контрмер не сможет снизить ущерб при реализации угрозы, при этом информационные входы блока определения остаточного риска связаны с информационными выходами средств хранения размеров ущерба, средства хранения вероятностей нарушения свойств сущностей угрозами, средств хранения прогнозируемого времени нарушения свойств сущностей, средства хранения зависимостей между функциями контрмер, средств хранения показателей контрмер;- the system contains a unit for determining residual risk

for a set of countermeasures z, made with the possibility of determining the residual risk as the sum over all properties of the product of the amount of damage from violation of the property of the entity for a time equal to the predicted time of violation of the property of the entity, by the sum over all threats of the product of the probability that the threat will lead to a violation of the property essence, the probability that a set of countermeasures will not be able to reduce damage during the implementation of the threat, while the information inputs of the residual risk determination unit are associated with information new outputs of means of storing the extent of damage, means of storing probabilities of violation of the properties of entities by threats, means of storing the predicted time of violation of the properties of entities, means of storing dependencies between the functions of countermeasures, means of storing indicators of countermeasures;

для набора контрмер z, выполненный с возможностью определения остаточного ущерба как суммы по всем сущностям, всем свойствам сущностей и всем угрозам произведения следующих величин:- the system contains a unit for determining residual damage

for a set of countermeasures z, made with the possibility of determining residual damage as a sum over all entities, all properties of entities and all threats to the product of the following quantities:

a) the likelihood that the implementation of the threat will lead to a violation of the properties of the entity;

b) the mathematical expectation of the probability product of the probability that a specific path will work to neutralize the threat by the sum of the damage calculated for the time equal to the sum of the response times of all the countermeasure functions included in this path, and the total cost of implementing all the functions of countermeasures that are part of this path,

the information inputs of the residual damage determination unit are associated with the information outputs of the means of storing the amount of damage, the means of storing the probabilities of violating the properties of entities by threats, the means of storing dependencies between the functions of countermeasures, the means of storing countermeasure indicators.

The implementation of the means of storing the amount of damage 1 with the possibility of storing the dependence of this size on time, which is observed in reality, increases the accuracy with which the residual damage of sets of countermeasures is determined. In addition, “increasing the accuracy of calculating the parameters” is achieved due to the fact that the system contains a means of storing 5 dependencies between the functions of countermeasures, as well as C means of storing 6 indicators of countermeasures, which allow taking into account the mutual influence of countermeasures, as well as features of the implementation of the functions of countermeasures (possible costs in the case of using functions, the time required to perform the function). Together, these factors lead to increased accuracy in quantifying the effectiveness of a set of countermeasures.

In the claimed invention, the claimed technical result "expanding the scope of the risk minimization system" is achieved due to the fact that:

- each means of storing the amount of damage is made with the possibility of storing the dependence of the amount of damage on the time elapsed since the violation of the essence of the entity;

- the system contains a means of storing the probabilities of violation of the properties of entities by threats, configured to store, for each threat with respect to each property of each entity, the probability that the implementation of the threat will violate the properties of the entity;

- the system contains the means of storage of the predicted time of violation of the properties of entities in the event of threats;

- the system contains a means of storing dependencies between the functions of countermeasures, presented in the form of a directed graph, in which each arc of the graph corresponds to one function of a countermeasure, and each node of the graph corresponds to the state of the activity, characterized by the degree of protection against one or more threats, while the nodes the graphs are divided into initial, intermediate and target, the initial nodes do not contain arcs included in them, the set of initial nodes corresponds to the state of such a system of protection against risks, in which there are no countermeasures, the target nodes do not contain arcs emerging from them, and each target node corresponds to the state of the risk protection system in which one or more threats are completely neutralized by countermeasures, the functions of which are in the graph the paths from one or more starting nodes to the target node , the intermediate nodes contain incoming and outgoing arcs and characterize the intermediate states of the risk protection system, which are the result of countermeasures of the functions whose arcs are included in these nodes;

- the system contains C means for storing countermeasure indicators that can be stored as parameters for each countermeasure: the cost of the countermeasure, the values of the time taken to implement each countermeasure function, the probabilities that the countermeasure will not fulfill its function with respect to the threat defined for each function countermeasures against each threat that this function aims to neutralize.

In the claimed invention, the claimed technical result “the unification of the methods used to minimize risks used to minimize risks and dependencies between them” is achieved due to the fact that:

- each means of storing the amount of damage is made with the possibility of storing the dependence of the amount of damage on the time elapsed since the violation of the essence of the entity;

- the system contains a means of storing the probabilities of violation of the properties of entities by threats, configured to store, for each threat with respect to each property of each entity, the probability that the implementation of the threat will violate the properties of the entity;

- the system contains A means of storing the predicted time of violation of the properties of entities in the event of threats;

- the system contains a means of storing dependencies between the functions of countermeasures, presented in the form of a directed graph, in which each arc of the graph corresponds to one function of a countermeasure, and each node of the graph corresponds to the state of the activity, characterized by the degree of protection against one or more threats, while the nodes the graphs are divided into initial, intermediate and target, the initial nodes do not contain arcs included in them, the set of initial nodes corresponds to the state of such a system of protection against risks, in which there are no countermeasures, the target nodes do not contain arcs emerging from them, and each target node corresponds to the state of the risk protection system in which one or more threats are completely neutralized by countermeasures, the functions of which are in the graph the paths from one or more starting nodes to the target node , the intermediate nodes contain incoming and outgoing arcs and characterize the intermediate states of the risk protection system, which are the result of countermeasures of the functions whose arcs are included in these nodes;

- the system contains C means of storing countermeasure indicators made with the possibility of storing in the composition of the parameters for each countermeasure: the cost of the countermeasure, the values of the time spent on the implementation of each countermeasure function, the probabilities that the countermeasure will not fulfill its function with respect to the threat defined for each function countermeasures against each threat that this function aims to neutralize.

The unification of the methods used to minimize risks used to minimize risks and the dependencies between them is ensured mainly by the presence of 5 dependencies between the functions of countermeasures in the storage system, as well as the presence of 6 indicators of countermeasures with C storage facilities, which provide universal methods for describing the effectiveness of various countermeasures and their use in risk assessment.

Information sources

1. Internet resource http://www.dsec.ru. The documentation for the product “GRIF Risk Assessment and Management System” by Digital Security LLC is the closest analogue.

2. Internet resource http://www.riskwatch.com/.

3. Internet resource http://www.cramm.com.

4. Internet resource http://www.security-risk-analysis.com/riskcon.htm.

Claims (6)

1. A risk minimization system comprising
- A means of storing the amount of damage;
- unit for determining residual risk;
characterized in that each means of storing the amount of damage is made with the possibility of storing the dependence of the amount of damage on the time elapsed since the violation of the essence of the entity, the system further comprises:
- a means of storing the probabilities of violating the properties of entities by threats, configured to store, for each threat, with respect to each property of each entity, the probability that the implementation of the threat will violate the properties of the entity;
- A means of storing the predicted time of violation of the properties of entities in the event of threats;
- a means of storing dependencies between the functions of countermeasures, presented in the form of a directed graph, in which each arc of the graph corresponds to one function of a countermeasure, and each node of the graph corresponds to the state of the activity, characterized by the degree of protection against one or more threats, while the nodes of the graph are divided to the initial, intermediate and target, initial nodes do not contain arcs included in them, the set of initial nodes corresponds to the state of such a system of protection against risks in which countermeasures are absent target nodes do not contain arcs emerging from them, and each target node corresponds to the state of the risk protection system, in which one or more threats are completely neutralized by countermeasures, the functions of which are in the graph paths from one or several initial nodes to the target node, intermediate the nodes contain incoming and outgoing arcs and characterize the intermediate states of the risk protection system that are the result of countermeasures of the functions whose arcs are included in these nodes;
- From the means of storing countermeasure indicators made with the possibility of storing in the composition of the parameters for each countermeasure:
the cost of the countermeasure, the values of the time taken to implement each function of the countermeasure, the probabilities that the countermeasure will not fulfill its function with respect to the threat, determined for each function of the countermeasure with respect to each threat that this function is aimed at neutralizing;
- cost determination unit

a set of countermeasures z, configured to determine the cost of a set of countermeasures as the sum of the costs of each countermeasure included in the set, while the information inputs of the unit for determining the cost of a set of countermeasures are associated with the information outputs of the means for storing countermeasure indicators;
- residual risk determination unit

for a set of countermeasures z, it is possible to determine the residual risk as the sum over all properties of the product of the amount of damage from the violation of the property of the entity for a time equal to the predicted time of the violation of the property of the entity, by the sum over all threats of the product of the probability that the threat will lead to a violation of the property of the entity , the likelihood that a set of countermeasures will not be able to reduce damage during the implementation of the threat, while the information inputs of the residual risk determination unit are associated with the information output size storage means damage probability storage means of the desirable attributes of entities threats storage media predicted time of the desirable attributes of entities, tools storage dependencies between functions countermeasures storage media indicators countermeasures;
- residual damage determination unit

for a set of countermeasures z, made with the possibility of determining residual damage as a sum over all entities, all properties of entities and all threats to the product of the following quantities:
a) the likelihood that the implementation of the threat will lead to a violation of the properties of the entity;
b) the mathematical expectation of the probability product of the probability that a specific path will work to neutralize the threat by the sum of the damage calculated for the time equal to the sum of the response times of all the countermeasure functions included in this path, and the total cost of implementing all the functions of countermeasures that are part of this path,
wherein the information inputs of the residual damage determination unit are associated with the information outputs of the means for storing the amount of damage, the means for storing probabilities of violation of the properties of entities by threats, the means for storing dependencies between the functions of countermeasures, the means for storing countermeasure indicators;
- block determining the optimal set of countermeasures, configured to determine a set of countermeasures z for which the value

while the information inputs of the block for determining the optimal set of countermeasures are connected with the information outputs of the blocks for determining the cost of the set of countermeasures, residual risk and residual damage, and the control output of the block for determining the optimal set of countermeasures is connected with the control inputs of the blocks for determining the cost of the set of countermeasures, residual risk and residual damage ;
- a means of outputting results, the input of which is connected with the information output of the unit for determining the optimal set of countermeasures. 2. The system according to claim 1, characterized in that each means of storing the amount of damage is made in the form of a set of registers that implements a one-dimensional array of the size of the damage, the index of which is the time from violation of the property of the entity. 3. The system according to claim 1, characterized in that each means of storing the amount of damage is made in the form of a storage unit having a time input and an information output of the damage size. 4. The system according to claim 1, characterized in that the means of storing probabilities of violation of the properties of entities by threats is made in the form of a set of registers for storing a two-dimensional table of size B × A, with the first index in the table corresponding to the threat number and the second to the entity property number. 5. The system according to claim 1, characterized in that the means of storing the dependencies between the functions of countermeasures is made in the form of an array of sets of registers, in which each set of registers refers to one arc of the graph and contains four registers for storage, respectively:
- numbers of the node from which the arc exits;
- numbers of the node into which the arc enters;
- countermeasure numbers;
- numbers of the countermeasure function that corresponds to the arc. 6. The system according to claim 1, characterized in that it is made in the form of a processor and memory, wherein the memory contains data and software instructions executed by the processor for:
- receipt for each property of the entity of the amount of damage at a given point in time from the beginning of the violation of this property of the entity;
- receiving for each property of the entity in relation to each threat the probability that the implementation of the threat will lead to a violation of the property of the entity;
- receipt for each property of the entity of the predicted time of its violation in the event of threats to this property;
- obtaining lists of countermeasure functions such that each list corresponds to a path in the graph of the dependence of countermeasure functions between two given nodes;
- receipt for each countermeasure of its value;
- receiving for each function of each countermeasure the cost of its implementation to neutralize threats;
- receiving for each function of each countermeasure the time required to implement this function;
- receiving for each function of each countermeasure the probabilities that the function will not be performed in relation to each of the threats;
- generating sets of countermeasures;
- calculations based on the above-mentioned obtained values for each set of countermeasures, the cost of a set of countermeasures;
- calculations based on the above values obtained for each set of residual risk countermeasures;
- calculations based on the above values obtained for each set of countermeasures of residual damage;
- definition of a set of countermeasures for which the sum of value, residual risk and residual damage is minimal.

Images