Russian Federation
employee from 01.01.2026 until now
Russian Federation
MIREA – Russian technological university (applied mathematics, professor)
Russian Federation
The article considers the problem of forming a security index for information systems as a tool for assessing the current state of information protection. The relevance of the study is determined by the need to move from partial control and monitoring results to a unified integral quantitative assessment. A mathematical model of the index is proposed. The model includes a basic integral assessment of the security state and a corrective coefficient that takes into account an integral residual risk indicator. The basic part is constructed using a weighted geometric mean of partial criteria reflecting key areas of protection: threat identification and vulnerability management, configuration and update control, access management, information security monitoring, security-level control results, and the ability of the system to restore significant functions. The residual risk indicator characterizes factors that continue to have a negative impact on the state of information protection after the basic security characteristics have been taken into account. The novelty of the study lies in the formalization of the procedure for calculating the security index of automated information systems in the form of an analytical model that takes into account both the level of implementation of protection processes and the impact of residual risk. The practical significance lies in the possibility of applying the approach to internal security control, analysis of system dynamics, managerial decision-making, and automated calculation of the index.
information security, information system, security, security index, security-level control, vulnerability management, information security monitoring, access management
1. Stupina A.A., Zolotarev A.V. Sravnitel'nyj analiz metodov resheniya zadachi ocenki zashchishchennosti avtomatizirovannyh sistem // Vestnik SibGAU. 2012. № 4 (44). S. 56–61.
2. Borzenkova S.Yu., Kazarina E.E. Analiz metodov ocenki urovnya zashchishchennosti informacionnyh sistem v processe ih ekspluatacii // Izvestiya Tul'skogo gosudarstvennogo universiteta. Tekhnicheskie nauki. 2020. № 5. S. 93–97.
3. Metodika ocenivaniya zashchishchennosti na osnove semanticheskoj modeli metrik i dannyh / E.V. Dojnikova [i dr.] // Voprosy kiberbezopasnosti. 2021. № 1 (41). S. 29–40. DOI:https://doi.org/10.21681/2311-3456-2021-1-29-40
4. Aleksandrov A.V., Veligura A.V., Sokolova Ya.V. Metodika kompleksnoj ocenki sostoyaniya informacionnoj bezopasnosti predpriyatiya // Ekonomicheskij vektor. 2016. № 2 (5). S. 104–112.
5. Komarov V.V., Bujnevich M.V. Ocenka i monitoring zashchishchennosti informacionnyh resursov kak neshtatnaya situaciya // Informacionnye tekhnologii i telekommunikacii. 2023. T. 11. № 4. S. 1–14. DOI:https://doi.org/10.31854/2307-1303-2023-11-4-1-14
6. Model' ocenki effektivnosti sistem zashchity informacii / E.S. Mityakov [i dr.] // Bezopasnost' informacionnyh tekhnologij. 2024. T. 31. № 4. S. 56–66. DOI:https://doi.org/10.26583/bit.2024.4.03
7. Barabanov R., Kowalski S., Yngström L. Information Security Metrics: State of the P. DSV Report Series. № 11-007. Stockholm: Stockholm University, 2011. 62 p.
8. Trček D. Security Metrics Foundations for Computer Security // The Computer Journal. 2010. Vol. 53. № 7. P. 1106–1112. DOI:https://doi.org/10.1093/comjnl/bxp094
9. Chakraborty A., Sengupta A., Mazumdar C. A Formal Approach to Information Security Metrics // 2012 Third International Conference on Emerging Applications of Information Technology (EAIT). IEEE, 2012. P. 439–442.
10. Philippou E., Frey S., Rashid A. Contextualising and Aligning Security Metrics and Business Objectives: a GQM-based Methodology // Computers & Security. 2020. Vol. 88. P. 101634. DOI:https://doi.org/10.1016/j.cose.2019.101634
11. Diesch R., Krcmar H. SoK: Linking Information Security Metrics to Management Success Factors // Proceedings of the 15th International Conference on Availability, Reliability and Security (ARES 2020). 2020. DOI:https://doi.org/10.1145/3407023.3407059
12. Metrics for Cyber-Physical Security: a Call to Action / G. Gori [et al.] // 2022 International Symposium on Networks, Computers and Communications (ISNCC). IEEE, 2022. P. 1–4. DOI:https://doi.org/10.1109/ISNCC55209.2022.9851735
13. A Systematic Analysis of Security Metrics for Industrial Cyber–Physical Systems / G. Gori [et al.] // Electronics. 2024. Vol. 13. № 7. P. 1208. DOI:https://doi.org/10.3390/electronics13071208




