APPLICATION OF THE MATHEMATICAL CATASTROPHE THEORY TO ENSURE THE STABILITY OF THE INFORMATION SECURITY MANAGEMENT SYSTEM
DOI:
https://doi.org/10.28925/2663-4023.2024.26.692Keywords:
Information security management system (ISMS); catastrophe theory; “Butterfly” type of catastrophe ; cyber incident; Python; gradient descent; differential equation.Abstract
The Information Security Management System is an important element in preventing possible threats and failures, exposure to various internal and external factors, which could lead to irreversible consequences. Predicting the impact of various types of incidents allows to ensure the stability and balance of complex dynamic systems, their confidentiality, integrity and availability. The resilience of the information security management system to different types of cyber incidents has been researched. Mathematical Catastrophe theory has been applied to model the dynamics of the information system. Different types of catastrophes that depend on the number of influencing parameters on the dynamic system were analyzed and investigated. The main types of incidents for research have been identified based on the report of detected cyber incidents in the period 2022–2024. It was analyzed the list of categories of cyber incidents, which is constantly updated taking into account the appearance of new types, and also includes a description of these incidents and their impact on the information system. The “Butterfly” type of catastrophe has been chosen to simulate the behavior of dynamic systems in crisis situations, assess the degree of system stability, and identify critical points where the system is particularly vulnerable to external or internal disruptive influences. Equilibrium points, bifurcation points, and a risk zone have been identified on the system’s equilibrium plane, which is critically important and sensitive to disturbances, corresponding to information system failures of dangerous or chaotic types under the influence of certain types of cyber incidents. Python and some libraries (such as Numpy, Pandas etc) have been used for calculations and visualization. The 3D graphs show the dependence of the dynamic system’s equilibrium state on the parameters of the impact of each type of incident.This allows to identify possible failures of the information system and optimize the operation of the information security management system to prevent catastrophes.
Downloads
References
Shevchenko, S., Zhdanovа, Y., Spasiteleva, S., Negodenko, O., Mazur, N., & Kravchuk, K. (2019). Mathematical methods in cyber security: fractals and their applications in information and cyber security. Electronic Professional Scientific Journal «Cybersecurity: Education, Science, Technique», 1(5), 31–39. https://doi.org/10.28925/2663-4023.2019.5.3139
Shevchenko, S., Zhdanovа, Y., Skladannyi, P., & Spasiteleva, S. (2021). Mathematical methods in cibernetic security: graphs and their application in information and cybernetic security. Electronic Professional Scientific Journal «Cybersecurity: Education, Science, Technique», 1(13), 133–144. https://doi.org/10.28925/2663-4023.2021.13.133144
Negodenko, O., Shevchenko, S., Trintina, N., Astapenya, V., & Tereshchenko, O. (2021). Problematic Issues of Approximation and Interpolation in Signal Processing in Secure Information Systems. In: Cybersecurity Providing in Information and Telecommunication Systems, vol. 3187(1), 276–283.
Shevchenko, S., Skladannyi, P., Nehodenko, O., & Nehodenko, V. (2022). Study of applied aspects of conflict theory in security systems. Electronic Professional Scientific Journal «Cybersecurity: Education, Science, Technique», 2(18), 150–162. https://doi.org/10.28925/2663-4023.2022.18.150162
Lysenko, N. O., Mazurenko, V. B,. Fedorovych, A. I., Astakhov, D. S., & Statsenko, V. I. (2021). Overview of mathematical methods in cyber threat detection and prevention systems. Actual problems of automation and information technologies, 25, 91–102
Arnold, V. I., Davydov, A. A., Vassiliev, V. A., & Zakalyukin, V. M. (2006). Mathematical Models of Catastrophes. Control of Catastrophic Processes. Encyclopedia of Life Support Systems (EOLSS), EOLSS Publishers, Oxford.
Tom, R. (1977). Structural stability, catastrophe theory, and applied mathematics. SIAM Review, 19(2), 189–201.
Zeeman, E. C. (1976). Catastrophe theory. Scientifc American, 234(4), 65–83.
Negodenko, V. (2023). Investigation of information conflicts in the education system of the zsu with the help of simulation. Electronic Professional Scientific Journal «Cybersecurity: Education, Science, Technique», 4(20), 164–173. https://doi.org/10.28925/2663-4023.2023.20.164173
Shevchenko, S., Zhdanovа Y., & Spasiteleva, S. (2023). Mathematical methods in cybersecurity: catastrophe theory. Electronic Professional Scientific Journal «Cybersecurity: Education, Science, Technique», 3(19), 165–175. https://doi.org/10.28925/2663-4023.2023.19.165175
Alhidaifi, S. M., Asghar, M. R., & Ansari, I. S. (2024). Survey on Cyber Resilience: Key Strategies, Research Challenges, and Future Directions. ACM Computing Surveys, 56(8(196)), 1–48. https://doi.org/10.1145/3649218
LIST of categories of cyber incidents. (n. d.). https://cert.gov.ua/recommendation/16904
Bottou L. (2012). Stochastic Gradient Descent Tricks//Microsoft. Research. http://research.microsoft.com/pubs/192769/tricks-2012.pdf
Schneider, F. B. (2000). Enforceable Security Policies. ACM Transactions on Information and System Security (TISSEC), 2(4), 234–260.
Khalil H. K. (2002). Nonlinear systems. NJ.: Prentice Hall.
Hulak, H. M., Zhiltsov, O. B., Kyrychok, R. V., Korshun, N. V., & Skladannyi, P. M. (2024). Information and cyber security of the enterprise. Textbook. Lviv: Publisher Marchenko T. V.
Published
How to Cite
Issue
Section
License
Copyright (c) 2024 Віталій Негоденко
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
