Specification of Quality Indicators for Security Event and Incident Management in the Supply Chain

Authors

  • Igor V. Kotenko
  • Igor B. Parashchuk

DOI:

https://doi.org/10.47839/ijc.20.1.2088

Keywords:

cyber attacks, security event and incident management, decision support, quality indicator, Markov chain, difference stochastic equation

Abstract

The paper proposes an approach to a formalized description of the process of changing the values of quality indicators of decision support for managing security events and incidents in the supply chain. The approach is based on the analysis of the functioning processes of modern quality control systems for information security in supply chain. In addition, it is based on an analysis of decision support processes. We use controlled Markov chains, represented by difference stochastic equations. The considered version of the analytical description of the state change in dynamics allows one to formalize, structure, and mathematically describe the process of this class from a uniform perspective. It is important to note that with this representation of the dynamics of state transitions, the requirements for operativity (timeliness), reliability, secrecy and resource costs for supporting decision-making to control information security in the supply chain are taken into account.

References

A. Robinson, The Digital Supply Chain: The Landscape, Trends, Types and Application in Supply Chain Management, 2019, [Online]. Available at: https://cerasis.com/e-book-digital-supply-chain/

M. Alexander, P. Brody, J. Chadam, C. Cookson, J. Little, B. Meadows, Digital supply chain: It’s all about that data. 2016 EYGM Limited. EY’s Global Technology Sector. 2016, 16 p.

M. Moon, “Digital supply chains for English language learning”, Journal of Digital Asset Management, no. 4, pp. 2-4, 2008. https://doi.org/10.1057/dam.2008.8.

P. Farahani, C. Meier and J. Wilke, “Digital supply chain management agenda for the automotive supplier industry,” Shaping the Digital Enterprise. Springer. pp. 157-173, 2017. https://doi.org/10.1007/978-3-319-40967-2_8.

Industry 4.0: Global Digital Operations Study 2018, 2018. https://doi.org/10.1016/S1365-6937(18)30176-X.

Logistics Trend Radar 2018/19: Delivering Insights Today, Creating Value Tomorrow, 2018, [Online]. Available at: https://www.logistics.dhl/globalen/home/insights-and-innovation/insights/logistics-trendradar.html

Supply Chain 4.0 – the next-generation digital supply chain, 2019, [Online]. Available at: https://www.mckinsey.com/business-functions/operations/our-insights/supply-chain-40-the-next-generation-digital-supply-chain

V. Desnitsky, D. Levshun, A. Chechulin, I. Kotenko, “Design technique for secure embedded devices: Application for creation of integrated cyber-physical security system,” Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications, vol. 7(2), pp. 60-80, 2016.

Y. Sun, “Research on security issues and protection strategy of computer network,” The Open Automation and Control Systems Journal, no. 7, pp. 2097-2101, 2015. https://doi.org/10.2174/1874444301507012097.

P.L. Dordal, An Introduction to Computer Networks, Release 1.9.0, 2017, 745 p.

J.M. Kizza, Guide to Computer Network Security, 3rd Edition. Springer, New York, 2015, 545 p. https://doi.org/10.1007/978-1-4471-6654-2_1.

S. Watts, “Low-intensity computer network attack and self-defense,” International Law Studies, vol. 87. pp. 59-87, 2011.

S. Eckmann, G. Vigna, R. Kemmerer, “STATL: An attack language for state-based intrusion detection,” Journal of Computer Security, vol. 10(1/2), pp. 71-104, 2002. https://doi.org/10.3233/JCS-2002-101-204.

M. O’Leary, Cyber Operations: Building, Defending, and Attacking Modern Computer Networks, Apress, New-York, 2019, 1151 p. https://doi.org/10.1007/978-1-4842-4294-0.

A. Salmon, W. Levesque, M. McLafferty, Applied Network Security: Proven Tactics to Detect and Defend Against all Kinds of Network Attack, Packt Publishing, Birmingham, 2017, 336 p.

I. Kotenko, A. Chechulin, “Computer attack modeling and security evaluation based on attack graphs”, Proceedings of the 2013 IEEE 7th International Conference on Intelligent Data Acquisition and Advanced Computing Systems (IDAACS’2013), Berlin, 12-14 September 2013, pp. 614-619. https://doi.org/10.1109/IDAACS.2013.6662998.

I.V. Kotenko, I.B. Parashchuk, “An approach to modeling the decision support process of the security event and incident management based on Markov chains,” Proceedings of the 9th IFAC/IFIP/IFORS/IISE/INFORMS Conference “Manufacturing Modelling, Management and Control” (MIM 2019). 28-30 August 2019, Berlin, Germany. IFAC-PapersOnLine. 2020.

T. Gh. Dobre, J. G. Sanchez Marcano, Chemical Engineering: Modelling, Simulation and Similitude, Wiley-VCH, Weinheim, 2007, 568 p. https://doi.org/10.1002/9783527611096.

A. Quarteroni, “Mathematical models in science and engineering,” Notices of the AMS, vol. 56, no. 1, pp. 9-19, 2009.

M. Stamp, Information Security Principles and Practice, San Jose State University, San Jose, 2005, 381 p.

M.S. Merkow, J. Breithaupt, Information Security: Principles and Practices, second ed., Indianapolis, 2014, 341 p.

I.A. Shuvalov, E.A. Semenchin, “Mathematical model of impact of threats on information system of processing of personal information,” Fundamental Research, no. 10, pp. 529-533, 2013.

A.I. Pereguda, D.A. Timashov, “Mathematical model of reliability of security information systems”, Information, no. 8, pp.10-17, 2009.

P.Y. Ryan, “Mathematical models of computer security,” in: R. Focardi and R. Gorrieri (Eds.): FOSAD 2000, LNCS 2171, 2001, pp. 1-62.

Security Trends & Vulnerabilities Review Corporate Information Systems, 2017, [Online]. Available at: https://www.ptsecurity.com/upload/corporate/ww-en/analytics/Corp-Vulne-rabilities-2017-eng.pdf.

A.V. Zadorskii, N.P. Romashkina, Information Security. Threats during Crisis and Conflicts of the XXI century, IMEMO, Moscow, 2016, 133 p. https://doi.org/10.20542/978-5-9535-0461-4.

V. Pham, C. Cid, Are we compromised? Modelling security assessment games. in: Decision and Game Theory for Security, Springer, 2012, pp. 234-247. https://doi.org/10.1007/978-3-642-34266-0_14.

C. Scheau, A. Arsene, G. Dinca, “Phishing and e-commerce: an information security management problem,” Journal of Defence Resources Management, vol. 7, No. 1(12), pр. 129-140, 2016.

L.J. La Padula, Secure Computer Systems: A Mathematical Model. in: MTR-2547, vol. 1, The MITRE Corporation, Bedford: Massachusetts, 1993, 33 p.

D.J. Higham, “An algorithmic introduction to numerical simulation of stochastic differential equations,” SIAM Review, vol. 43(3), pp. 525-546, 2001. https://doi.org/10.1137/S0036144500378302.

S. M. Iacus, Simulation and Inference for Stochastic Differential Equations, with R Examples, Springer Verlag, 2008, 214 p. https://doi.org/10.1007/978-0-387-75839-8.

S.N. Ethier, T.G. Kurtz, Markov processes, in: Wiley Series in Probability and Mathematical Statistics: Probability and Mathematical Statistics, John Wiley & Sons Inc., New York, 1986, pp. 214-234. https://doi.org/10.1002/9780470316658.

D. Bini, G. Latouche and B. Meini, Numerical Methods for Structured Markov Chains, in: Oxford University Press, New York, 2005, 215 p. https://doi.org/10.1093/acprof:oso/9780198527688.001.0001.

M. Rashidi, M. Ghodrat, B. Samali and M. Mohammadi, “Decision Support Systems, Management of Information Systems”, IntechOpen, 2018. https://doi.org/10.5772/intechopen.79390.

S.V. Belim, N.F. Bogachenko, Y.S. Rakitskiy, A.N. Kabanov, “Using the decision support algorithms combining different security policies,” Cryptography and Security, Cornell University, 2018, [Online]. Available at: https://arxiv.org/abs/1812.08030v1.

J.P. Shim, M. Warkentin, J.F. Courtney, D.J. R. Power, R. Sharda and C. Carlsson, “Past, present, and future of decision support technology,” Decision Support Systems, vol. 33(2), pp. 111-126, 2002. https://doi.org/10.1016/S0167-9236(01)00139-7.

S.N. Medvedev, K.A. Aksyonov, O.P. Aksyonova, “Application of a decision support system in an industrial enterprise”, IOP Conf. Series: Materials Science and Engineering, 709, article ID 044026, pp. 1-5, 2020. https://doi.org/10.1088/1757-899X/709/4/044026.

I.V. Kotenko, I.B. Parashchuk, “Synthesis of controlled parameters of cyber-physical-social systems for monitoring of security incidents in conditions of uncertainty,” IOP Conf. Series: Journal of Physics: Conference Series (JPCS), vol. 1069, no. 012153, pp. 1-6, 2018. https://doi.org/10.1088/1742-6596/1069/1/012153.

Downloads

Published

2021-03-29

How to Cite

Kotenko, I. V., & Parashchuk, I. B. (2021). Specification of Quality Indicators for Security Event and Incident Management in the Supply Chain. International Journal of Computing, 20(1), 22-30. https://doi.org/10.47839/ijc.20.1.2088

Issue

2021, Volume 20, Issue 1

Section

Articles

License

International Journal of Computing is an open access journal. Authors who publish with this journal agree to the following terms:
•    Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
•    Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
•    Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work.