ECONOMIC ASPECT OF MODELING INFORMATION SECURITY SYSTEMS USING MATHEMATICAL OPTIMIZATION METHODS
DOI:
https://doi.org/10.28925/2663-4023.2026.32.1101Keywords:
information security, information risks, mathematical model, information threat, effectiveness of the information security systemAbstract
In the context of rapid digitalization, the protection of information assets is becoming a priority, since the growing intensity of cyber threats requires the development of effective mechanisms to minimize potential losses. The paper considers possible approaches to determining the effectiveness and economic feasibility of creating information protection systems. The main components of a company's security policy and the role of senior managers in the organization of cybersecurity are analyzed. As the problem of information risk management becomes increasingly critical, this necessitates the search for strategies aimed at optimizing costs and reducing economic losses from destructive cyber impacts. The article also considers the features of external malicious influences and analyzes the motivation of attackers. The previously proposed mathematical model of maximizing the effectiveness of information protection tools with restrictions on the amount of costs is used and their economic justification is provided. The use of mathematical modeling transforms the decision-making process in the field of cyber security from intuitive to evidence-based. This allows us to justify investments in the information security system as a factor in increasing profitability through loss prevention, as well as to solve the problem of choosing the optimal set of protection tools in conditions of resource shortage. The mathematical model in this context acts as an objective tool for verifying the effectiveness of the system for countering current threats. The paper also analyzes new trends in the development of information security systems.
Downloads
References
UcedaVelez, T., & Morana, M. M. (2015). Risk-centric threat modeling: Process for attack simulation and threat analysis. John Wiley & Sons.
British Standards Institution. (2008). Information technology—Security techniques—Information security risk management (BS ISO/IEC 27005:2008).
International Organization for Standardization. (2005). ISO/IEC 27001:2005: Information technology—Security techniques—Information security management systems—Requirements. http://www.jtc1sc27.din.de/en
International Organization for Standardization. (2007). ISO/IEC 27002:2007: Information technology—Security techniques—Code of practice for information security management. http://www.jtc1sc27.din.de/en
Ksonzhyk, I., Zhovta, N., & Pavlina, A. (2021). Cybersecurity risk insurance of business entities in the modern information space. Economy and Society, 34. https://doi.org/10.32782/2524-0072/2021-34-90
Karpovych, I., Hladka, O., & Palamarchuk, A. (2025). Application of mathematical optimization methods to improve the efficiency of information security systems. Cybersecurity: Education, Science, Technique, 4(28), 198–205. https://doi.org/10.28925/2663-4023.2025.28.778
Karpovych, I. M., Hladka, O. M., & Kalashnikov, V. I. (2022). Modeling of information security risk analysis processes as a way to optimize costs. Scientific Notes of Taurida National V. I. Vernadsky University. Series: Technical Sciences, 33(72), 93–99. https://doi.org/10.32782/2663-5941/2022.5/13
National Institute of Standards and Technology. (2012). Guide for conducting risk assessments (NIST Special Publication 800-30 Rev. 1). https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-30r1.pdf
Parenty, T. J., & Domet, J. J. (2019). The leader’s guide to cybersecurity: Why boards need to lead—and how to do it. Harvard Business Review Press.
Arkhypov, O. Ye. (2011). Application of economic-motivational relationships for assessing probabilistic parameters of information risks. Information Protection, 2, 5–11.
Gartner, Inc. (2016). Gartner says many organizations falsely equate IT security spending with maturity. https://www.gartner.com/en/newsroom/press-releases/2016-12-09-gartner-says-many-organizations-falsely-equate-it-security-spending-with-maturity
Henein, N. (2025). Cybersecurity and AI: Enabling security while managing risk. Gartner. https://www.gartner.com/en/cybersecurity/topics/cybersecurity-and-ai
Published
How to Cite
Issue
Section
License
Copyright (c) 2026 Олена Гладка, Іван Карпович, Андрій Паламарчук
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
