Assessment of the uneven use of information resources in the business process circuit

Abstract

An approach is proposed for assessing the uneven use of information resources in the organization’s business processes. Formal representations of the organization’s business processes and security systems are presented, reflecting both business operations carried out in a certain sequence and information resources that ensure the implementation of the relevant business operations, the place of information resources in the general outline of business processes is indicated. The circuits of the security system business processes of and the business processes of the main object of modeling are considered, including both business processes for managing security and business processes for ensuring security management. The assessment of the non-uniform use of information resources in a business process scheme is based on the consistent construction of an information resource incidence matrix for individual business operations, a frequency relationship matrix reflecting the sharing of information resources, and a matrix of derivatives in a discrete formulation. The proposed approach is demonstrated on a conditional example containing both the notional costs of information resources and weighting factors of the importance of business operations that reflect their criticality in the general contour of business processes. Estimates obtained as a result of applying the approach make it possible to group information resources, focusing on the frequency of their joint use in the business processes, which ultimately makes it possible to justify the choice of information resources for protection against threats from cyber intruders.