OPERATIONAL CHARACTERISTICS OF INFORMATION SYSTEM SECURITY THREATS RISK

The paper deals with widely used methods for effectiveness evolution and information systems security tools development. Their general disadvantage that consists in not giving the possibility to consider security threats as information system operational characteristic is revealed. Therefore, an adequate information system model can’t be created, including secure information system like system with failure and recovery parameters, characterized by threats appearing and elimination during system operation. Also it doesn’t make it possible to identify appropriate relationship (including time ones), between threats and their exploited aggregates and doesn’t give the possibility to introduce quantitative measures of the threats relevance and attacks effectiveness (like system operational characteristic). Consequently, it doesn’t make it possible to estimate the level of information system operational security and security tools effectiveness. The principles of operational security theory are suggested, base operational parameters and characteristics are introduced, a method for operational characteristics of information system estimation is proposed, operational characteristics of risks for information system security threats and loss risks are stated.