Simulation modeling of organization's infosecurity dependence on field of activity

Introduction. The solution to the problem of efficiency improvement of the infosecurity system at the enterprise through early recognition of the essential factors affecting the level of information safety is defined. The work objective is to develop a simulation model that represents the effect of various factors caused by indicators of prospects of the selected area of the organization activity on the data protection system performance effect. Materials and Methods. The simulation model is implemented using the system dynamics equipment in the form of the streaming graph. It is proposed to use generalized expert assessments of the activity prospects as source data. The model applies three system levels that determine system state variables: level of efficiency of the data protection system, organization's budget on information security tools, and the quality assessment of the potential infringers of cybersecurity. Besides, additional parameters and variables of the developed model are introduced: value of the information processed in the organization; estimated number of security incidents; current costs for the information security system; and continuous budget on the cybersecurity system. Research Results. Vensim package is selected as a simulation environment. The modeling outcome analysis has shown that characteristics of the activity field and quality of the information circulating in the information system of the organization directly determine the interest of potential intruders that leads to the need for careful budgeting and adjustment of costs for the information security system. Thus, the implementability of the developed model for the assessment of the information safety level of the enterprises which operate in any area is shown. However, the involvement of experts in order to form assessments of indicators of prospects for eligible activity sectors of a particular organization and to conduct an audit on its protection system is required. Discussion and Conclusions. Implementation of the developed model simulations under various entry conditions and entrance data allows for the definition of the dynamic patterns of IT security, and support for decision-making by security specialists when planning expenses on information security and changes in organization security policy.