Economic and mathematical models of information risk management in telecommunications

The paper describes principles of information risk management in conditional access systems (CAS). The purpose of models is to justify the economical choice of options for an information system to counter attacks, which in turn is a set of measures to counter attacks. The criteria and limitations of models used hacking probability values and customer service violation for a certain time interval the total value of the average annual cost of ownership of information security system. A set ofprinciples of building models is proposed. Specific principles of building models are: the adequacy of the model parameters to features of information risk management in CAS; selection of the time interval corresponding to the probability of not accounting for more than one attack; classification of attacks on the basis of uniformity that allows to set a clear choice to counter different kinds of attacks; the one-time cost of a protective action; its reuse to counter different kinds of attacks. Proposed three models of constrained optimization and one of unconstrained optimization system of protection against information attacks, which are a model of linear programming with binary variables. The model of constrained optimization of total average annual cost of ownership of information risk management system requires a limitation on the probability of occurrence of risk events associated with hacking a CAS and probability of violation of customer service during the selected time interval. On the basis of this model two opposite of the optimization problem are proposed in which the criteria and constraints are reversed. The unconstrained optimization model has no conditions for compliance with acceptable probability of occurrence of risk events associated with hacking and violation of customer service. Instead of these conditions values of the expectations of average annual costs in the event of risk events are added to the objective function of minimization of average annual ownership cost of control system. The proposed models can be solved with the help of a number of known mathematical software packages such as MATLAB.