Industrial Automatic Control Systems and Controllers Annotation << Back Information Security Risk Management Model with an Increasing Amount of Damage A.Yu. Ermakova This article is devoted to the issues of security of information systems and, in particular, to the construction and study of the information security risk management model, which takes into account the accumulation of damage from incidents. It is assumed that at random discrete moments in the information system, incidents occur that lead to a violation of information security: computer attacks, malfunction, violation of operating rules, and the like. Every incident comes with damage. The set of possible options for the magnitude of damage in the event of incidents is determined. Information system protection tools react to incidents, and possible actions can be carried out according to several scenarios. One of the possible variants of the scenario consists in sequential comparison of the values of damage in the event of the next incident with the maximum allowable amount of damage. In the event that the amount of damage caused by the incident, regardless of other incidents, does not exceed the established limit, the system continues to work as usual. Otherwise, the security policy is adjusted, additional protective measures are introduced and other similar measures. In the second variant of the scenario, when incidents occur, the values of the corresponding damages are sequentially summed up and then the value of the sum is compared with the maximum allowable amount of damage. If, when the next incident occurs, the total damage does not exceed the maximum value, the information system continues to work in normal mode. Otherwise, similar to the first scenario, it is concluded that the system is insuffi ciently protected and the need to adjust the security policy, in particular, the introduction of additional protection measures. On the basis of the constructed models, a procedure for assessing the risk of information security breach is proposed and a probabilistic distribution of the time of safe operation of the information system is found. As an illustration of the proposed approach, experimental models of the number of unauthorized transactions with the accounts of legal entities and the number of unauthorized transactions using payment cards are constructed. These models are based on the analysis of real incidents and are built using previously developed forecasting methods in the form of a continuous approximating function. Keywords: risk management model; information security incidents; property damage to information assets; information system security; predicting incidents. DOI: 10.25791/asu.8.2021.1305 Pp. 48-55.