Information Security Resource Management Strategy to Maximize the Financial Profit of the Company

Abstract

The article considers the problem of choosing a financial resource management strategy in order to ensure an effective information security system in a commercial organization. The effectiveness of the information security system implies the stable operation of the company's information assets and, consequently, maximization of the total profit generated by the company as a whole. The total profit of the organization directly depends on the stable operation of information systems, which in turn is ensured by the implementation of information security tools and, accordingly, depends on the schedule of implementation of these tools in groups of information assets. The mathematical model of the problem is reduced to a discrete optimization problem - a modified assignment problem. Algorithms and methods for solving the classical assignment problem are not applicable to it. As a rule, they are used after the end of assignments (here, the "implementation period"), when the weight matrix for the assignment problem becomes completely known. Their application allows us to evaluate the heuristic strategy used (the option of the selected sequence of ensuring the protection of information assets) by comparing the values of the objective functions. When solving the problem, nontrivial transformations of both the weight matrix and the objective function of the original mathematical model are made to obtain an estimate. The considered problem and the proposed mathematical model can be input information when implementing a decision support system in the field of corporate security. Software has been written that widely varies the initial data, which allows for the virtual application and evaluation of various heuristic strategies. Modeling of the situation has shown that in practice it is acceptable to use a greedy strategy as a heuristic.