DEVELOPMENT OF A SUPPORT SYSTEM FOR MANAGING THE CYBER SECURITY

Context. In this paper the urgent problem of development of software of decision making support systems in information security is solved. Approach is based on a choice of rational options of response to events taking into account operational state-of-health data of a subject to protection. Objective. Goal of the research is developing a cyber-threats counterwork model using decision support system, choosing rational variants of reactions on the occurrences in cybersecurity, and taking into account current operational data. Method. The information object cyber security operational management system and the formation of the protection methods rational sets model which is based on a morphological approach is developed. It is proposed to find an optimal variant of the information security perimeter sets using an object function that maximizes the correlation of a consolidated figure of “information security” to consolidated figure “costs”. Results. A model for the operational management of cyber security-critical computer systems was developed. This model allows us to generate different variants of protection sets that are compliant with a computer system taking into account morphological matrices for each security perimeter prepared with the intelligent decision support system. It is proved that the use of the developed decision support systems can significantly reduce the costs planned for the complex means of cyber defense, as well as reduce the time to inform decision-makers on how to counter the identified information security incidents. Conclusions. Scientific novelty of research consists that the model of operational management of cyber security of an information objects and formation of a rational complex of security features based on morphological approach is for the first time offered. The practical value of the developed methods and instruments is that they allow: to reduce time of development of systems of cyber security, to increase efficiency of planning of rational modular composition of security features due to creation of information and software environment in case of design; to increase validity of the made decisions on operational and to organizational

INTRODUCTION It is impossible to imagine modern attitudes and perspectives of further ICS development in different fields of human activity without the increased attention of questions regarding IS and CS particularly because of the increasing number of CA and the destructive influence on IO. The rapid increase of incidents in the field of IS has shown that existing ISS, which are built on the basis of known threats and emerging attacks, are not always effective in cases of new CA which are created against the widespread enterprise information system, ACS in electronics, industry, transport, the banking system etc.
Goal of the research -developing a cyber-threats counterwork model using DSS, choosing rational variants of reactions on the occurrences in CS, and taking into account current operational IO data.

PROBLEM STATEMENT
Suppose that in the process of organizational and technical cyber security management of the CIIO, the protection methods rational sets model planning stage (information protection means) is considered as a process of sequential removal of uncertainty of ISS structure and composition. Thus, the planning of rational compatible software and hardware sets IPM is a consideration of alternatives AL: . Then the decision selection by the IDSS is regarded as forming a subset of the best options set S C S C ⊆ ′ . In the study, the problem of comparing sets of IPM options is examined using morphological matrix sets in terms of "information security" in the perimeter ISS CIIO and "costs" for l functional subsystem ISS, which operate in conditions of uncertainty, inconsistency and lack of knowledge about the state of the object which is protected.

REVIEW OF THE LITERATURE
The increasing number of IS and CS threats has given rise to the surge of research in the field of development of uncovering and preventing CA systems [1][2][3][4], and also DSS [5,6] and ES [7][8][9] in this field. Publication analysis [10,11], allows us to uncover the increasing popularity of ISS risk assessment automated methods [12] and program sets of IS and CS risk management [13]. It was mentioned in the works [14,15] that ISMS, in which intelligent technologies of cyberthreat identification and reacting to occurrences of IS breaches are realized, are products of private companies, and that a customer in general doesn't have any information about methods and models of leading effects forming in systems [16]. It is shown in the works [17][18][19][20] that it is appropriate to equip existing DSS and ES in field of IS (excluding tasks of cyber-security management) with functional models that allow us to increase efficiency of enumeration and investigation of illegitimate interferences to the work of ICS crimes.
In such a way, according to the disputes in publications [5,6,8,10,16,17], dedicated to the potential of using integrated DSS or ES in ISMS, the task of developing methods, models for using them in practice in intelligent support of ISS rational structure planning and the task of assessment and prediction of IS and CS risks became relevant.

MATERIALS AND METHODS
There is one main problem creating the CONTSdevelopment of the threat model [7,15,21], which is connected to the specification of a management object interaction -ISS IO with the environment. IDSS, which develops a threat model building method, is based on a qualified scheme of goal-oriented destructive influences on IS and CS IO [22][23][24]. A generalized architecture of ISMS and CS is offered according to the results of the control strategy in conditions of uncertainty analysis [4,15,24].
Level of safety is used in the capacity of an operated variable. The LS value depends on the maximum level of information urgency which is being updated according to recent changes in ICS. Models [4,15] consist of five perimeters for decentralized architecture of IO, fig. 1.
Mechanisms of IPR control are created in the circuit with organizational-technical control governing changing business applications, DA processing plans, infrastructure, and all the corresponding requests to the information safety level. The circuit contains: IDSS in regards to choosing a security strategy and a system of safety level assessment. Managing influence in the circuit is realized by the staff of the IS department. The task of ISMC rational structure choice for IO is made according to the following criteria [4,9,7,15]: minimum probability of achieving goals by an attacker; minimum of IO losses should the attacker's goals be achieved; maximum probability of successful ISMC counteraction to the actions of an attacker; minimum "costrisk" integrated index value [4,9].
Quantity assessment of IO safety can be found the following way: Quantity of insider and external CA against IO are given in the form of tuples: It is proven in works [4,10,12,20] that the only effective way to identify an attack is in the analysis of a combination of unusual events. That is why in IDSS, an attack spreading WCA possible ways, quantity is compared to a quantity of a b action is a attack is assessed with the indicators quantity which reacted against the attack spreading method. Crossing ) ( τ i а p determines an indicators set. We get the following expression: In conditions when the status of the information environment is unknown, the threat counteraction model is enabled in IDSS, which has an opportunity to choose a controlling influence that better corresponds to the management object status. A process of choosing an optimal safety events reaction variant are given in a form of a tuple: Safety events [4,6,9] . An alternative advantages evaluation with a damage assessment model is taking into account that the IS events reaction variants choice is made in conditions of a potential CA: no harm, losses for a certain user, losses for a group of users, loss for all ICS from attack realization.
Define a function with which we choose an optimal reaction variant: The probability ij p of getting every j-result choosing every i-reaction variant is determined the following way: ( ) CA rat P RO is determined this way: An IS OM intelligent support subsystem contains: a fuzzy inference mechanism for CA probability numeric evaluation; organized structure information about knowledge database events; threat recognition and counteraction models [4,5,9]; algorithm for making a decision regarding choosing an optimal safety events reaction variant [8].
During the organizational-technical management process, the stage of planning of storage for information security tools, and the process of gradual removal of uncertainty about the structure and the storage of information security tools in the information security system is being considered. The process of planning PL rational sets MIP is described with the formula: With the help of the system for intelligent support, the process of choosing optimal variant of MIP setup for perimeters of CS is considered as the formation of a subrange for the best variants of setup The range of the setup variants is described as For the choice of the optimal variant of CS tools the objective function OF is used: The population of data, which make it possible to compare variants of setups, includes two sub-ranges: Usage a morphological approach, the model of decision making regarding the choice of the optimal variant of CS tools, is presented in the form of the sequence: The starting data for the synthesis of variants of CS tools sets: The choice of the rational variants of information security tools setups is realized on the basis of experts' knowledge in the field of CS. The process of formation of a rational structure of information security tools is divided into five stages The criteria of the quality of information "security" indicator is divided into two groups: the indicators of the effectiveness of the operative methods of the security and the indicators of the functional fitness.

EXPERIMENTS
The software package ("Decision Support System of Management protection of information -DMSSCIS") was developed for check of working capacity and practical applicability of the offered model of operational management of cyber security [4,15]. In the course of the experimental p-ISSN 1607-3274. Радіоелектроніка, інформатика, управління. 2017. № 2 e-ISSN 2313-688X. Radio Electronics, Computer Science, Control. 2017. № 2 check of SP reaction options ( i RO ) decision making support systems on different classes of CA for the current parameters of probability of implementation of the attack of a P were researched. Also sets of instruments of information protection S C S C ⊆ ′ for the purpose of a choice of rational option were researched. Restrictions on the cost of a set are accepted and minimum probabilities of successful implementation attacking all are more whole than CA for the selected set. DMSSCIS was also used in the modernization of existing information security systems in data centers of transport companies in Dnipro (2014) and several industrial enterprises in Kyiv.

RESULTS
On the software "DMSSCIS", that particular selection method implemented an efficient option for responding to security events. The results are shown in Table 1.
During the research the possibility was taken into account of an attack that implements remote intrusion through the perimeter, the availability of internal and external users, and abusers that have high privileges and violate the safety of information. After the formation of efficient information security in enterprises which took part in the study, with the help of intelligent decision support "DMSSCIS" the predicted value was Р а =1,78-1,91% risk that there was an average value of 5,9-6,2 times less risk to information security systems compared to before.
The amount of expenditure by the organization on information security for critical nodes of information objects order from 5200-5500 $. The likelihood of the offender achieving all their goals is 10 -2 . The increase in appropriations for the organization of information security above a certain level (above 13,000 $.) is inappropriate because it does not lead to a significant increase in the efficiency of information security.
During the research it was shown that the implementation of the intelligent decision support "DMSSCIS" allows an increased level of automation and centralized monitoring of CS facility and reduces the time to inform those responsible for information security incidents by 6,9-7,2 times.

DISCUSSION
The approach of building a comprehensive information security system for the information object makes it possible to reduce the cost of data protection by 32-35% compared to alternative methods [6-9, 12, 13]. A certain lack of intelligent systems of decision support of "DMSSCIS", required the involvement in the initial study of several independent experts to build membership functions of production and assembly rules. At the current stage of research for this instrument, the fuzzy logic Fuzzy Toolbox (Matlab) was employed, which calculated "security information" MIP parameters for everyone involved in perimeter protection.
Overall, based on the studies, we can ascertain the effectiveness of the proposed models and software for information security management (information systems and automated control system) in examined enterprises.

CONCLUSIONS
In this paper the urgent problem of development of software of decision making support systems in CS of OI.
Scientific novelty of research consists that the model of operational management of CS of an OI and formation of a rational complex of security features based on morphological approach is for the first time offered. Unlike existing solutions, the model prepared on the basis of intelligent decision support, a morphological matrix for each facility's perimeters of information protection, and can generate a set of options for remedies which take into account the compatibility of software and hardware. The choice of the optimal option set for that perimeter protection of information, implements an objective function that maximizes the ratio of the sum "security information" to the total rate "cost". It provides a range of remedies for a given class of certified security, and satisfies the requirements for eligible costs for implementation of CS.
The practical value of the developed methods and instruments is that they allow: to reduce time of development of systems of CS, to increase efficiency of planning of rational modular composition of security features due to creation of information and software environment in case of design; to increase validity of the made decisions on operational and to organizational technical control by protection. By using the developed system of intelligent decision support, networks of enterprises using DMSSCIS reduced the projected cost of the planned system of protection to 35 %. Further development of this work may be improving the interaction of traditional mechanisms of information security IO, which, in particular, are working on primary information system modules and intelligent decision support "DMSSCIS".