n market today, uniting the narrow functional modules into a broader security coverage, lacks certain features that would make it an effective management tool.

.5 Mathematical model of IS

.5.1 General description of the ISS model

The author conducted the research [8] on the mathematical models of IS. The state of the information systems and information security systems was modelled as a semi-Markov process. Application of semi-Markov processes in development of the ISS was classified through the matrix of connections of elements. A conclusion was made about applicability of models, based on semi-Markov processes, in development and state description of the ISS for the increase of exactness of their efficiency estimation.of intense development and wide distribution of IT, the development of the ISS became important part of the information systems creation process. At the time of the research a problem of combating the newest threats (the so-called "zero-day attacks"). For the increase of the modelling efficiency in design of functioning and attack reactions of the information systems, the Semi-Markov processes can be applied.information security system (ISS) is a complex of legislative, organisational, technical and other measures and tools, providing the protection of important information from threats and loss channels in accordance with the stated requirements.has a special purpose which at formalised level acquires multidimensional character. The multidimensional (integral) task of information security requires the implementation of the system approach including the modelling of defence processes based on scientific methods.specific features of the solution for such a task are the following.

1.Presence of multiple criterions, related to the necessity of account of large number of individual indexes (requirements);

2.Incompleteness and vagueness of initial information;

.Impossibility to apply the classic optimization methods;

.Necessity of obtaining both qualitative and quantitative indexes of the information security system efficiency.system approach to information security is a way of thinking and analysis, in obedience to which the security system is examined as an aggregate of associate elements, having a common goal - to provide the information security. In case of purposeful interconnection of elements, ISS acquires specific properties, initially inherent to none of its components. Thus those properties of elements, which determine the degree of their co-operation and influence the system as a whole, have a primary value.a methodical point of view, determination of ISS efficiency consists in measuring the proper indexes and producing judgement about the accordance of certain methods and tools of defence to the set requirements and the purpose of ISS., the process of ISS creation is implied by establishing hard logical and functional connections between the heterogeneous security elements. Thus, the importance of properties of separate ISS elements decreases, and general system tasks are pulled out on the first plan. As practice shows, it is the quality of stated connections determines the efficiency of the security system as a whole.increase the ISS efficiency, it is possible to use the system approach to IS offered by V.V. Domariev in [2]. The approach determines the interconnections between concepts, definitions, principles, methods and mechanisms of security. The system approach is applicable not only in ISS development, but also on all the stages of the information systems life cycle. Thus all the tools, methods and measures, being in use for maintaining security are united into a single mechanism.of IS, used in the system approach is separated on three groups of elements: bases (what consists of), directions (what is intended for), stages (how works). The relations between the components are presented as a matrix of knowledge (presented in fig. 1.6), where the contents of every element describes the interconnection of constituents.

Fig. 1.6. The numeration of elements in the Matrix of knowledge

1.5.2 Semi-Markov process definition

The work [14] is devoted to the mathematical description of semi-Markov process. A semi-Markov process is a Markovian process with random transition intervals, thus being Markovian only at the transition instants. Describing a semi-Markov process with N states, it is needed to specify N2 transition probabilities pij determining the transition to state j, if the present state is i, satisfying the conditions (1.1).

i = 1,2,...,N; pij ≥ 0, 1 ≤ i, j ≤ N.(1.1)

time interval between the transitions is determined by random variable τij, governed by a corresponding set of N2 holding-time density functions (1.2).

(), 1 ≤ i, j ≤ N.(1.2)

Thus, it is convenient to define a semi-Markov process by transition probability and holding-time density functions matrices of size NN, respectively P={pij} and H()={hij()}.a process enters a state, the next state and holding time are determined by transition probabilities and holding-time density functions. After holding in state i for the time τij, the process makes the transition to state j and repeats the whole procedure.

Let the current state be ξ(t). Taking into account that the modelling is applied to ISS, transitions of the system to the same state would not be considered (pii=0). The chart of a semi-Markov process is presented in fig. 1.7, a.ccW(t)={ccwi(t)} be the diagonal matrix of probabilities that the system will not leave the state i until after time t.matrix flow graph representing semi-Markovian transitions is presented on fig. 1.7, b.

b. 1.7. Semi-Markov process chart and its matrix flow graph

, semi-Markov process is described by the interval-transition probability matrix (1.3).

Φe(s)=[I-P□He(s)]-1 ccWe(s),(1.3)

where I - unit matrix, □ - element by element matrix multiplication, e(s) - the exponential (Laplace) transform matrix (1.4).

(1.4)

1.5.3 ISS state as a semi-Markov process

The state of an information system as well as an ISS can be described as a continuous-time semi-Markov process that has an arbitrary transition probability matrix and all holding times given by an exponential distribution (1.5).

(t) = λe-λt, 1 ≤ i, j ≤ N.(1.5)

Then the interval-transition probability matrix will be described by the formula (1.6).

(1.6)

the state graph will have either of the two forms shown in fig. 1.8.

b. 1.8. Matrix flow graphs of the continuous time semi-Markov process

The foregoing description of the information system state can be accepted as a basis of its generalised functioning model. The basic purpose of generalised models consists in creating the pre-conditions for the objective estimation of the general information system state from the view of either vulnerability measure or information protection level. A necessity for such estimations usually arises at the analysis of general situation with the purpose of making strategic decisions during organisation of information security. The general models of the systems and information security processes are ones that allow to determine (to estimate) the general characteristics of the considered systems and processes, unlike local and private models, which provide determination (estimation) of some local or private descriptions of systems or processes.short list and descriptions of models, in which the Semi-Markov processes can be applied, is presented below.model of information security process. This model, in the most general view and for the most general object being protected, must display the information security process as a process of co-operation of random destabilising factors, affecting information, and information security tools that hinder the action of these factors. The result of co-operation will be a certain level of information security;model of the ISS. Being further development of general information security process model, the generalised model of the ISS must display the basic procedures, carried out inside this system with the purpose of rationalisation of information security processes. These processes in the most general view can be presented as distribution and use of information security resources as reactions on random changes in influence of destabilising factors;of general estimation of information threats. The basic purpose of this model is estimating not simply the information threats, but also those losses which can take place as results of different threats. The models of this direction are also important because exactly in them those conditions, at which estimations can be adequate to the real information security processes, are exposed in the most degree;of analysis of the systems that differentiate access to the information system resources. The models of this class are intended to support the decision of tasks of analysis and synthesis of the systems (mechanisms) that differentiate access to the different types of information system resources and foremost to the data arrays. The separation of these models into an independent class of general models is supported by the fact that that the mechanisms of access differentiation belong to the most substantial components of the ISS, and the general efficiency of information security in information system depends no the efficiency of access differentiation to a great extent. In these models the Semi-Markov process can illustrate the access to the information with the different degree of secrecy, where the states will be authentications on