Probabilistic Analysis of an Impact of Information Security on

Standard Process Performance in a Life Cycle of Systems

Andrey Kostogryzov

Federal Research Center “Computer Science and Control” of the Russian Academy of Sciences, Moscow, Russia

Keywords: Analysis, Information Security, Management, Model, Process, Risk.

Abstract: A methodological approach is proposed that allows to analyse an impact of information security on the

performance of standard agreement processes, organizational project-enabling processes, technical

management processes and technical processes according to ISO/IEC/IEEE 15288. Using the proposed

probabilistic approach to risks prediction in a life cycle of systems helps to identify "bottlenecks" and define

measures and actions for reducing risks when performing standard processes, considering threats to system

information security. The usability of the approach is illustrated by examples.

1 INTRODUCTION

In conditions of multiple uncertainties for system life

cycle, various risks arise, including risks connected

with the violation of information security

requirements. Despite a lot of researches devoted to

risk management (Akimov, 2015, Artemyev, 2017,

Kostogryzov, 2008-2020), the problems associated

with the analysis of an impact of system information

security on standard system processes performance in

terms of predicted risks continue to be poorly studied.

For this reason, the topic of research related to the

probabilistic analysis of such impacts continues to be

acutely relevant. At the same time, standard system

processes according to ISO/IEC/IEEE 15288

"System and software engineering. Systems life cycle

processes" cover the agreement processes (i.e.

acquisition and supply processes), organizational

project-enabling processes (i.e. life cycle model

management, infrastructure management, portfolio

management process, human resource management,

quality management and knowledge management

processes), technical management processes (i.e.

project planning, project assessment and control,

decision management process, risk management,

configuration management, information

management, measurement and quality assurance

processes) and technical processes (i.e. business or

mission analysis, stakeholder needs and requirements

https://orcid.org/0000-0002-0254-5202

definition, system requirements definition,

architecture definition, design definition, system

analysis implementation, integration, verification,

transition, validation, operation, maintenance and

disposal processes). In general, these processes

characterize the complete set of standard processes in

system life cycle.

In this paper an universal methodological

approach that allows to perform a probabilistic

analysis of an impact of information security on

performance of all above standard processes is

proposed.

2 GENERAL PROPOSITIONS

The focus on standard processes is justified by the

fact that on the one hand, the life cycle of any

complex system is woven from a variety of standard

processes deployed in time, and on the other hand, for

each of these processes, ISO/IEC / IEEE 15288

defines its possible purposes, outcomes and typical

actions.

For example the main purpose of the decision

management process is to provide a structured,

analytical framework for objectively identifying,

characterizing and valuating a set of alternatives for a

decision at any point in the life cycle and select the

most beneficial course of action. And as typical

Kostogryzov, A.

Probabilistic Analysis of an Impact of Information Security on Standard Process Performance in a Life Cycle of Systems.

DOI: 10.5220/0010619300003170

In Proceedings of the International Scientiﬁc and Practical Conference on Computer and Information Security (INFSEC 2021), pages 101-109

ISBN: 978-989-758-531-9; ISSN: 2184-9862

101

results of the successful performance of this process

are next outcomes: decisions requiring alternative

analysis are identified; alternative courses of actions

are identified and evaluated; a preferred course of

actions is selected; the resolution, decision rationale

and assumptions are recorded.

To obtain the identical results for every standard

process, one or more typical actions should be

performed using some assets for which information

security must be provided. It means the standard

processes are identical from the point of view of an

impact of information security on processes

performance.

In a life cycle of any system, both the reliable

performance of each of the standard processes used

and system information security, associated with this

process must be ensured. The term “reliability of

standard process performance” is defined as an ability

of this process to perform its necessary actions under

stated conditions for a specified period of time. The

reliability of standard process performance is

expressed in maintenance the values of corresponding

measures within the established limits during given

time.

To predict the risks for each of the standard

processes for a given prognostic time 𝑇

it is proposed

to use the following quantitative probabilistic

measures:

 𝑅



𝑇

 probability of failure to reliable

perform the necessary actions of the standard

process without consideration of threats to

system information security;

 𝑅



𝑇

 probability of violating information

security requirements;

 𝑅



𝑇

 integral probability of failure to

reliable perform standard process considering

system information security.

Corresponding risks are characterized by these

probabilistic measures against possible damage.

Note. According to ISO Guide 73 risk is defined

as effect of uncertainty on objectives considering

consequences. An effect is a deviation from the

expected — positive and/or negative.

3 THE PROPOSED APPROACH

There may be two cases for estimation the

probabilistic measure 𝑹

𝐫𝐞𝐥

𝑻

: the case of observed

repeatability and the case of assumed repeatability of

random events influencing reliability of the standard

process performance without consideration of threats

to system information security. For estimation the

probabilistic measure 𝑹

𝐬𝐞𝐜

𝑻

 repeatability of

threats activation is assumed. For estimation the

integral probabilistic measure 𝑹

𝐢𝐧𝐭

𝑻

 and

probabilistic analysis of an impact of information

security on standard process performance the

assumption of an independence of events connected

with reliability of standard process performance and

system information security is used.

3.1 The Case of the Observed

Repeatability

The inputs for calculations use statistical data

according to observed repeatability. For standard

process the quality of process performance results and

expected obtaining them in time are required. Failure

to perform the necessary actions of the process is a

threat of possible damage. From the point of view of

the composition of actions and/or the severity of

possible damage, all varieties of the standard process

can be divided into K groups, K ≥ 1 (if necessary).

Based on the use of statistical data, the probability of

failure to perform the actions of the process for the k-

th group for a given time is proposed to be calculated

by the formula

𝑅

 

𝑇



𝐺

 

𝑇

𝒌

/𝐺



𝑇

𝒌

, (1)

where 𝐺

failure 

𝑇

𝒌

 , 𝐺



𝑇

𝒌

- are accordingly, the

number of cases of failures when performing the

necessary actions of the process and the total number

of necessary actions from the k-th group to be

performed in a given time 𝑇

𝒌

The probability 𝑅



𝑇

 of failure to reliable

perform the necessary actions of standard process

without consideration of threats to system

information security is proposed to be estimated for

the option when only those cases are taken into

account for which the actions were not performed

properly (they are the real cause of the damage)

𝑅



𝑇

1𝑊



1 

𝑅

 

𝑇



 𝐼







𝑊













(2)

where 𝑇 is the specified total time for a process

performance for the entire set of actions from

different groups, including all particular values 𝑇



taking into account their overlaps;

𝑊



 is the number of actions taken into account

from the k-th group for multiple performances of the

process.

For the k-th group, the requirement to perform the

process actions using the indicator function

𝐼







taken into account

𝐼







1, if condition α

is peformed,

0, if condition α

isn



t peformed.

INFSEC 2021 - International Scientiﬁc and Practical Conference on Computer and Information Security

102

The condition α used in the indicator function is

formed by analysis of different specific conditions,

proper to the process. It allows to take into account

the consequences associated with the failure to

perform the necessary actions of the process – see (1),

(2). Condition α



means a set of conditions for all

process actions, subject to quality and time

constraints within the given time 𝑇

𝒌

for performing

the necessary actions from the k-th group.

3.2 The Case of the Assumed

Repeatability

For the case of the assumed repeatability the

probabilistic modeling approach is proposed. The

next interconnected ideas 1-7 are used.

Idea 1 is concerning the usual concept and

properties of probability distribution function (PDF)

(see for example Kostogryzov, 2020) for a continuous

random variable of time. PDF for a time variable τ is

nondecreasing function P(t) whose value for a given

point t≥0 can be interpreted as a probability that the

value of the random variable τ is less or equal to the

time value t, i.e. P(t)=P(τ≤t). Additionally P(t)=0 for

t<0, and P(t)→1 for t→∞. In general case the

solutions for modeling problems in decision-making

are based on using concept of the probabilities of

"success" and/or "unsuccess" (risk of "failure"

considering consequences) during the given

prognostic time period treq.. This probability is a

value for a point treq. and is defined by created PDF

in modeling.

Idea 2. An interested system or process modelled

are in general case a complex system and may be a

subsystem or element of comprehensive complex

system. It means the used integrated PDF of time

between losses of system integrity can’t be banal

exponential PDF. It must consider complexity in

modeling any process, predict of “success” or

“failure” on time line and allow to define zone

focused on limitations to admissible risks – see Figure

1 (fragment of exponential and an adequate PDF of

time between losses of system integrity with identical

frequency of system integrity losses is illustrated in

conditional units).

Figure 1: Example when all requirements to admissible risk

are met for an adequate PDF of time between losses of

system integrity.

Note. Integrity of system or process modelled is

defined as such state when purposes (of system or

process) are achieved with the required quality and in

time.

Idea 3. The proposed approach for modeling

should allow a generation of probabilistic models for

prediction of “success” or “failure” in uncertainty

conditions. In general case an input for generated

models should consider system complexity,

periodical diagnostics, monitoring between

diagnostics, recovery of the lost integrity for every

element of system or processes modelled. As an

output of such generated models adequate PDF of

time τ between losses of integrity should be produced

in analytical form

Idea 4. Input for probabilistic modeling can be

formed from gathered real data or from hypothetical

data.

For the approach implementation the next

probabilistic models are proposed.

3.2.1 “Black box” Formalization

The models below implemented ideas 1 – 3(see for

example Akimov, 2015, Artemyev, 2017,

Kostogryzov, 2008-2020).

As modelled system are considered:

 “Black box” with virtual random events

influencing reliability of the standard process

performance without consideration of threats to

system information security – for estimating

𝑅



𝑇

;

 “Black box” with virtual random events

influencing system information security before

or during the standard process performance

(with threats activation) – for estimating

𝑅



𝑇

.

In general case successful modelled system

operation is connected with counteraction against

various dangerous influences on process performance

integrity - these may be counteractions against

Probabilistic Analysis of an Impact of Information Security on Standard Process Performance in a Life Cycle of Systems

103

failures, defects events, “human factors” or computer

viruses events on time line, etc.

To analyse an impact of information security on

the performance of standard processes there are

proposed the formalization for the general technology

used in process performance. The technology is based

on periodical diagnostics of modelled system

integrity, that is carried out to detect danger sources

penetration into a modelled system or consequences

of negative influences (see Figure 2). The lost

modelled system integrity can be detect only as a

result of diagnostics, after which the system recovery

is started. Dangerous influence on modelled system

is acted step-by step: at first a danger source

penetrates into the system and then after its activation

begins to influence. The system integrity can’t be lost

before penetrated danger source is activated. A

danger is considered to be realized only after a danger

source has influenced on the modelled system.

Figure 2: Some accident events in modelled system.

(left – correct operation, right – a lose of integrity

during prognostic period T

req

)

There are recommended some “Black box”

models for which probabilistic space (



, B, P) is

created (see for example Kostogryzov, 2008, 2012,

2020 etc.), where:



- is a limited space of elementary

events; B – a class of all subspace of



-space,

satisfied to the properties of



-algebra; P – is a

probability measure on a space of elementary events



. Because,





} is limited, there is enough to

establish a reflection





=P(



) like that p



and

1



It is supposed that used diagnostic tools allow to

provide necessary integrity recovery after revealing

danger sources penetration into modelled system or

the consequences of influences. Using the

probabilistic models (described in details in

Kostogryzov, 2008, 2012) the measures 𝑅



𝑇

 and

𝑅



𝑇

 can be estimated in terms “success” or

“failure” considering uncertainty conditions,

periodical diagnostics, monitoring between

diagnostics, recovery of the lost integrity for “Black

box”. There are the next input for probabilistic

modeling (Kostogryzov, 2008-2020):

 - frequency of the occurrences of potential

threats (or mean time between the moments of the

occurrences of potential threats which equals to

1/frequency);

 - mean activation time of threats;

betw

- time between the end of diagnostics and the

beginning of the next diagnostics;

diag

- diagnostics time;

recov

- recovery time

T - given prognostic period.

3.2.2 About Modeling for Complex System

For a complex systems with parallel or serial

structure there are proposed the next method to

generate adequate probabilistic models

(Kostogryzov, 2008-2020 etc.) This method uses the

usual way of probability theory for independent

random variables, it is described below.

Let's consider the elementary structure from two

independent parallel or series elements. Let’s PDF of

time between losses of i-th element integrity is В

(t)

=Р (τ

≤ t), then:

1) time between losses of integrity for modelled

system combined from series connected independent

elements is equal to a minimum from two times τ

failure of 1st or 2nd elements (i.e. the modelled

system goes into a state of lost integrity when either

1st, or 2nd element integrity is lost). For this case the

PDF of time between losses of modelled system

integrity is defined by expression

В(t) = Р[min (τ

,τ

)≤t] =1- Р[min (τ

,τ

)>t] =

= 1- Р(τ

>t)Р(τ

> t)= 1 – [1-В

(t)] [1- В

(t)], (3)

2) time between losses of integrity for modelled

system combined from parallel connected

independent elements (hot reservation) is equal to a

maximum from two times τ

: failure of 1st and 2nd

elements (i.e. the modelled system goes into a state of

lost integrity when both 1st and 2nd elements have

lost integrity). For this case the PDF of time between

losses of modelled system integrity is defined by

expression

В(t)=Р[max(τ

,τ

)≤t]=Р(τ

≤t)Р(τ

≤t)=В

(t)В

(t)

(4)

Applying recurrently expressions (3) – (4), it is

possible to build PDF of time between losses of

integrity for any complex system with parallel and/or

series structure and theirs combinations.

Using these probabilistic models and methods

(described in details in […]) the measures 𝑅



𝑇



and 𝑅



𝑇

 can be estimated in terms “success” or

“failure” considering uncertainty conditions, system

INFSEC 2021 - International Scientiﬁc and Practical Conference on Computer and Information Security

104

complexity, periodical diagnostics, monitoring

between diagnostics, recovery of the lost integrity for

every element of system or processes modelled.

3.3 Estimation of Integral Measure

The integral probability of failure to reliable perform

standard process considering system information

security 𝑅



𝑇

 for the period T is proposed to be

calculated by the formula:

𝑅



𝑇

11𝑅



𝑇

  1

𝑅



𝑇





)

Here the probabilistic measure 𝑅



𝑇

 and

𝑅



𝑇

 are estimated according to proposition of

3.2.1 and 3.2.2 considering the possible damage.

4 EXAMPLES

Without violating the general understanding of the

proposed approach, the examples are given with

reference to the standard decision management

process.

Let some enterprise organize production

management, focusing on the requirements of IEC

62264-1 “Enterprise-control system integration - Part

1: Models and terminology” for the integration of

enterprise management systems.

Without going into the details of integrated

management systems in terms of the production

process, maintenance process, quality control process

and inventory process, the example demonstrates the

proposed approach to analysing the impact of

information security on the implementation of the

decision management process. Consider performing

the following actions: action 1 - planning decision

management; action 2-gatheing, processing, and

analysing information for decision making; action 3 -

decision making and decision management.

To estimate the probabilistic measures on

examples the following actions and assets are selected

– see verbal description on Figure 3

Figure 3: Verbal description.

Example 1 is devoted to estimate predicting the

risk of a violation of the reliability of the

implementation of the decision management process

without taking into account the quality of the

information used (based on the results of collecting,

processing and analysing information for decision-

making) and information security requirements.

Example 2 is devoted to predicting the risk of

violating information security requirements. Example

3 illustrates the analysis of an impact of information

security on the performance of the standard decision

management process at the integral risk level.

4.1 Example 1

Verbal description on Figure 4 allows to form a

structure of modelled system in the form of a structure

of the following consecutive elements associated with

actions – see Figure 4. By definition, the reliability of

the decision management process is considered to be

ensured during a given period, if during this period

"And" for the production process, "And" for the

maintenance process, "And" for the quality control

process "And" for the inventory process, the actions

"And" for planning decision management (by

elements 1, 2, 3, 4), "And" on decision-making and

decision management (for elements 5, 6, 7, 8).

Figure 4: Structure of modelled system.

The input for estimations by the model

(Kostogryzov, 2008, 2012) using the methods of 3.2.2

is presented in Table 1.

Probabilistic Analysis of an Impact of Information Security on Standard Process Performance in a Life Cycle of Systems

105

Table 1: Input for example 1.

Input for

each

element 1-8

Value of element 1-8 in production, maintenance, quality control and inventory processes

 -

frequency of

the

occurrences

of potential

threats

Threats for elements 1)-4) are the threats of hard-software, technology and human errors made during

planning:

1) - 5 times in a year (due to insufficient qualifications or knowledge);

2, 3, 4) - 1 time in a year (because of staff).

Threats for elements 5)-8) are the threats of damage from making unreasonable decisions:

5) - 2 times in a year (due to insufficient qualifications or knowledge);

6, 7, 8

)

- 1 time in a

ear

(

because of staff

)

 - mean

activation

time of

threats

For elements 1)-4) these are the mean time to possible damage after critical hard-software, technology,

or human errors made during planning:

1)- 2 weeks (this is commensurate with the modeling time for the justification of the production plans);

2, 3, 4) - 1 year (this is commensurate with the time between critical errors in planning of maintenance,

quality control and inventory process).

For elements 5)-8) it is the mean time to possible damage after critical hard-software, technological, or

human errors made in decision-making:

5) – 6 months (this is commensurate with the time of gradual failure of production equipment);

6) – 6 months (this is explained by the preservation of the minimum system capabilities to function in

an outdated environment);

7) – 2 months (this is explained by the average time to complaints due to quality control errors

)

–

6 months

(

this is ex

lained b

the avera

e time to

roduction downtime due to critical errors

betw

- time

between the

end of

diagnostics

and the

beginning of

the next

diagnostics

For elements 1)-4) it is equal to 8 hours, this time is determined by the regulations for monitoring the

readiness of personnel for work – 1 time per shift with an 8-hour working day;

5) – 1 hour, it is determined by the equipment control regulations;

6, 7, 8) – 1 week, it is determined by the regulations for maintenance, quality control and inventory

processes

diag

diagnostics

time

For elements 1)-4) it is equal to 10 minutes, it is determined by the time of the medical examination

before work.

5, 7, 8) – 30 seconds, indicates the duration of automatic diagnostics in monitoring equipment and

assets integrity.

)

–

1 hour, it is duration of the dia

nostics of e

ment condition

urin

maintenance

rocess

recov

recovery

time

For elements 1)-4) – 30 minutes, this is time to replace the person who has been suspended from

performing the duties, and to assign the necessary functional responsibilities to the replacement person

to perform the planning functions;

5) – mean recovery time for equipment;

6, 8) – 8 hours, this is recovery time for maintenance and inventory processes;

–

30 minutes, this is time to re-install the software of quality control system

T - given

prognostic

erio

From 1 month to 1 year

(to estimate guarantees period to maintain admissible risks)

The analysis of calculation results showed that for

production, maintenance, quality control and

inventory process the probability of failure to reliable

perform the necessary actions of the standard process

without consideration of threats to system

information security during the year will be about

0.142 - see Figure 5. This means that actions for

planning decision management in the production

process (element 1) and actions for decision making

and decision management in the quality control

process (element 7) are the most significant in the

generalized risk in probabilistic terms ( see Table 1.

Note: according to methods 3.2.2 this generalized risk

isn’t equal to the arithmetical sum of risks for

elements 1-8). For elements 2-6, 8, the values of the

estimated risk do not exceed 0.019. When the

prognostic period changes from 1 month to 1 year, the

risk for all actions increases from 0.012 to 0.142. For

an admissible risk at the level of 0.05, a period of up

INFSEC 2021 - International Scientiﬁc and Practical Conference on Computer and Information Security

106

to 117 days is justified, for which guarantees to

maintain admissible risks are valid (see Figure 6).

Figure 5: Risks without taking into account information

security requirements (prognostic period =1 year).

Figure 6: Dependence of generalized risk on the prognostic

period lasting from 1 month to 1 year.

4.2 Example 2

Continuing with example 1, the focus to analyse is on

the structure of actions and protected assets defined

in Figures 3 and 4. The input for each of the 8

elements, taking into account possible vulnerabilities

in asset protection technologies, for estimations by

the same model (Kostogryzov, 2008, 2012): using the

methods of 3.2.2 is presented in Table 2.

Table 2: Input for example 2.

Input for

each

element 1-8

Value of element 1-8 in production,

maintenance, quality control and

inventor

rocesses

 -

frequency of

the

occurrences

of potential

threats

The threats for all elements 1)-8) are

the threats to information security:

1, 5) - 1 time in a year (it is

commensurate with the frequency of

technical failure of the equipment);

2) - 1 time in a year (it is commensurate

with the error rate on the part of a

specialist -planner of average

qualification);

3, 4) – 2 times in a year (commensurate

with the frequency of errors on the part

of the man-controller and specialist –

inventory planner of average

qualification);

6) – 1 time in 5 years (it is explained by

the threats masking of failures in the

process of system maintenance by

highly qualified specialists);

7, 8) - 1 time in a year (it is

commensurate with the frequency of

errors on the part of the man-controller

and specialist –inventory planner of

average qualification)

 - mean

activation

time of

threats

For all elements 1)-8) – 1 day (it is

assumed that because of masking, the

threat sources are not activated

immediately, but with a delay of at least

a day)

betw

- time

between the

end of

diagnostics

and the

beginning of

the next

diagnostics

For all elements 1)-8) – 1 hour (it is

determined by the rules for controlling

the integrity of the software and assets

used)

diag

diagnostics

time

For all elements 1)-8) – 30 seconds (it

is diagnostics time during automatic

software and asset integrity monitoring)

recov

recovery

time

For elements 1)-8) – 5 minutes,

including software reinstallation and

data recover

T - given

prognostic

erio

From 1 to 4 months

(to estimate guarantees period to

maintain admissible risks

)

The analysis of calculation results showed that for

the probability of violating information security

requirements during the month will be about 0.016 -

see Figure 7, and for elements 1-5, 7-8 - about 0.002,

for 6th element - 0.0003, i.e. all assets are protected

to a relatively equal degree. When the prognostic

period increases from one to four months, the risk

increases from 0.016 to 0.062. For an acceptable risk

at the level of 0.05, a period of up to 96 days is

Probabilistic Analysis of an Impact of Information Security on Standard Process Performance in a Life Cycle of Systems

107

justified, for which guarantees to maintain admissible

risks are valid (see Figure 8).

Figure 7: Risks of violating information security

requirements (prognostic period =1 month).

Figure 8: Dependence of generalized risk on the prognostic

period lasting from 1 to 4 months.

4.3 Example 3

Considering prognostic period T =1 month and the

calculating results 𝑅



𝑇

= 0.012 and 𝑅



𝑇

=

0.0160, than according to (5) integral probability of

failure to reliable perform standard process

considering system information security

𝑹

𝐢𝐧𝐭

𝑻

 = 1 ─ (1─0.012)ꞏ(1─0.016) ≈ 0.028

This is less than the established acceptable level

of 0.05, and with similar damages and reasonable

costs, the reliability of the decision management

process is commensurate with the effectiveness level

of information security. It confirms for enterprise that

the planned or applied system engineering solutions

are balanced and allow to maintain admissible risks

during justified period.

5 CONCLUSIONS

A methodological approach allows to analyse an

impact of information security on the performance of

standard processes in system life cycle according to

ISO/IEC/IEEE 15288. It uses the integral measure for

uncertainty conditions – the integral probability of

failure to reliable perform standard process

considering system information security. Using the

proposed probabilistic measures the approach

application helps to confirm that the planned or

applied system engineering solutions are balanced, to

calculate justified period for maintaining admissible

risks, to identify "bottlenecks" and define measures

and actions that help reduce risks when performing

standard processes, considering threats to system

information security.

REFERENCES

Kostogryzov A.I. and Stepanov P.V. (2008). Innovative

management of quality and risks in systems life cycle.

Moscow, Armament. Policy. Conversion, Moscow.

Kostogryzov A., Nistratov G. and Nistratov A. (2012).

Some Applicable Methods to Analyze and Optimize

System Processes in Quality Management. Total

Quality Management and Six Sigma, InTech, 127-196.

Kostogryzov A., Nistratov G. and Nistratov A. (2013). The

Innovative Probability Models and Software

Technologies of Risks Prediction for Systems

Operating in Various Fields. International Journal of

Engineering and Innovative Technology (IJEIT), 3(3),

146-155.

Akimov V., Kostogryzov A., Mahutov N. et al., (2015).

Security of Russia. Legal, Social&Economic and

Scientific&Engineering Aspects. The Scientific

Foundations of Technogenic Safety. Under the

editorship of Mahutov N.A. Znanie, Moscow.

Kostogryzov A.I., Stepanov P.V., Nistratov G.A., Nistratov

A.A., Grigoriev L.I. and Atakishchev O.I. (2015).

Innovative Management Based on Risks Prediction,

Information Engineering and Education Science –

Zheng (Ed.). Taylor & Francis Group, London, 159-

166.

Artemyev V., Kostogryzov A., Rudenko Ju., Kurpatov O.,

Nistratov G. and Nistratov A. (2017). Probabilistic

methods of estimating the mean residual time before

the next parameters abnormalities for monitored critical

systems. Proceedings of the 2nd International

Conference on System Reliability and Safety (ICSRS),

Milan, Italy, 368-373

Kostogryzov A., 2019. Mathematical models and methods

of system engineering for preventive risks control in

real time. Proceedings of the 6th International

Conference Actual Problems of System and Software

Engineering, Moscow, Russia, 12-14 November,

Published by the IEEE Computer Society, pages 1-9.

Kostogryzov A. and Korolev V. (2020). Probability,

combinatorics and control. Probabilistic methods for

cognitive solving problems of artificial intelligence

systems operating in specific conditions of

uncertainties, 3-34. IntechOpen.

INFSEC 2021 - International Scientiﬁc and Practical Conference on Computer and Information Security

108

Kostogryzov A., Nistratov A. and Nistratov G. (2020)

Analytical risks prediction. Rationale of system

preventive measures for solving quality and safety

problems. Modern Information Technology and IT

Education, Edtors: Sukhomlin, Vladmir, Zubareva,

Elena (Eds.), 1, pages 352-364.

Kostogryzov A. (2020). Risks Prediction for Artificial

Intelligence Systems Using Monitoring Data, CEUR

Workshop Proceedings, vol 2603, pages 29-33.

Probabilistic Analysis of an Impact of Information Security on Standard Process Performance in a Life Cycle of Systems

109