1. Introduction

Information systems are of high importance in organizations, industrial process, banking sector, etc. The "human factor" accounts for approximately 70% of information security breaches. Staff are one of the parts of information system. The influence of the "human factor" on the level of system information security is considered in various articles and standards. In particular, the international standards ISO/IEC 27002 provide recommendations for work with staff at various stages: prior to employment, during employment, termination, and change of employment [14]. The reliability of information system operation and the level of information security depend on different conditions. Wrong actions and inactivity of staff and untimely performance of job duties can lead to violations of integrity, availability, and confidentiality of

© 2016 The Author(s). Licensee InTech. This chapter is distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/by/3.0), which permits unrestricted use, distribution, and eproduction in any medium, provided the original work is properly cited. © 2018 The Author(s). Licensee IntechOpen. This chapter is distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/by/3.0), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

the information. As a result they influence the level of system information security. The staff of information system have certain characteristics that affect a level of system information security as well as technical and software components. Such characteristics form mental state and psychophysical properties of staff. In addition to attacks on the information system implemented by technical methods, there is also an attack on the staff of the information system. This attack can be carried out by means of information-psychological impact (IPI). In this article, it is proposed to consider mathematical models for predicting and estimating the information security level of information systems, taking into account dependent events and information and psychological impact on staff, methods, and stages of implementing information and psychological impact. The approach to the analysis of staff conditions under the information-psychological impact is considered. A methodical approach is proposed for analyzing the impact of qualification and psychological states of staff on the information security level of the information system. The application of this model is considered.

estimated by mutual influence in the analysis of the characteristics of the information system. For example, a separate information system node is a complete single device with specific technical characteristics that are individually responsible for the likely conditions for ensuring either integrity or availability or confidentiality. At the same time, by virtue of the technical implementation, this node cannot be ideal from the point of view of safety criteria and cannot provide only either integrity or availability or confidentiality, since the information that must have a certain level of each criterion will circulate in it. And the characteristics of this node will extend to a certain part of the information system, which also estimates the important conditions for ensuring its security [26]. The security of information, in the sense of analyzing the probability of the existence of safety criteria, in the information system can be represented in

Probabilistic Analysis of the Influence of Staff Qualification and Information-Psychological Conditions on…

http://dx.doi.org/10.5772/intechopen.75079

235

If the integrity (I), availability (A), and confidentiality (C) are separate sets, then security (S) is

It means that it is necessary to ensure both integrity, and availability, and confidentiality to a specific value of the appropriate criterion, estimated for each particular information system in order to ensure security [12, 25]. In its turn, from the point of view of ensuring the probability of the information system security and due to the interdependence described above, integrity, availability, and confidentiality are conditional signs. Then the probability of security should

The figure shows a graphical interpretation of the product of the corresponding events I, A,

Since the events of ensuring integrity, availability, and confidentiality are dependent, then the probability of producing these events according to the multiplication rule for the probabilities

p Sec ð Þ¼ p Ið Þ ∩ A ∩ C : (1)

p Ið Þ¼ ∩ A ∩C p Ið Þ� pIð Þ� A pIAð Þ C : (2)

the diagram of sets shown in Figure 1.

be considered in the following way (Eq. (1)) [12]:

and C for which the following expression is valid (Eq. (2)):

Figure 1. Presentation of integrity, availability, and confidentiality using sets.

the intersection of these three sets.

of dependent events, is (Eq. (3)):
