2.3.2. Impact of staff's psychological conditions on labor activity

Eq. (12) makes it possible to evaluate the change in the properties and the response of an object to IPI. In our case, staff are considered as the IPI object. Eq. (13) of the change in the property and the human reaction to the effects is given in articles [11, 16–19] and has the form (Eq. (14)):

where F is the frustration; F0 means some value of the level of frustration, considered normal or threshold; A is the aggression; Q means the time parameter; R is the stiffness; X means the effectiveness of information-psychological impact; and Y is the reaction level. These parameters are measured in conditional scores. They can be estimated using psychological tests and an expert method. This is proposed to use Eq. (11) to estimate the change in the property of the IPI object as a result of the action. The transfer equation for Eq. (14) has the form (Eq. (15)):

A

F0

RA <sup>p</sup> <sup>p</sup> <sup>þ</sup> AF<sup>0</sup>

<sup>p</sup><sup>2</sup>F<sup>0</sup> <sup>þ</sup> <sup>2</sup>QF ffiffiffiffiffiffiffi

Employees' qualifications, mental state, and psychophysical properties can act as their charac-

• k = 0 if the staff of the information system are idle in the case of vulnerabilities, technical malfunctions are idle in the technical and software components of the information system

• k < 1 if the staff of the information system fail to remove vulnerabilities, technical malfunctions fail in the technical and software components of the information system in

• k = 1 if the staff of the information system eliminate vulnerabilities, technical malfunctions eliminate in the technical and software components of the information system in time [27, 28].

• k > 1 if the staff of the information system independently detect and fix vulnerabilities (temporary solutions, before the release of the update from the manufacturer) in the technical and software components of the information system, technical malfunctions are

The limiting minimum value for the staff's qualification k is 0, because staff does not create vulnerabilities and technical malfunctions in the technical and software components of the information system. The maximum value for the staff's qualification k is 3; in this case the

<sup>Q</sup><sup>2</sup> <sup>Y</sup> <sup>¼</sup> X, (14)

: (15)

2F ffiffiffiffiffiffiffi RA p QF<sup>0</sup> � dY dt þ

W pð Þ¼ <sup>Q</sup><sup>2</sup>

2.3. Methodological approach for analyzing the impact of staff qualifications and

RQ<sup>2</sup>

psychological conditions on the level of systems information security

This is a proposed estimate of staff's qualification in an expert way:

teristics.

[27, 28].

time [27, 28].

prevented [27, 28].

2.3.1. Staff qualification assessment

240 Probabilistic Modeling in System Engineering

R d2 Y dt<sup>2</sup> <sup>þ</sup>

> During the work activity, the staff of the information system may be in different psychological conditions. The effectiveness of the staff depends on what psychological state they are in. The following states can be distinguished as [3, 20, 29]:


It should be remembered that the dependence of the efficiency of labor activity (working capacity) of employees on the level of tension of its functional systems is parabolic. It was found out that mental stress has a positive effect on the result of labor up to a certain limit. Exceeding the critical level of activation leads to a decrease in the results of labor up to a complete loss of efficiency.

• Fatigue is a functional state of a person, temporarily occurring under the influence of prolonged or intensive work, accompanied by a decrease in its effectiveness. Fatigue is caused by the depletion of body resources during prolonged or excessive activity and is characterized by a decrease in motivation to work, a violation of attention and memory. At the physiological level, the appearance of a protective inhibition of the central nervous system is noted. Fatigue may eventually go into the exhaustion, which requires a longer rehabilitation to get it over.

• Stress is a state of increased and prolonged pressure associated with the inability to adapt to the requirements of the habitat. This condition is caused by the long-term impact of environmental factors, exceeding the possibilities of the organism adaptation. It is characterized by mental stress, a sense of frustration, anxiety, and worry, and in the last stage, indifference and apathy appear. At the physiological level, there is a depletion of adrenal hormone stores, muscle tension, and a two-phase activation of the autonomic nervous system.

Figure 4 shows the possible dynamics of staff states. The transition between states can occur both as a result of labor activity and under the influence of information-psychological impact.

The effectiveness of staff for different psychological conditions is a quantity with no dimension and can be estimated in the following way:

• For an optimal working condition, the efficiency of labor activity will be estimated as (Eq. (16)) [3, 20, 29]

$$E = k,\tag{16}$$

• For the state of fatigue, the efficiency of labor activity will be estimated as (Eq. (18)) [3, 20,

Probabilistic Analysis of the Influence of Staff Qualification and Information-Psychological Conditions on…

where k is the qualification of the staff, b [1/h] is the parameter that estimates the rate of staff

• For the state of fatigue, the efficiency of labor activity will be estimated as (Eq. (19))

where k is the qualification of the staff, b [1/h] is the parameter that estimates the rate of staff

The information system consists of various technical and software components; each of them can have vulnerabilities and fail due to a technical malfunction. Vulnerabilities and technical faults pose a threat to the confidentiality, integrity, and availability of information. This is proposed to represent the information system as a set of queuing systems [26–28]; each of them simulates the dynamics of vulnerabilities and technical faults that threaten the confidentiality, integrity, and availability of information. The input of the described system receives a non-stationary Poisson stream of requests (vulnerabilities and faults). This model is presented in Figure 5, where λð Þt is the speed of detection of vulnerabilities or faults that threaten the confidentiality, integrity, or availability of information; E is the effectiveness of staff to ensure the confidentiality, integrity, or availability of information; and Ta is the average time to

The average speed of elimination of vulnerabilities and faults of the information system will be

<sup>μ</sup><sup>a</sup> <sup>¼</sup> <sup>1</sup> Ta

The average number of vulnerabilities and faults in the information system will be the sum of the average number of vulnerabilities and faults that threaten the confidentiality, integrity, and

where μ<sup>a</sup> is the average speed of elimination of the vulnerability and malfunction.

The assessment of μ<sup>a</sup> will be estimated in the following way (Eq. (21)):

fatigue, s is the reaction to information-psychological impact, and t [h] is time. • The efficiency of labor activity is equal to zero for the state of relaxation.

2.3.3. Mathematical model of information system operation

eliminate the vulnerability or malfunction.

described in the following way (Eq. (20)):

availability of information (Eq. (22)):

E ¼ k � bt, (18)

http://dx.doi.org/10.5772/intechopen.75079

243

E ¼ k � sbt, (19)

μ ¼ Eμa, (20)

: (21)

29]

fatigue, and t [h] is time.

[3, 20, 29]

where k is the qualification of the staff.

• For the state of intense activity, the efficiency of labor activity will be estimated as (Eq. (17)) [3, 20, 29]

$$E = -at^2 + bt + k\_\prime\tag{17}$$

where k is the qualification of the staff, a [1/h<sup>2</sup> ] and b [1/h] are parameters that estimate the rate of staff fatigue, and t [h] is time.

Figure 4. Possible dynamics of staff transitions in the course of labor activity.

• For the state of fatigue, the efficiency of labor activity will be estimated as (Eq. (18)) [3, 20, 29]

$$E = k - bt,\tag{18}$$

where k is the qualification of the staff, b [1/h] is the parameter that estimates the rate of staff fatigue, and t [h] is time.

• For the state of fatigue, the efficiency of labor activity will be estimated as (Eq. (19)) [3, 20, 29]

$$E = k - sbt,\tag{19}$$

where k is the qualification of the staff, b [1/h] is the parameter that estimates the rate of staff fatigue, s is the reaction to information-psychological impact, and t [h] is time.

• The efficiency of labor activity is equal to zero for the state of relaxation.

#### 2.3.3. Mathematical model of information system operation

At the physiological level, the appearance of a protective inhibition of the central nervous system is noted. Fatigue may eventually go into the exhaustion, which requires a longer

• Stress is a state of increased and prolonged pressure associated with the inability to adapt to the requirements of the habitat. This condition is caused by the long-term impact of environmental factors, exceeding the possibilities of the organism adaptation. It is characterized by mental stress, a sense of frustration, anxiety, and worry, and in the last stage, indifference and apathy appear. At the physiological level, there is a depletion of adrenal hormone stores, muscle tension, and a two-phase activation of the autonomic nervous

Figure 4 shows the possible dynamics of staff states. The transition between states can occur both as a result of labor activity and under the influence of information-psychological impact. The effectiveness of staff for different psychological conditions is a quantity with no dimension

• For an optimal working condition, the efficiency of labor activity will be estimated as

• For the state of intense activity, the efficiency of labor activity will be estimated as (Eq. (17))

E ¼ k, (16)

<sup>E</sup> ¼ �at<sup>2</sup> <sup>þ</sup> bt <sup>þ</sup> k, (17)

] and b [1/h] are parameters that estimate the rate

rehabilitation to get it over.

242 Probabilistic Modeling in System Engineering

and can be estimated in the following way:

where k is the qualification of the staff.

where k is the qualification of the staff, a [1/h<sup>2</sup>

Figure 4. Possible dynamics of staff transitions in the course of labor activity.

of staff fatigue, and t [h] is time.

(Eq. (16)) [3, 20, 29]

[3, 20, 29]

system.

The information system consists of various technical and software components; each of them can have vulnerabilities and fail due to a technical malfunction. Vulnerabilities and technical faults pose a threat to the confidentiality, integrity, and availability of information. This is proposed to represent the information system as a set of queuing systems [26–28]; each of them simulates the dynamics of vulnerabilities and technical faults that threaten the confidentiality, integrity, and availability of information. The input of the described system receives a non-stationary Poisson stream of requests (vulnerabilities and faults). This model is presented in Figure 5, where λð Þt is the speed of detection of vulnerabilities or faults that threaten the confidentiality, integrity, or availability of information; E is the effectiveness of staff to ensure the confidentiality, integrity, or availability of information; and Ta is the average time to eliminate the vulnerability or malfunction.

The average speed of elimination of vulnerabilities and faults of the information system will be described in the following way (Eq. (20)):

$$
\mu = \mathbb{E}\mu\_{\mathfrak{a}'} \tag{20}
$$

where μ<sup>a</sup> is the average speed of elimination of the vulnerability and malfunction.

The assessment of μ<sup>a</sup> will be estimated in the following way (Eq. (21)):

$$
\mu\_a = \frac{1}{T\_a}.\tag{21}
$$

The average number of vulnerabilities and faults in the information system will be the sum of the average number of vulnerabilities and faults that threaten the confidentiality, integrity, and availability of information (Eq. (22)):

Figure 5. Model of changes in the state of security of the information system, taking into account the staff activities.

$$N\_a(t) = \sum\_{m=1}^3 N\_a^{(m)}, N\_a^{(m)}(t) = \frac{T\_a^m e^{-t}}{E^{(m)}} \left(\lambda^m(t) + \int\_0^t \lambda^m(\tau) e^{\tau} d\tau\right). \tag{22}$$

When Eð Þ <sup>m</sup> is equal to zero of vulnerability and faults, the average number of vulnerabilities and faults will be estimated as (Eq. (23))

$$N\_a^{(m)}(t) = \int\_0^t \lambda^m(\tau) e^{\tau} d\tau. \tag{23}$$

To analyze the influence of the human factor on the properties of each component of the

Probabilistic Analysis of the Influence of Staff Qualification and Information-Psychological Conditions on…

PIðÞ¼ t PIð Þþ t P0Ið Þt ð Þ 1 � PIð Þt , PAðÞ¼ t PAð Þþ t P0Að Þt ð Þ 1 � PAð Þt , PCðÞ¼ t PCð Þþ t P0Cð Þt ð Þ 1 � PCð Þt ,

where P0Ið Þt , P0Að Þt , and P0Cð Þt are the likelihood of the absence of vulnerabilities and faults in

Let us consider an information system, consisting of an X router and a file server under the management of the operating system Y. Users who are allowed to have an access connect to the router through a Wi-Fi connection and get an access to files according to the permitting

In this information system, confidentiality, integrity, and availability are provided by means of

It is possible to infringe the security of the information system by violating the performance of one of the components which are responsible for confidentiality, integrity, and availability.

As the experience of practical studies [12] has shown for 802.11 wireless networks in calculating the probability values of safety criteria, it is advisable to take noise immunity coding into account for the estimation of integrity. But it is necessary to take modulation efficiency and bandwidth usage technology into account for the estimation of availability, and it is important to take cryptographic strength of encryption into account for the estimation of confidentiality. Then the expression for the probability of ensuring the security of information takes the form

p Sec ð Þ¼ p Ið Þ� p Að Þ� =I p Cð Þ =IA , (28)

p IðÞ¼ p coding\_immunity ð Þ, (29)

p IðÞ¼ p rð Þ ;R , (32)

p Að Þ¼ p Effect\_of \_ ð Þ modular\_techno log ical\_use\_of \_frequencies , (30)

p Cð Þ¼ p cryptographic\_strenght\_of \_encryption ð Þ, (31)

p Að Þ¼ p S; SNR; Vm; per; parametr\_t , (33)

(27)

245

http://dx.doi.org/10.5772/intechopen.75079

investigated information system, one can consider, as (Eq. (27)) [1]:

the component providing integrity, availability, and confidentiality.

a router and a server running the operating system Y.

With a more detailed representation of the parameters (Eq. (32)):

3. Example of using models

access system.

(Eq. (28)):

where

There is a probability of a number of vulnerabilities and faults (Eq. (24)):

$$P\_n(t) = \frac{[N\_a(t)]^n}{n!} e^{-N\_a(t)}.\tag{24}$$

Thus, the probability of the absence of vulnerabilities and faults is (Eq. (25))

$$P\_0(t) = \mathcal{e}^{-N\_t(t)}.\tag{25}$$

In general, based on the proposed models, it is proposed to estimate the security of the information system PISð Þt , taking into account the impact of staff qualifications and psychological conditions, as (Eq. (26))

$$P\_{\rm IS}(t) = P\_{\rm Sec}(t) + P\_0(t)(1 - P\_{\rm Sec}(t)).\tag{26}$$

where PSec ð Þt is estimated from Eq. (3).

To analyze the influence of the human factor on the properties of each component of the investigated information system, one can consider, as (Eq. (27)) [1]:

$$\begin{aligned} P\_I(t) &= P\_I(t) + P\_{0l}(t)(1 - P\_I(t)), \\ P\_A(t) &= P\_A(t) + P\_{0A}(t)(1 - P\_A(t)), \\ P\_C(t) &= P\_C(t) + P\_{0C}(t)(1 - P\_C(t)), \end{aligned} \tag{27}$$

where P0Ið Þt , P0Að Þt , and P0Cð Þt are the likelihood of the absence of vulnerabilities and faults in the component providing integrity, availability, and confidentiality.
