2. Parameters of periodic monitoring and recovery in information systems

## 2.1. Periodic monitoring parameters

The main parameters of periodic monitoring and recovery in protected information systems (ISs) are provided as follows:


The results of completed analysis are shown in Table 1.


1 https://www.asd.gov.au/publications/Information\_Security\_Manual\_2017\_Controls.pdf

2 https://download.gsb.bund.de/BSI/ITGSKEN/IT-GSK-13-EL-en-all\_v940.pdf

3 https://www.gov.uk/government/uploads/system/uploads/attachment\_data/file/647,619/requirements\_archived.pdf 4 http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63b.pdf

5 https://nvd.nist.gov/800-53/Rev4

6 http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63b.pdf

Table 1. Requirements for the periodicity of control.

#### 2.2. Periodic backup parameters

Requirements for periodic monitoring and backup established by current regulatory docu-

2. Parameters of periodic monitoring and recovery in information systems

The main parameters of periodic monitoring and recovery in protected information systems

• frequency of monitoring (internal monitoring) of security functions operability of infor-

• frequency of external (external audit) of security functions operability of information

• update frequency of the information system parameters and characteristics relating to the information security (change of passwords, update of the information security controls

> internal monitoring

ISA 62443–3-3:2013 + + + ISO/IEC 27001:2013/ISO/IEC 27002:2013 + + +

The IT-Grundschutz Catalogs<sup>2</sup> (Germany) + + +

https://www.asd.gov.au/publications/Information\_Security\_Manual\_2017\_Controls.pdf

https://download.gsb.bund.de/BSI/ITGSKEN/IT-GSK-13-EL-en-all\_v940.pdf

http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63b.pdf

http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63b.pdf

PCI DSS + (6 months) + (6 months) + (90 days)

/NIST SP 800-63B<sup>6</sup> (USA) + + +

https://www.gov.uk/government/uploads/system/uploads/attachment\_data/file/647,619/requirements\_archived.pdf

Frequency of external monitoring

+ + + (90 days)

+ + + (180, 120, 90, and

+ + + (180, 120, 90, and

— — +

Frequency of parameters update

60 days)

60 days)

mation security controls used in the information systems;

security controls applied in the information systems; and

The results of completed analysis are shown in Table 1.

Name of document Frequency of

ments are briefly described subsequently.

214 Probabilistic Modeling in System Engineering

2.1. Periodic monitoring parameters

decision rules or signatures).

Australian Government Information Security Manual.

Cyber Essentials Scheme Requirements for basic technical

Information Security Provisions in Federal Information

Requirements for Information Security in Process Control

Table 1. Requirements for the periodicity of control.

protection from cyber attacks3 (Great Britain)

Controls<sup>1</sup> (Australia)

Systems<sup>4</sup> (Russia)

Systems (Russia)

NIST SP 800–53<sup>5</sup>

https://nvd.nist.gov/800-53/Rev4

1

2

3

4

5

6

(ISs) are provided as follows:

In practice [1, 2, 4, 5], the main parameter defining the frequency of periodic information backup is the recovery point objective (RPO)—the maximum period of data loss occurring due to an information security incident. The value recovery time objective (RTO) is the period of the information system unavailability in case of the information security incident. The value of RPO defines the backup frequency (Figure 1).



1 www.nist.gov/sites/default/files/documents/cyberframework/cybersecurity-framework-021214.pdf

Table 2. Requirements for backup frequency.

The analytical review of regulatory documents and methodologies defining the requirements for information security relating to periodic backup and recovery is shown in Table 2.

of the control flow. In this case, the task of providing SW functional stability comes down to

Let us consider the SW life cycle period t, having regard to the conducted inspection control of repeatable accuracy. Because the period t far exceeds the control time, let us assume the latter to be instantaneous. Then, the SW repeatable accuracy is characterized by the probability P(^z <Q) = F^z (Q) that the irregularity/vulnerability/error detection time ^z within the intercontrol interval is not longer than the permissible SW life cycle period Q, where there is an

Let us consider the flow of irregularities (errors and vulnerabilities) to be the simplest one with

�λ<sup>y</sup> (1)

Periodic Monitoring and Recovery of Resources in Information Systems

http://dx.doi.org/10.5772/intechopen.75232

217

gy^ ¼ λe

Let us define a stochastic model for the detection of irregularities. In this case, control is undertaken a certain number of times with equal probability and independently of one another. Thus, the limited flow formed by all the control points is Bernoulli's flow with the density of interval T^

that of optimizing restricted control that meets the condition z(t) < Q(t).

irregularity. A periodic control fragment is shown in Figure 3.

the density of interval y distribution among them: ^

where λ is the intensity of irregularities.

distribution among the control points [11]:

Figure 2. Flows of errors, failures, recovery, and control.

Figure 3. A fragment of the inspection control of an information security tool.

As the completed review shows (Tables 1 and 2), there are clear requirements for periodic monitoring and backup though their main parameters are defined either by expert judgments or by management order.

Considering high subjectivity of such decisions, it is reasonable to develop mathematical models for the calculation of periodic monitoring and backup parameters.
