MODEL FOR INTEGRAL ASSESSMENT OF THE CYBERSECURITY LEVEL OF CORPORATE NETWORKS CONSIDERING THE MUTUAL OVERLAP OF THREATS, VULNERABILITIES AND PROTECTIVE MECHANISMS

Abstract

The article develops a mathematical model for the integral assessment of the cybersecurity level of corporate networks. In contrast to existing approaches, the model considers the mutual overlap of cyber threats, vulnerabilities and protective mechanisms as an interconnected triad rather than isolated components. The concepts of a coverage matrix and a neutralization matrix are introduced, on the basis of which overlap coefficients for the elements of the triad are calculated. An integral cybersecurity indicator I(N) is proposed as a weighted convolution of partial metrics taking the overlap coefficients into account. The model is verified on a test corporate network with 120 nodes, 43 identified vulnerabilities and 18 types of threats. The practical value of the model lies in the possibility of quantitatively ranking protective measures and forecasting residual risk in a dynamic corporate network environment.