Mathematical model of information security event management using Markov chain in industrial systems

This paper examines the problem of ensuring information security in industrial Internet of Things systems. The study found that in order to comprehensively protect the information perimeter of an industrial enterprise from external and internal threats, in most cases information security event and incident management systems (SIEM systems) with customized rules for correlating events in the information infrastructure are used. At the same time, there is a need to create a mathematical apparatus that allows one to accurately and objectively assess the effectiveness of the SIEM system. As a result of the study, the problem of preventing information security incidents in industrial Internet of Things systems was formalized based on the developed mathematical model for managing information security events using a continuous-time Markov chain.