articles

The work is aimed at improving the efficiency of cybersecurity management (­CS) of economic entities (­SED) by organizing effective ­CB monitoring, taking into account such features of its process as the heterogeneity of sources of initial ­CB monitoring data, their presentation in different data formats, their inaccuracy, and largely uncertainty and noisiness, as well as a large number of ­KB events processed by heterogeneous components of the ­ERMS ­KB monitoring system. In this paper, in contrast to existing methods, a complex two-stage method for fuzzy clustering of ­SI events is proposed, taking into account the assessment of the criticality of ­SI events and the functionality of the ­ES ­IS monitoring system. At the first stage, the ­KB event clustering model based on the fuzzy c-means method is used. This model allows splitting the set of ­CI events into several fuzzy clusters according to the a priori probability that the ­CI event is an incident. At the second stage, to refine the results of the clustering of ­SI events obtained at the first stage, the model of clustering of ­SI incidents based on the method of extracting α-kernels of fuzzy clusters is used. This model allows you to manually select the thresholds for the degree of belonging of ­SI incidents to fuzzy clusters, taking into account additional information and features of processing ­SI incidents in the ­SI monitoring system of a particular ­EDMS. The paper evaluates the effectiveness of the two-stage method of fuzzy clustering of ­KB incidents in the ­EDMS ­KB monitoring system. The proposed approach makes it possible to increase the efficiency of ­ERMS ­CM monitoring and reduce the period of time required to make a decision on the ­ERMS ­CM management due to the complex consideration of the features of ­CM event processing in the ­ERMS ­CM monitoring system.