Description: The article proposes a variant of using the mathematical apparatus of game theory to justify making a decision on the choice of a variant of constructing an information protection system for a corporate network. The initial data for the task were: – a typical corporate network, the protection of which presupposes the availability of various software and hardware equipment (devices of protection), the list and combination of which are selected by the network administrator, taking into account the limited budget for their acquisition and exploitation; – list of typical corporate network threats that can lead to violation of integrity, confidentiality and availability of information It is shown that the problem under consideration can be referred to a zero-sum dueling game, of which the player is an administrator and a potential attacker. It is considered that the attacker uses vulnerabilities to damage the company. The task of the administrator is to choose effective devices of protecting the corporate network, provided that the company's limited budget. The ways of solving this class of problems are indicated. It is shown that for the given initial data, the Brown-Robinson iterative method can be applied. Thus, in this article, the task was solved that was to develop a method for choosing an appropriate variant of constructing a system for protecting information from attacks by the criterion of minimizing the potential damage from attacks with a zerosum duel game. The results of the work can be useful for business executives or responsible persons in various corporate networks of companies who are trying to choose effective and useful software and hardware (protection devices) to protect information in view of a limited budget.
Keywords: information security, threat, antagonistic game, vulnerability, asset