The relevance of the article is due to the need to protect information at all stages of creating an information system in the absence of appropriate organizational and technical support. To justify this kind of provision, mathematical models are needed that take into account the conditions and the random nature of the implementation of heterogeneous information processing processes in time at each stage, threats to its security and protection from these threats. The article discusses approaches to the development of such models based on the apparatus of flow theory and the theory of composite Petri ‒Markov networks, the possibilities of which for modeling the processes under study have not been previously considered. The purpose of the article. To reveal the content of issues related to the justification of organizational and technical support for information protection at the stages of creating an information system, to show the need and ways to quantify threats to its security and protection from these threats. For this purpose, the methods of functional and structural analysis, probability theory and flow theory were applied. In the course of solving the scientific problem, the relevance of substantiating the organizational and technical support of information protection at the stages of creating information systems is shown, descriptive models of its processing processes are developed, time diagrams of threat scenarios are given in the absence of protection measures and in the conditions of using preventive organizational and technical measures, indicators and analytical ratios for their calculation are proposed. The scientific novelty of the article consists in the fact that for the first time it examines the issues of organizational and technical support for information protection at the stages of creating an information system, examines the theoretical aspects of quantifying threats to its security and protection from these threats based on flow theory and prospects for applying the theory of composite Petri-Markov networks. Significance (theoretical). The conditions for the implementation of the studied processes and the possibility of applying the theory of flows and the apparatus of composite Petri–Markov networks for their modeling are established. Significance (practical). The results obtained in the work can be used to justify the organizational and technical provision of information protection at the stages of creating information systems of various organizations (both state and non-state), for which the implementation of threats at these stages may lead to damage to their activities.
