Introducing GAMfIS: A generic attacker model for information security

Abstract

Since the employment of digital technologies in more and more domains, such as finance, industry, government, health and many more, the amount of data stored digitally has vastly increased. This offers new opportunities to malicious adversaries who, for financial, ethical or political reasons, want to access or modify this data. In order to enable owners of IT-systems to assess threats and risks, we propose an attacker model named GAMfIS that groups types of attackers by their motivations, skills and resources. We compared GAMfIS to existing models, allowing for a comprehensive evaluation. In addition to that, we applied our model to a simplified risk assessment of a current use case to demonstrate the capabilities of GAMfIS. We conclude our work by highlighting the perks of GAMfIS.