THE METHOD OF CALCULATION OF PROBABILITY OF REALIZATION OF THREATS OF INFORMATION WITH THE LIMITED ACCESS FROM AN INTERNAL USER VIOLATOR

O. Boychenko, R. Ziubina
{"title":"THE METHOD OF CALCULATION OF PROBABILITY OF REALIZATION OF THREATS OF INFORMATION WITH THE LIMITED ACCESS FROM AN INTERNAL USER VIOLATOR","authors":"O. Boychenko, R. Ziubina","doi":"10.17721/ists.2019.1.19-26","DOIUrl":null,"url":null,"abstract":"In the article analyzed regulatory documents which regulate the question of information security in the information and telecommunication system. According the results of the analysis the aim of scientific research, which consists in the improvement of method of calculation of probability of realization of threats of information with the limited access from an internal user violator was formed. To achieve this aim, a list of threats of information with limited access which could come from an internal user violator and the internal user violator model was developed. The method of calculation of probability of realization of threats of information with the limited access from an internal user violator was developed and has the followings stages: determination of level of knowledge’s of internal user violator and assessment of the possibility of realizing the threat; forming of model of internal user violator; forming of model of the appearance of the motive of behavior by the internal user violator; calculation of probability of realization of threats of information with the limited access from an internal user violator. The work of the developed method has been tested for the following employees of the institution (organization): the system administrator, the operator of the automated workplace, the telecommunications engineer and the employee who is not the user of the information and telecommunication system and does not belong to the technical personnel. The results of the verification allow conclude that the most probable realization of the threats of information with limited access from the employees of the institution (organization) comes from those employees who are users of the information and telecommunication system, have a high level of knowledge about the possibility of realizing threats and having a motive of behavior – revenge. The developed method of calculation of probability of realization of threats of information with the limited access from an internal user violator in addition to the generally accepted classification of levels of opportunities, methods used of action and place of action, takes into account the motive of wrongful acts by the internal user violator and assessment of his knowledge about the possibility of realizing the threats of information with limited access in the information and telecommunication system","PeriodicalId":426827,"journal":{"name":"Information systems and technologies security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Information systems and technologies security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.17721/ists.2019.1.19-26","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 3

Abstract

In the article analyzed regulatory documents which regulate the question of information security in the information and telecommunication system. According the results of the analysis the aim of scientific research, which consists in the improvement of method of calculation of probability of realization of threats of information with the limited access from an internal user violator was formed. To achieve this aim, a list of threats of information with limited access which could come from an internal user violator and the internal user violator model was developed. The method of calculation of probability of realization of threats of information with the limited access from an internal user violator was developed and has the followings stages: determination of level of knowledge’s of internal user violator and assessment of the possibility of realizing the threat; forming of model of internal user violator; forming of model of the appearance of the motive of behavior by the internal user violator; calculation of probability of realization of threats of information with the limited access from an internal user violator. The work of the developed method has been tested for the following employees of the institution (organization): the system administrator, the operator of the automated workplace, the telecommunications engineer and the employee who is not the user of the information and telecommunication system and does not belong to the technical personnel. The results of the verification allow conclude that the most probable realization of the threats of information with limited access from the employees of the institution (organization) comes from those employees who are users of the information and telecommunication system, have a high level of knowledge about the possibility of realizing threats and having a motive of behavior – revenge. The developed method of calculation of probability of realization of threats of information with the limited access from an internal user violator in addition to the generally accepted classification of levels of opportunities, methods used of action and place of action, takes into account the motive of wrongful acts by the internal user violator and assessment of his knowledge about the possibility of realizing the threats of information with limited access in the information and telecommunication system
计算内部用户违反者在有限访问权限下信息威胁实现概率的方法
本文对规范信息通信系统信息安全问题的规范性文件进行了分析。根据分析结果,形成了科学研究的目的,即改进内部用户违法者有限访问信息威胁实现概率的计算方法。为了实现这一目标,开发了内部用户违规者可能来自有限访问的信息威胁列表和内部用户违规者模型。提出了内部用户违法者有限访问信息威胁实现概率的计算方法,该方法分为以下几个阶段:确定内部用户违法者的知识水平和评估威胁实现的可能性;内部用户违规者模型的形成内部用户违法者行为动机表现模式的形成计算内部用户违反者在有限访问条件下威胁信息实现的概率。所开发的方法的工作已对机构(组织)的以下员工进行了测试:系统管理员、自动化工作场所的操作员、电信工程师和非信息和电信系统用户且不属于技术人员的员工。验证的结果可以得出这样的结论:机构(组织)的员工在有限的访问权限下,最有可能实现信息威胁的员工来自那些使用信息和电信系统的员工,他们对实现威胁的可能性有很高的了解,并且有行为动机-报复。除了普遍接受的机会等级分类、使用的行动方法和行动地点之外,还开发了计算内部用户违法者有限访问信息威胁实现概率的方法;考虑到内部用户违规者的不法行为动机和评估他对信息和电信系统中有限访问实现信息威胁的可能性的了解
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信