МЕТОД РОЗРАХУНКУ ЙМОВІРНОСТІ РЕАЛІЗАЦІЇ ЗАГРОЗ ІНФОРМАЦІЇ З ОБМЕЖЕНИМ ДОСТУПОМ ВІД ВНУТРІШНЬОГО ПОРУШНИКА

Abstract

In the article analyzed regulatory documents which regulate the question of information security in the information and telecommunication system. According the results of the analysis the aim of scientific research, which consists in the improvement of method of calculation of probability of realization of threats of information with the limited access from an internal user violator was formed. To achieve this aim, a list of threats of information with limited access which could come from an internal user violator and the internal user violator model was developed. The method of calculation of probability of realization of threats of information with the limited access from an internal user violator was developed and has the followings stages: determination of level of knowledge’s of internal user violator and assessment of the possibility of realizing the threat; forming of model of internal user violator; forming of model of the appearance of the motive of behavior by the internal user violator; calculation of probability of realization of threats of information with the limited access from an internal user violator. The work of the developed method has been tested for the following employees of the institution (organization): the system administrator, the operator of the automated workplace, the telecommunications engineer and the employee who is not the user of the information and telecommunication system and does not belong to the technical personnel. The results of the verification allow conclude that the most probable realization of the threats of information with limited access from the employees of the institution (organization) comes from those employees who are users of the information and telecommunication system, have a high level of knowledge about the possibility of realizing threats and having a motive of behavior – revenge. The developed method of calculation of probability of realization of threats of information with the limited access from an internal user violator in addition to the generally accepted classification of levels of opportunities, methods used of action and place of action, takes into account the motive of wrongful acts by the internal user violator and assessment of his knowledge about the possibility of realizing the threats of information with limited access in the information and telecommunication system.