Abstract

This paper is devoted to developed description of informative model of the user, who may be under the threat of socioengineering attack, and some other models, which is connected to the first one: users group model, model of control area, informative objects (documents) model. Specified informative model are included into the base for analyzing of the protection of users of informative system from socioengineering attack. Informative model of the user allows to consider name and surname of the user, his post in the organization, belongings of user to user group, and vulnerability of the user on socioengineering attacks. informative model of user group allows to consider name of user group, it’s description, allows for different atomic actions which user can perform with informative objects, type of access to information objects and information objects, which this group of users can use. Informative model of control area allows to consider name of control area and it’s description. Information model of information objects includes damage estimation of losses of confidentially, losses of integrity and losses of sufficiency. The example of socioengineering attack is brought. Development of this attack is described through suggested informative models.

Highlights

  • Information model of the user, who may be under the threat of socioengineering attack

  • This paper is devoted to developed description of informative model of the user, who may be under the threat of socioengineering attack, and some other models, which is connected to the first one: users group model, model of control area, informative objects model

  • Чтобы обеспечить имитацию отдельной социоинженерной атаки и на основе перебора всех возможных атак построить дерево атак, предназначенное для последующего вывода оценки степени защищенности комплекса «информационная система—персонал», необходимо использовать формальное описание контекста, в котором атака осуществляется

Read more

Summary

Introduction

Информационная модель пользователя, находящегося под угрозой социоинженерной атаки. Статья посвящена развернутому описанию информационной модели пользователя, находящегося под угрозой социоинженерной атаки, и ряду других моделей, связанных с упомянутой: групп пользователей, контролируемых зон, информационных объектов (документов). Указанные информационные модели входят в состав базы для анализа защищенности персонала информационной системы от социоинженерных атак.

Results
Conclusion

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.