The Model of Intrusion into the Information System

Abstract

Categories ‘attack’, ‘intrusion’ and ‘incident’ of information security are defined. The types of intrusions into the information system are revealed, and their brief analysis is given. The proposed model of intrusion into the information system will allow to increase its efficiency at almost all stages of the information security system life cycle. The use of the proposed model is associated with the solution of specific practical problems in the field of information security, including the definition of vulnerabilities of the information system. The latter, in turn, is necessary to determine the elements of the protection system. For example, at the design stage of the information security system, when choosing software protection you need to take into account the location of the intruder relative to the attacked object. When working with functioning systems of information protection, i.e. at the solution of questions of modernization or optimization, changes in the system of information security are resolved in accordance with statistical data for the intrusion into the information system with available results of information security incidents, with the forecast data. Thus, the proposed model of intrusion into the information system is one of the external conditions when working with the information system of the organization (enterprise) may well determine (set) the level of risk of information security of the enterprise.