Risk assessment methodology for information systems, based on the user behavior and IT-security incidents analysis
Annotation
Obtaining trustworthy estimates for the reliability and security of corporate information systems is an urgent problem. It is not enough just to have estimations for security of software and hardware components. Constant monitoring of a user’s actions and a comprehensive analysis of his (her) behavior in the system are necessary. The novelty of the proposed approach consists in application of psychological profiling methods, models of neuro-fuzzy inference and mechanisms of multidimensional data analysis. Vulnerabilities of computer information systems are determined on the basis of a retrospective analysis of information security incidents. The user’s profile is based on the analysis of his (her) behavior. The patterns of this behavior in a particular computer information system are determined. The work studies the influence of intentional and unintentional user behavior on the probability of information security threats and identifies the threshold values of the number and frequency of the events indicating an information security incident. Such data helped to build a model to search for an intruder during an information security incident. The proposed method was tested in the MatLab software package. The experimental calculations of potential vulnerabilities were performed in the “1C: Enterprise 8.3” system of programs. As the initial data for the calculation, we used the log entries of the actions of more than 100 users with different roles for a period of one year. It is noted that the risk management policy should include a continuous analysis of user actions, as well as the consequences of these actions, in order to identify the goals of such behavior and prevent information security incidents. It is shown that when implementing the proposed methodology, it is necessary to constantly identify users who should not have access to sensitive information from the inside, assuming that a current violator is located within the boundaries of a computer information network. The application of the proposed methodology allows us to increase the level of information security with a constant change in the “working environment” of the information system. It will help to significantly simplify the process of making an objective and reasonable management decision about the most likely implementation of information security incidents. This allows one to take appropriate preventive measures in advance.
Keywords
Постоянный URL
Articles in current issue
- On the feasibility of the monostatic scheme for constructing the land-based telescope at supervision of space objects
- DREM procedure application for piecewise constant parameters identification
- Features of the morphology of micro- and nanoporous copper and silver films synthesized by substitution reaction for photocatalytic application.
- Nature-inspired metaheuristic scheduling algorithms in cloud: a systematic review
- Evaluation of the applicability of asynchronous programming methods to the data consistency problem in a microservices environment
- A factor model for detection and recognition of human face contours and elements
- A study of the stability of information and telecommunication networks under conditions of stochastic percolation of nodes
- Context-free path querying with all-path semantics using matrices with sets of intermediate vertices.
- Decision support system for the proton therapy implementation
- Determination of dangerous driving behavior based on the use of information from wearable electronic devices
- An automata-based programming engine
- Bayesian losses for homoscedastic aleatoric uncertainty modeling in pollen image detection
- The speech synthesis detection algorithm based on cepstral coefficients and convolutional neural network
- Identification of user accounts by image comparison: the pHash-based approach
- A study of human motion in computer vision systems based on a skeletal model
- Solution of super- and hypersonic gas dynamic problems with a model of high-temperature air
- Modeling security violation processes in machine learning systems
- Mathematical modeling of an optimal oncotherapy for malignant tumors.
- A numerical study of the expansion of a gas-particles mixture with axial symmetry.
- The study of the birefrigence modulator based on lithium niobate