Conditions-factors are fixed limitations for conducting an attack. Discrepancy of condition-factors makes it impossible to either start an attack or to finish the current attack’s step. In certain cases the lack in one condition-factor can be compensated with excess of another condition-factor or via spending additional resource-factors.
The influence on resource-factors and condition-factors is laid as a basis of protection strategies. The strategy of increasing the values of condition-factors for violator decreases the total amount of attacks on a system by screening beginner violators. The threat level from groups of violators and from experienced violators will remain unchanged. The strategy of increasing the rate of resource-factors spending is designed to interrupt attacks in progress. Strategy of decreasing the amount of resource-factors that can be replenished after successful completion of certain steps of attack scenario is meant to decrease violator’s interest in attacking specifically our system and to decrease the chances of attack repetition if an attack occurred.
Yu. M. Polekhina, D. S. Tymofeiev (2010). Model Porushnyka. Meta ta Pryntsypy Rozrobky. Sovremennyye informatsionnyye tekhnologii. [Online]. Available: http://www.rusnauka.com/11_EISN_2010/Informatica/63866.doc.htm
D. S. Biriukov, V. A. Zaslavskyi, V. V. Yevhiienko and O. V. Franchuk, “Modeliuvannia ta Otsinka Stsenariiv Zahroz dlia Obiektiv krytychnoi Infrastruktury,” NAUKOVI ZAPYSKY, vol. 99, pp. 97-101, 2009
V. L. Buriachok, “Model Formuvannia Dereva Atak dlia oderzhannia Informatsii v informatsiino-telekomunikatsiinykh Systemakh i Merezhakh pry vyluchenomu Dostupi.” Informatyka ta matematychni metody v modeliuvanni, vol. 3, ?2, pp. 123-131, 2013
M.M. Voitko, “Pobudova uzahalnenoi Modeli Zahroz dlia System Internet-bankinhu.” Financialspace, vol. 3(15), pp. 33-38, 2014
I. V. Kotenko, M. V. Stepashkin (2013). Modeli Deystviy Khakerov-zloumyshlennikov pri Realizatsii raspredelennykh mnogoshagovykh Atak. [Online]. Available: http://masters.donntu.org/2013/fknt/zhadanov/library/kotenko_z.pdf
Metodika Opredeleniya Ugroz Bezopasnosti Informatsii v Informatsionnykh Sistemakh, Metodic Document 2015.
M. Bergh, K. Njenga, “Information Security Policy Violation: The Triad of Internal Threat Agent Behaviors,” Proceedings of the 1st International Conference on the Internet, Cyber Security, and Information Systems (ICICIS), Gaborone, 18-20 May 2016.
A. Loukaka, S. M. Rahman Shawon, “Discovering new Cyber Protection Approaches from a Security Professional Perspective,” International Journal of Computer Networks & Communications (IJCNC), vol. 9, ?4, pp.13-25, July 2017.
S. S. Park, A. B. Ruighaiver, S. B. Maynard and A. Ahmad, “Towards Understanding Deterrence: Information Security Managers’ Perspective.” Proceedings of the International Conference on IT Convergence and Security 2011, Lecture Notes in Electrical Engineering 120, December 2012.
E. T. Jensen, “Cyber Deterrence.” Emory international law review, vol. 26, pp. 774-824, May 29, 2012. [Online]. Available: https://ssrn.com/abstract=2070438
H. Mouratidis, P. Giorgini and G. Manson, “Using Security Attack Scenarios to analyse Security during information Systems Design,” Proceedings International Conference on Enterprise Information Systems, pp. 10-17, Porto, Portugal, 2004
S. Abraham, “Information Security Behavior: Factors and Research Directions.” AMCIS 2011 Proceedings - All Submissions, 462, [Online]. Available: http://aisel.aisnet.org/amcis2011_submissions/462
This work is licensed under a Creative Commons Attribution 4.0 International License.
The names and email addresses entered in this journal site will be used exclusively for the stated purposes of this journal and will not be made available for any other purpose or to any other party.
Submission of the manuscript represents that the manuscript has not been published previously and is not considered for publication elsewhere.