Simulation of the Work of the Information Security Incident Response Group in the Conditions of Increasing Cyberattack Intensity
DOI:
https://doi.org/10.31649/1997-9266-2021-159-6-123-130Keywords:
cyberattack, information security incident, response team, effectiveness of counteractionAbstract
Modeling of the Information Security Incident Response Team (ISIRT) functioning and decision-making in the process cyberattacks requires the simultaneous use of parameters and characteristics at, on the one hand, directly characterize cyberattacks and their deployment over time, and, on the other hand, require taking into account the parameters and indicators that characterize the activities of specialists in a stressful situation. ISIRT’s activities are to counter cyberattacks aimed at destabilizing the social state of society by disseminating harmful information. The paper builds a model to describe the features of the ISIRT, taking into account the impact of the parameter of increasing the intensity of information security incidents on the quality of analysis of the system in real time, using the functions of responding to information security violations. The peculiarity of the constructed model is that for the first time the overload mode is taken into account, i.e. the influence of the introduced parameter of increasing the intensity of information security event identification is taken into account. The conditions under which the ISIRT is transitioning to a regime that does not meet the sufficient criterion of ergodicity, when the group will not be able to effectively cope with the deployment of cyber attacks in time. Simulation modeling of ISIRT activity is carried out and the presence of transition to the mode, which is caused by the lack of ergodic property of the system functioning, when changing the parameter of increasing the intensity of information security event identification, is shown. The obtained results allow predicting the appearance of the overload mode caused by the lack of ergodic properties of the system operation, in the conditions of which the activity of this ISIRT ceases to be effective. This allows you to set certain thresholds for the time of effective operation of this ISIRT during a cyber attack. As a result, the existing set of ISIRT can be characterized by certain quantitative indicators that characterize the time of effective operation of this ISIRT, depending on the identified characteristics of the cyber attack. Based on the developed model, new methods of countering cyberattacks can be developed, which will be based on identifying the required characteristics of the temporal deployment of cybersecurity incidents and on their basis redirecting control from one ISIRT to another during the incident. This will require the creation of a database with the necessary characteristics for those ISIRTs that may be involved in the process of countering cyberattacks.
References
В. І. Андреєв, В. О. Хорошко, В. С. Чередниченко, і М. Є. Шелест, Основи інформаційної безпеки. Київ, Україна: вид. ДУІКТ, 2009.
В. І. Андреєв, В. Д. Козюра, Л. М. Скачек, і В. О. Хорошко, Стратегія управління інформаційною безпекою. Київ, Україна: ДУІКТ, 2007.
М. В. Белов, и Д. А. Новиков, Модели деятельности (основы математической теории деятельности). Москва, РФ: Ленанд, 2021.
Е. С. Вентцель, и Л. А. Овчаров, Теория случайных процессов и её инженерные приложения. Москва: Наука. ред. физ.-мат. лит, 1991.
О. Є. Голоскоков, А. О. Голоскокова, і Є. О. Мошко, Основи теорії експоненціальних систем масового обслуговування. Харків, Україна: НТУ «ХПІ», 2017.
М. Маталыцкий, и Г. Хацкевич, «Теория вероятности и математическая статистика,» ЛитРес, 2021. [Электронный ресурс] Режим доступу: https://www.litres.ru .
Т. В. Кілочицька, «Еволюція ергодичної теорії,» Наука та наукознавство, № 7 (106), с. 102-115, 2019.
Я. Г. Синай, И. П. Корнфельд, и С. В. Фомин, Эргодическая теория. Москва: Наука, 1980.
В. Б. Копей, Мова програмування Python для інженерів і науковців. Івано-Франківськ, Україна: ІФНТУНГ, 2019.
В. Кельтон, и А. Лоу, Имитационное моделирование. Классика CS. 3-е изд . СПб, РФ: Питер; Киев, Украина: Издательская группа BHV, 2004.
Downloads
-
PDF (Українська)
Downloads: 149
Published
How to Cite
Issue
Section
License
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors who publish with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).