METHOD OF FORMATION OF PARAMETERS AND ASSESSMENT OF THREATS IN SOCIOTECHNICAL SYSTEMS
DOI:
https://doi.org/10.32782/IT/2023-2-1Keywords:
risks, attacks, sociotechnical systems, profiling system, linguistic parameters, expert methods, method of forming parameters of functional responsibilities, information security.Abstract
Today, the level of information attacks, which include the human factor, is increasing significantly. A large part of them is information gathering with the help of phishing and insider attacks, social engineering and other types of cyber attacks. The key problem of effective detection of relevant attacks is that the parameters that can be used to describe certain processes have a large number of difficult to describe concepts, relations and specific features. Also, as an investigation, there is a lack of necessary methods and systems aimed at assessing related threats and risks and identifying relevant attacks. With this in mind, there is an increase in these attacks and the need for threat and risk assessment systems related to the human factor. And the development of appropriate means of forming functional responsibilities for threat assessment is one of the components of this topic, which will allow considering threats in sociotechnical systems from the standpoint of functional responsibilities of the personnel of a certain system is an actual scientific task. Based on this, the goal of the work is to develop a method of forming the parameters of functional duties for the assessment of threats in sociotechnical systems. The article defines the basic structure of the employee’s profile and the key positions of the proposed approach, which include the general characteristics of the employee and the specific component of the profile. And taking into account the basic structure of the profile, parameters reflecting certain functional duties for further assessment of threats in socio-technical systems were formed.
References
2020 Data Breach Investigations Report. URL: https://enterprise.verizon.com /resources/reports/2020-data- breach-investigations-report.pdf (дата звернення: 02.09.2022).
Cisco Annual Cybersecurity Report 2018. URL: https://www.cisco.com /c/dam/m/hu_hu/ campaigns/ security-hub/pdf/acr-2018.pdf (дата звернення: 11.09.2022).
Cisco Annual Cybersecurity Report 2018. URL: https://www.cisco.com/c/dam/m/en_hk/ciscolive/2020-ciso- benchmark-cybersecurity-series.pdf (дата звернення: 11.09.2022).
Систематизований досвід війни: актуальні питання ІТ та кібербезпеки в Україні. European Business Association URL: https://eba.com.ua/systematyzovanyj-dosvid-vijny-aktualni-pytannya-it-ta-kiberbezpeky- v-ukrayini/ (дата звернення: 22.04.2023).
5 актуальних тенденцій у галузі кібербезпеки в 2021 році URL: https://www.kliksolutions.com.ua/ great-info/5-aktualnyh-tendenczij-u-galuzi-kiberbezpeky-v-2021-roczi/ (дата звернення: 22.04.2023).
Кібербезпека у 2021 – чим запам’ятався цей рік? ESET | ESET URL: https://www.eset.com/ua/about/ newsroom/press-releases/malware/itogi-goda-kakim-byl-2021-dlya-kiberbezopasnosti/ (дата звернення: 22.04.2023).
The human factor is key to good security. URL: https://www.computerweekly.com/opinion/The-humanfactor- is-key-to-good-security (дата звернення: 11.09.2021).
David Lacey (2009). Managing the Human Factor in Information Security, How to win over staff and influence business managers, Chichester, John Wiley & Sons Ltd.
Коцюк Ю. А. Роль людського чинника у питаннях захисту інформаційних систем. URL: https:// psj.oa.edu.ua/articles/2012/n20/%D0%9A%D0%BE%D1%86%D1%8E%D0%BA.pdf (дата звернення: 20.09.2021).
Маслова Ю.Ю. Інформаційна безпека і людський фактор. URL: http://webcache.googleusercontent.com/ search?q=cache:XmsbYCGJ78gJ:journals.dut.edu.ua/index.php/dataprotect/article/view/2462/2362+&cd=6& hl=uk&ct=clnk&gl=ua (дата звернення: 20.09.2021).
Ліпкан В. А., Максименко Ю. Є., Желіховський В. М. Інформаційна безпека України в умовах євроінтеграції : навчальний посібник. Київ : КНТ, 2006. 280 с. (Серія: Національна і міжнародна безпека).
Christopher Hadnagy. Social Engineering: The Science of Human Hacking. John Wiley & Sons, 2018. 320 p.
Sharon Conheady. Social Engineering in IT Security: Tools, Tactics, and Techniques: Testing Tools, Tactics & Techniques. McGraw Hill Professional, 2014. 272 p.
Leron Zinatullin. The Psychology of Information Security: Resolving conflicts between security compliance and human behaviour. IT Governance Publishing. 2016. 116 pages.
Serhii Yevseiev, Oleksandr Laptiev, Sergii Lazarenko, Anna Korchenko, Іryna Manzhul / Model the protection of personal data from trust and the amount of information on social networks. Eureka: Physics and Engineering. 2021. Vol.32. №.1. Pp. 24–31.
Корченко О.Г. Побудова систем захисту інформації на нечітких множинах: теорія та практичні рішення. Київ : МК-Прес, 2006. 320 с. 17. Анна Корченко, Методи ідентифікації аномальних станів для систем виявлення вторгнень : монографія, Київ : ЦП «Компринт», 2019. 361 с.
Improved method for the formation of linguistic standards for of intrusion detection systems / Akhemetov Bakhytzhan, Korchenko Anna, Akhmetova Sanzira, Zhumangalieva Nazym. Journal of Theoretical and Applied Information Technology. 2016. Vol.87. №. 2. Pp. 221–232.
Detection environment formation method for anomaly detection systems / Nazym Zhumangaliyeva, Anna Korchenko, Aliya Doszhanova, Aigul Shaikhanova, Shangytbayeva Gulmira Avkurova Zhadyra. Journal of Theoretical and Applied Information Technology. 2019. Vol. 97. № 16. Pp. 4239–4250.
А. Korchenko, V. Breslavskyi, S. Yevseiev, N Zhumangalieva, A. Zvarych, S. Kazmirchuk, O. Kurchenko, О. Laptiev, О. Sievierinov, S. Tkachuk / Development of a method for constructing linguistic standards for multi-criterial assessment of honeypot efficiency. Eastern-European Journal of Enterprise Technologies. 2021. Vol. 109. № 1/2. Pp. 14–23.
