The main directions and methods of threat implementation
The main directions of the attacker's implementation of information threats include:
direct access to access objects;
creation of software and hardware tools that access access objects bypassing security measures;
modification of security tools to implement threats to information security;
the introduction of software or technical mechanisms into technical means that violate the intended structure and functions of the system.
The main methods of implementing information security threats include:
determining the type and parameters of media by an attacker;
obtaining information by an attacker about the software and hardware environment, the type and parameters of computer equipment, the type and version of the operating system, and the composition of the application software;
obtaining detailed information by an attacker about the functions performed by the system;
obtaining data about the security systems used by an attacker;
defining the way information is presented;
the attacker determines the content of the data processed in the system at a qualitative level (used for monitoring and decryption of messages);
theft (copying) of machine media containing confidential data;
the use of special technical means to intercept spurious electromagnetic radiation and interference (PEMIN);
destruction of computer equipment and media;
unauthorized user access to system resources bypassing or by overcoming protection systems using special tools, techniques, methods;
unauthorized abuse of the user's authority;
unauthorized copying of the software;
interception of data transmitted over communication channels;
visual observation;
disclosure of information presentation (data decryption);
disclosure of information content at the semantic level;
destruction of media;
unauthorized changes by the user to the software and hardware components of the system and the processed data;
installation and use of non-standard hardware and/or software;
infection with software viruses;
distortion of data representation, destruction of data at the presentation level, distortion of information during transmission over communication lines;
The introduction of disinformation;
disabling information carriers without destruction;
the manifestation of errors in the design and development of hardware and software components;
distortion of the correspondence of syntactic and semantic constructions of the language;
prohibition on the use of information.
The listed methods of threat implementation cover all levels of information presentation.
