Москва
+7-929-527-81-33
Вологда
+7-921-234-45-78
Вопрос юристу онлайн Юридическая компания ЛЕГАС Вконтакте

The informal intruder model

Обновлено 23.01.2024 06:33

 

A violator is a person who has attempted to perform prohibited operations (actions) by mistake, ignorance or consciously with malicious intent (out of selfish interests) or without it (for the sake of play or pleasure, for the purpose of self-affirmation, etc.) and uses various possibilities, methods and means for this.

An attacker is a violator who intentionally commits a violation for selfish reasons.

The informal model of the violator reflects his practical and theoretical capabilities, a priori knowledge, time and place of action, etc. By investigating the causes of violations, you can either influence these causes themselves, or more precisely determine the requirements for a system of protection against this type of violations or crimes.

In each specific case, based on a specific information processing technology, a model of the violator can be determined, which should be adequate to the real violator for this system.

An informal intruder model is developed when designing a security system and evaluating the security of information.

When developing the violator model

, the following assumptions are determined about the categories of persons to which the violator may belong;

assumptions about the motives of the violator's actions (the goals pursued by the violator);

assumptions about the violator's qualifications and technical equipment (about the methods and means used to commit the violation);

limitations and assumptions about the nature of possible actions of violators.

In relation to the system, violators can be internal (from among the system staff) or external (outsiders). Practice shows that internal violators account for more than 2/3 of the total number of violations.

An internal violator may be a person from the following categories of personnel:

managers of various levels of the official hierarchy.

users of the system;

employees of software development and maintenance departments;

technical equipment maintenance personnel;

technical staff servicing buildings (cleaners, electricians, plumbers, etc.);

security staff.

Unauthorized persons who may be violators:

visitors;

customers;

representatives of organizations interacting on issues of ensuring the vital activity of the organization (energy supply, water supply, heat supply, etc.);

representatives of competing organizations (foreign special services) or persons acting on their instructions;

persons who accidentally or intentionally violated the access control (without the purpose of violating security);

any persons outside the controlled territory.

There are three main motives for violations: irresponsibility, self-assertion and self-interest.

In case of violations caused by irresponsibility, the user purposefully or accidentally performs any destructive actions, however unrelated to malicious intent. In most cases, this is the result of incompetence or negligence.

Classification of violators

By the level of knowledge about the system:

1) knowledge of functional features, basic patterns of formation in the system of data arrays and query flows to them, the ability to use standard tools;

2) having a high level of knowledge and experience working with the technical means of the system, as well as experience in their maintenance; 3) having a high level of knowledge in the field of programming and computer technology, design and operation of automated information systems;

4) knowledge of the structure, functions and mechanisms of action of protective equipment, their strengths and weaknesses.

According to the level of capabilities:

The first level determines the lowest level of dialogue capabilities: launching tasks (programs) from a fixed set that implement predefined information processing functions.

The second level determines the possibility of creating and running your own programs with new information processing functions.

The third level determines the ability to control the functioning of the system, i.e. the impact on the basic software of the system and on the composition and configuration of its equipment.

The fourth level determines the full scope of capabilities of persons engaged in the design, implementation and repair of technical means of the system, up to the inclusion of their own technical means with new information processing functions.

The classification is hierarchical, i.e. each next level includes the functionality of the previous one.

At his level, the offender is a highly qualified specialist, knows everything about the information system, in particular, about the system and its means of protection.

The classification according to the level of capabilities is given in the guidance document of the State Technical Commission "The concept of protection of computer equipment and automated systems from unauthorized access to information" in the section "Intruder model in an automated system".

By time of action:

during operation (during operation of the system components);

during the period of inactivity of the system components (during non-working hours, during scheduled breaks in its operation, breaks for maintenance and repair, etc.);

both during operation and during the period of inactivity of the system components.

At the place of action:

without access to the controlled territory of the organization;

from a controlled area without access to buildings and structures;

indoors, but without access to technical facilities;

from the workplaces of end users (operators);

with access to the data zone (databases, archives, etc.);

with access to the security management zone.

Determining the specific characteristics of possible violators is largely subjective. The intruder's model, built taking into account the specifics of a specific subject area and information processing technology, can be represented by listing several variants of his appearance. Each type of intruder must be identified using the characteristics given above.