Graphoanalytic model of the process of eliminating the consequences of computer attacks and responding to computer incidents
Abstract
Graphoanalytic model of the process of eliminating the consequences of computer attacks and responding to computer incidents
Incoming article date: 15.03.2022The most important task of the theory and practice of information security is to analyze the process of functioning of the subsystem for responding to computer incidents and eliminating the consequences of computer attacks of the information protection system of automated special-purpose systems under the influence of computer attacks by an attacker on the protected information resource, service or network, which involves modeling the response process. A generalized model of the process of eliminating the consequences of computer attacks and responding to computer incidents is presented in the form of a directed graph, where the vertices correspond to the states of the subsystem, and the arcs correspond to transitions from state to state. The description of the subsystem functioning in the state space allows you to simulate the process of responding to computer incidents and eliminating the consequences of computer attacks, evaluating generalized indicators of the time spent by the subsystem in various states and promptly manage the response process by changing the controlled parameters of the model. The model takes into account many types of computer attacks and many strategies for managing information security tools in the process of eliminating the consequences of computer attacks, is the theoretical basis for the development of a methodological apparatus for analyzing, evaluating and prioritizing the processing of computer incidents, as well as the study of issues of dynamic management of the subsystem of responding to computer incidents in order to increase the efficiency of its functioning. The use of the proposed model makes it possible to apply both empirical values of the implementation time of the response and counteraction subprocesses obtained as a result of measurements or modeling, and the theoretical basis for modeling the counteraction of information security tools to computer attacks of various types.
Keywords: automated special purpose system, simulation, information security system, information security tools, computer incident, computer attack, system status