Information security violator model with general and specialized information

Abstract

User violator model is a collection of data that is used to analyze upcoming threats for our system. These models mostly focus on threats that are related to poorly-trained personnel, competitors that are willing to resort to industrial espionage and all sorts of hackers. User violator model can incorporate information about other non-human threats that can directly affect the actions of the violator. User violator model can contain information about threats for system itself and threats for information that is processed within the system or even a certain aspect of such information. While it is impossible to predict all attacks with absolute certainty, it is still convenient to have at least some insight into violator’s plans. User violator model is also used for reaction planning and system/information recovery planning. Design of user violator models requires specific knowledge about both – the violators and the system. This work is dedicated to processing information about violator within the model in a way that will make it usable in other models. In this article recommendations for design of the violator model with information that differs by level of specialization  are presented. Information of a higher (more generalized) level can be easily transferred to other models (or from current version of the model to the next one) whereas more specialized information is used for quantitative estimations of losses from performed attacks. Various levels of detailing of information about violator correspond to various sets of security mechanisms (“many to one” relation for the level of organization, “one to one” relation for the level of branch, “one to many” relation for the level of current version of the system). Violator model that is designed in accordance to these recommendations allows to account for violator’s control over attack and attacks’ target priority.