Modeling the recovery of the effective activity of the information security incident response team in conditions of increasing intensity of cyber-attacks
Recently, the number of cases of using cyberspace for cyberattacks on individuals, social groups, and society as a whole has been growing rapidly. Such attacks are characterized by the fact that their intensity increases during the attack. As a result, new conditions are created for the activities o...
Saved in:
| Date: | 2021 |
|---|---|
| Main Authors: | , , |
| Format: | Article |
| Language: | Ukrainian |
| Published: |
Інститут проблем реєстрації інформації НАН України
2021
|
| Subjects: | |
| Online Access: | http://drsp.ipri.kiev.ua/article/view/265720 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Journal Title: | Data Recording, Storage & Processing |
Institution
Data Recording, Storage & Processing| Summary: | Recently, the number of cases of using cyberspace for cyberattacks on individuals, social groups, and society as a whole has been growing rapidly. Such attacks are characterized by the fact that their intensity increases during the attack. As a result, new conditions are created for the activities of information security incident response teams (ISIRT). However, the effectiveness of the activities of the ISIRT, which is carried out over a long period of time, decreases due to a number of reasons, in particular, the fatigue of specialists. The study simulates the peculiarities of the operation of the ISIRT under conditions of increasing intensity of cyber-attacks, taking into account the influence of parameters and characteristics of their recovery, which is necessary for the effective functioning of this team. The recovery function of the Poisson flow and its recovery density were obtained, formulas for the recovery functions of the flow of served and lost applications for the process of recovery of the ISIRT during cyber-attacks were proposed. The peculiarity of the model built for research consists in taking into account the parameter of increasing the intensity of identification of information security events. Simulation modeling of the activity of the ISIRT was carried out, which showed that indicators of changes in the effectiveness of their activities in the process of countering cyberattacks with increasing intensity can be predicted using the obtained results. The work of the ISIRT in conditions of increasing intensity of cyber-attacks, taking into account the need to recovery the effective work of specialists, has significant differences from work without taking into account the recovery. In the absence of recovery, there is a decrease in work efficiency due to the loss of the ability to process a number of events the process of countering cyber-attacks. Based on the results of the proposed model, a method has been developed to increase the effectiveness of the ISIRT in countering cyberattacks with increasing intensity. The obtained results make it possible to develop a system of measures that will significantly increase the effectiveness of countering cyberattacks with increasing intensity through the management of the staff of the ISIRT and the use of teams with sufficient countermeasures. |
|---|