Modeling the recovery of the effective activity of the information security incident response team in conditions of increasing intensity of cyber-attacks
Recently, the number of cases of using cyberspace for cyberattacks on individuals, social groups, and society as a whole has been growing rapidly. Such attacks are characterized by the fact that their intensity increases during the attack. As a result, new conditions are created for the activities o...
Gespeichert in:
| Datum: | 2021 |
|---|---|
| Hauptverfasser: | , , |
| Format: | Artikel |
| Sprache: | Ukrainian |
| Veröffentlicht: |
Інститут проблем реєстрації інформації НАН України
2021
|
| Schlagworte: | |
| Online Zugang: | http://drsp.ipri.kiev.ua/article/view/265720 |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| Назва журналу: | Data Recording, Storage & Processing |
Institution
Data Recording, Storage & Processing| id |
drspiprikievua-article-265720 |
|---|---|
| record_format |
ojs |
| institution |
Data Recording, Storage & Processing |
| baseUrl_str |
|
| datestamp_date |
2022-10-17T01:19:25Z |
| collection |
OJS |
| language |
Ukrainian |
| topic |
cyber-attack information security incident response team increasing intensity recovery process |
| spellingShingle |
cyber-attack information security incident response team increasing intensity recovery process Дьогтєва, І. О. Шиян, А. А. Катаєв, В. С. Modeling the recovery of the effective activity of the information security incident response team in conditions of increasing intensity of cyber-attacks |
| topic_facet |
кібератака інцидент інформаційної безпеки група реагування наростання інтенсивності процес відновлення cyber-attack information security incident response team increasing intensity recovery process |
| format |
Article |
| author |
Дьогтєва, І. О. Шиян, А. А. Катаєв, В. С. |
| author_facet |
Дьогтєва, І. О. Шиян, А. А. Катаєв, В. С. |
| author_sort |
Дьогтєва, І. О. |
| title |
Modeling the recovery of the effective activity of the information security incident response team in conditions of increasing intensity of cyber-attacks |
| title_short |
Modeling the recovery of the effective activity of the information security incident response team in conditions of increasing intensity of cyber-attacks |
| title_full |
Modeling the recovery of the effective activity of the information security incident response team in conditions of increasing intensity of cyber-attacks |
| title_fullStr |
Modeling the recovery of the effective activity of the information security incident response team in conditions of increasing intensity of cyber-attacks |
| title_full_unstemmed |
Modeling the recovery of the effective activity of the information security incident response team in conditions of increasing intensity of cyber-attacks |
| title_sort |
modeling the recovery of the effective activity of the information security incident response team in conditions of increasing intensity of cyber-attacks |
| title_alt |
Моделювання відновлення ефективної діяльності групи реагування на інциденти інформаційної безпеки в умовах наростання інтенсивності кібератак |
| description |
Recently, the number of cases of using cyberspace for cyberattacks on individuals, social groups, and society as a whole has been growing rapidly. Such attacks are characterized by the fact that their intensity increases during the attack. As a result, new conditions are created for the activities of information security incident response teams (ISIRT). However, the effectiveness of the activities of the ISIRT, which is carried out over a long period of time, decreases due to a number of reasons, in particular, the fatigue of specialists. The study simulates the peculiarities of the operation of the ISIRT under conditions of increasing intensity of cyber-attacks, taking into account the influence of parameters and characteristics of their recovery, which is necessary for the effective functioning of this team. The recovery function of the Poisson flow and its recovery density were obtained, formulas for the recovery functions of the flow of served and lost applications for the process of recovery of the ISIRT during cyber-attacks were proposed. The peculiarity of the model built for research consists in taking into account the parameter of increasing the intensity of identification of information security events. Simulation modeling of the activity of the ISIRT was carried out, which showed that indicators of changes in the effectiveness of their activities in the process of countering cyberattacks with increasing intensity can be predicted using the obtained results. The work of the ISIRT in conditions of increasing intensity of cyber-attacks, taking into account the need to recovery the effective work of specialists, has significant differences from work without taking into account the recovery. In the absence of recovery, there is a decrease in work efficiency due to the loss of the ability to process a number of events the process of countering cyber-attacks. Based on the results of the proposed model, a method has been developed to increase the effectiveness of the ISIRT in countering cyberattacks with increasing intensity. The obtained results make it possible to develop a system of measures that will significantly increase the effectiveness of countering cyberattacks with increasing intensity through the management of the staff of the ISIRT and the use of teams with sufficient countermeasures. |
| publisher |
Інститут проблем реєстрації інформації НАН України |
| publishDate |
2021 |
| url |
http://drsp.ipri.kiev.ua/article/view/265720 |
| work_keys_str_mv |
AT dʹogtêvaío modelingtherecoveryoftheeffectiveactivityoftheinformationsecurityincidentresponseteaminconditionsofincreasingintensityofcyberattacks AT šiânaa modelingtherecoveryoftheeffectiveactivityoftheinformationsecurityincidentresponseteaminconditionsofincreasingintensityofcyberattacks AT kataêvvs modelingtherecoveryoftheeffectiveactivityoftheinformationsecurityincidentresponseteaminconditionsofincreasingintensityofcyberattacks AT dʹogtêvaío modelûvannâvídnovlennâefektivnoídíâlʹnostígrupireaguvannânaíncidentiínformacíjnoíbezpekivumovahnarostannâíntensivnostíkíberatak AT šiânaa modelûvannâvídnovlennâefektivnoídíâlʹnostígrupireaguvannânaíncidentiínformacíjnoíbezpekivumovahnarostannâíntensivnostíkíberatak AT kataêvvs modelûvannâvídnovlennâefektivnoídíâlʹnostígrupireaguvannânaíncidentiínformacíjnoíbezpekivumovahnarostannâíntensivnostíkíberatak |
| first_indexed |
2025-07-17T10:58:41Z |
| last_indexed |
2025-07-17T10:58:41Z |
| _version_ |
1837891502623162369 |
| spelling |
drspiprikievua-article-2657202022-10-17T01:19:25Z Modeling the recovery of the effective activity of the information security incident response team in conditions of increasing intensity of cyber-attacks Моделювання відновлення ефективної діяльності групи реагування на інциденти інформаційної безпеки в умовах наростання інтенсивності кібератак Дьогтєва, І. О. Шиян, А. А. Катаєв, В. С. кібератака, інцидент інформаційної безпеки, група реагування, наростання інтенсивності, процес відновлення cyber-attack, information security incident, response team, increasing intensity, recovery process Recently, the number of cases of using cyberspace for cyberattacks on individuals, social groups, and society as a whole has been growing rapidly. Such attacks are characterized by the fact that their intensity increases during the attack. As a result, new conditions are created for the activities of information security incident response teams (ISIRT). However, the effectiveness of the activities of the ISIRT, which is carried out over a long period of time, decreases due to a number of reasons, in particular, the fatigue of specialists. The study simulates the peculiarities of the operation of the ISIRT under conditions of increasing intensity of cyber-attacks, taking into account the influence of parameters and characteristics of their recovery, which is necessary for the effective functioning of this team. The recovery function of the Poisson flow and its recovery density were obtained, formulas for the recovery functions of the flow of served and lost applications for the process of recovery of the ISIRT during cyber-attacks were proposed. The peculiarity of the model built for research consists in taking into account the parameter of increasing the intensity of identification of information security events. Simulation modeling of the activity of the ISIRT was carried out, which showed that indicators of changes in the effectiveness of their activities in the process of countering cyberattacks with increasing intensity can be predicted using the obtained results. The work of the ISIRT in conditions of increasing intensity of cyber-attacks, taking into account the need to recovery the effective work of specialists, has significant differences from work without taking into account the recovery. In the absence of recovery, there is a decrease in work efficiency due to the loss of the ability to process a number of events the process of countering cyber-attacks. Based on the results of the proposed model, a method has been developed to increase the effectiveness of the ISIRT in countering cyberattacks with increasing intensity. The obtained results make it possible to develop a system of measures that will significantly increase the effectiveness of countering cyberattacks with increasing intensity through the management of the staff of the ISIRT and the use of teams with sufficient countermeasures. Останнім часом стрімко зростає кількість випадків використання кіберпростору для кібератак як на окремих людей, соціальні групи, так і на суспільство в цілому. Такі атаки характеризуються тим, що їхня інтенсивність зростає протягом атаки. Внаслідок цього складаються нові умови для діяльності груп реагування на інциденти інформаційної безпеки (ГРІІБ). Однак ефективність діяльності ГРІІБ, яка здійснюється протягом тривалого часу, зменшується внаслідок цілого ряду причин, зокрема втоми спеціалістів. У статті здійснено моделювання особливостей функціонування ГРІІБ в умовах наростання інтенсивності кібератак з урахуванням впливу параметрів і характеристик їхнього відновлення, що є необхідним для ефективного функціонування даної групи. Отримано функцію відновлення пуассонівського потоку та щільність її відновлення, запропоновано формули для функцій відновлення потоку обслужених і втрачених заявок для процесу відновлення ГРІІБ під час кібератак. Особливість побудованої для дослідження моделі полягає у врахуванні параметра підвищення інтенсивності ідентифікації подій інформаційної безпеки. Проведено імітаційне моделювання діяльності ГРІІБ, яке показало, що показники зміни ефективності їхньої діяльності в процесі протидії кібератакам із наростанням інтенсивності можуть бути прогнозовані з використанням отриманих результатів. Інститут проблем реєстрації інформації НАН України 2021-12-28 Article Article application/pdf http://drsp.ipri.kiev.ua/article/view/265720 10.35681/1560-9189.2021.23.4.265720 Data Recording, Storage & Processing; Vol. 23 No. 4 (2021); 47-57 Регистрация, хранение и обработка данных; Том 23 № 4 (2021); 47-57 Реєстрація, зберігання і обробка даних; Том 23 № 4 (2021); 47-57 1560-9189 uk http://drsp.ipri.kiev.ua/article/view/265720/261784 Авторське право (c) 2021 Реєстрація, зберігання і обробка даних |