|A TECHNIQUE FOR EVALUATION OF INFORMATION PROTECTION LEVEL (Continue4)
If to assume, that the threats agent has unlimited at cost of means to potentials, also it is possible to assume, that with such potential it is possible to achieve that the information security of in any IT system can be broken with probability close to unit or, speaking in other words, to result value of criterion function (220.127.116.11) in zero.
Let for some IT system we have generated such model of threats with the help of rational threats distribution algorithm on elements of system (18.104.22.168.1) and choosing any threats implementation means real-life, at which the value of function (22.214.171.124) is reduced to zero. Then, the level of threats by represented such model of threats for the given system will be critical for the given system, and potential of an attack for implementation of such threats model as the threats agent we shall name in critical potential of an attack for the given system with cost Ccap, calculated by the formula (126.96.36.199.1). It is necessary to note, that in real situations not always for some given system it is possible to choose threats implementation means from accessible means, which could ensure critical potential of an attack for this system, though for an estimation of system the information on a set of such means and their cost is important. Also it is necessary to note, that we are interested not in itself with critical potential of the threats agent, as such potentials can be indefinite much, and rational critical potential of an attack. Rational critical potentials of an attack also there can be a set, but all of them are characterized by that require of the threats agent of the minimal expenses on threats implementation means. In other words, at formation of rational threats model, which gives a critical level of threats for the given system, it is necessary to determine rational critical potential of an attack ensuring set of threats implementation means with minimal integrated cost Cap. Further, speaking about models of threats, which gives a critical level of threats for the given system, by maintenance of a set of threats implementation means with minimal integrated cost, we shall mean it rational critical model of threats.
Having determined rational critical model of threats, it is possible to determine some intermediate levels of threats necessary for an assessment of works of system at the various assumptions of its use, various security policies (organization, security functions, target of evaluation) and accordingly at various system functioning modes.
At definition of rational critical model of threats we should consider all possible modes of system operations and all possible variants of its construction in view of possible policies and assumptions of safe use of system. The implementation of such threats model at all set forth above cases of system use should result in the item of information of criterion function value (188.8.131.52) to zero for all modes of functioning of system in the given script of system use. Thus, having generated rational critical threats model, we should receive a complete rational set of threats implementation means necessary for infringement of the information security in system with probability close to 1, possible times of influences of threats implementation means for system elements, and also concrete orders of threats implementation means distribution for each variant of construction of system from time to time influence of means on elements of system.
The generated rational critical model of threats for the given system is a basis for formation of base threats model for this system. The base threats model is formed of a complete rational set of threats implementation means to rational critical model of threats, or with the help of a choice of those means, which are most probable for environment of system use (environment, where the statistics of these means use) is known, or with the help of a choice of those means, which use will result in the value given by us beforehand, or interval of value of criterion function (184.108.40.206). The base model of threats corresponds to an average level of threats or average potential of an attack.
Proceeding from above, it is possible to note, that the sets of means of realization of threats from a complete rational set of means criterion functions, resulting in value (220.127.116.11) large, than those which concern to base model of threats, there correspond models of threats with a low level of threats or low potential of an attack. Then, sets of threats implementation means from a complete rational set of means criterion functions, resulting in value (18.104.22.168) smaller, than those which concern to base model of threats, there correspond models of threats with a high level of threats or high potential of an attack.
|Последнее обновление ( 15.07.2014 г. )