Today, 24 April 2019 | you entered as the GUEST

124,047 people used our Software

 

Protection of information

Building a model of the intruder.

A clear methodology to quantify the extent of the risk as there was not. This is due primarily to the lack of sufficient statistical data about the likelihood of a threat. As a result, the most widely qualitative assessment of information risks.

The intruder model is a description of the types of criminals who intentionally or accidentally, by act or omission, which may cause damage to the information system. Most often on a global basis they are ranked on external and internal (respectively, category A and b). However, such a division is not sufficient. Therefore, ranking is done with the diversification of these categories into subcategories. For example, to external attackers are ranked violators of the following groups: customers who can damage deliberately or through ignorance; contractors hired to perform any of the activities (they, in turn, also can make as intentional and unintentional violation); skilled hackers, etc. Internal attackers are divided into those who have caused the damage intentionally and unintentionally; in addition, this category can be diversified on the basis of assigned privileges in the information system.

Hazards identification emergency

For risk management is required to identify possible dangers that threaten the surveyed information system.
On the basis of expert opinion. This is because quantitative assessment of the probability of threats is difficult because of the relative novelty of information technology and, as a consequence, the lack of sufficient statistical data.
Thus identified the following mechanisms for the implementation of threats:

  • Conduct SQL Injection attacks;
  • The attack Cross-Site Scripting;
  • Escalation of privileges the rights of the attacker in the system as a result of buffer overflow OS or DBMS;
  • The creation of the storm network packets directed to the Web server;
  • The formation of incorrect packets directed to the Web server and triggering the collapse of the service.
    On the basis of expert opinion. This is because quantitative assessment of the probability of threats is difficult because of the relative novelty of information technology and, as a consequence, the lack of sufficient statistical data.
  • Our work is inclusive of all possible risks that would prevent the loss.

     

    ____________________________________________________________________________________________________________________________



    Recent reviews