The models separation of access rights of users to critical documents of information system as factor of reduce impact of successful social engineering attacks

Problem of protection information systems from multi-step social engineering attacks is still valid for a long time. However, there are a number of unresolved issues, associated with study in this field. One of them is correctly selection configuration of access rights distribution of the organization's employees to critical documents of the information system. Namely, such a model of distribution of access rights should be chosen, which would help to reduce impact of successful social engineering attacks. To achieve this goal, two different configuration of access rights of users to critical documents of information system were considered in this study. In addition, probabilistic estimates of success multi-step social engineering attack implementation by malefactor were presented. Note that the obtained probabilistic estimates are a hybrid model of a linguistic fuzzy variable due to the parameters included in these estimates. From a theoretical standpoint, the study contributes to the development of fuzzy hybrid computing models. In addition, the results can be applied practically in the design of decision support systems in the information security field. The global applicability of the presented results is seen in the development of information systems diagnostics in terms of security against social engineering attacks.

Original language	English
Title of host publication	Russian Advances in Fuzzy Systems and Soft Computing: selected contributions to the 8-th International Conference on Fuzzy Systems, Soft Computing and Intelligent Technologies (FSSCIT-2020)
Pages	264-268
Number of pages	5
State	Published - 2020
Event	Russian Advances in Fuzzy Systems and Soft Computing: Selected Contributions to the 8th International Conference on "Fuzzy Systems, Soft Soft Computing and Intelligent Technologies",FSSCIT 2020 - Smolensk, Russian Federation Duration: 29 Jun 2020 → 1 Jul 2020

Publication series

Name	CEUR Workshop Proceedings
Publisher	RWTH Aahen University
Volume	2782
ISSN (Print)	1613-0073

Conference

Conference	Russian Advances in Fuzzy Systems and Soft Computing: Selected Contributions to the 8th International Conference on "Fuzzy Systems, Soft Soft Computing and Intelligent Technologies",FSSCIT 2020
Country/Territory	Russian Federation
City	Smolensk
Period	29/06/20 → 1/07/20

Scopus subject areas

Computer Science(all)

Research areas

Access rights, Critical document, Fuzzy hybrid computing, Hybrid model, Information security, It is possible to make suppose, Multi-step social engineering attack, Social engineering, That multi-step social engineering attacks can cause significantly more damage than direct (one-way) attacks. In addition, The necessary changes. Against this backdrop

ID: 87279145