TY - GEN

T1 - The models separation of access rights of users to critical documents of information system as factor of reduce impact of successful social engineering attacks

AU - Khlobystova, Anastasiia

AU - Abramov, Maxim

N1 - Publisher Copyright: © 2020 CEUR-WS. All rights reserved.

PY - 2020

Y1 - 2020

N2 - Problem of protection information systems from multi-step social engineering attacks is still valid for a long time. However, there are a number of unresolved issues, associated with study in this field. One of them is correctly selection configuration of access rights distribution of the organization's employees to critical documents of the information system. Namely, such a model of distribution of access rights should be chosen, which would help to reduce impact of successful social engineering attacks. To achieve this goal, two different configuration of access rights of users to critical documents of information system were considered in this study. In addition, probabilistic estimates of success multi-step social engineering attack implementation by malefactor were presented. Note that the obtained probabilistic estimates are a hybrid model of a linguistic fuzzy variable due to the parameters included in these estimates. From a theoretical standpoint, the study contributes to the development of fuzzy hybrid computing models. In addition, the results can be applied practically in the design of decision support systems in the information security field. The global applicability of the presented results is seen in the development of information systems diagnostics in terms of security against social engineering attacks.

AB - Problem of protection information systems from multi-step social engineering attacks is still valid for a long time. However, there are a number of unresolved issues, associated with study in this field. One of them is correctly selection configuration of access rights distribution of the organization's employees to critical documents of the information system. Namely, such a model of distribution of access rights should be chosen, which would help to reduce impact of successful social engineering attacks. To achieve this goal, two different configuration of access rights of users to critical documents of information system were considered in this study. In addition, probabilistic estimates of success multi-step social engineering attack implementation by malefactor were presented. Note that the obtained probabilistic estimates are a hybrid model of a linguistic fuzzy variable due to the parameters included in these estimates. From a theoretical standpoint, the study contributes to the development of fuzzy hybrid computing models. In addition, the results can be applied practically in the design of decision support systems in the information security field. The global applicability of the presented results is seen in the development of information systems diagnostics in terms of security against social engineering attacks.

KW - Access rights

KW - Critical document

KW - Fuzzy hybrid computing

KW - Hybrid model

KW - Information security

KW - It is possible to make suppose

KW - Multi-step social engineering attack

KW - Social engineering

KW - That multi-step social engineering attacks can cause significantly more damage than direct (one-way) attacks. In addition

KW - The necessary changes. Against this backdrop

UR - http://www.scopus.com/inward/record.url?scp=85099014496&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:85099014496

T3 - CEUR Workshop Proceedings

SP - 264

EP - 268

BT - Russian Advances in Fuzzy Systems and Soft Computing: selected contributions to the 8-th International Conference on Fuzzy Systems, Soft Computing and Intelligent Technologies (FSSCIT-2020)

T2 - Russian Advances in Fuzzy Systems and Soft Computing: Selected Contributions to the 8th International Conference on "Fuzzy Systems, Soft Soft Computing and Intelligent Technologies",FSSCIT 2020

Y2 - 29 June 2020 through 1 July 2020

ER -