Authors

Development of models for the automated formation of competencies of a cybersecurity specialist based on a scenario approach

The work is devoted to the development of models for the automated formation of competencies of a cybersecurity specialist based on a scenario approach. The relevance of the work is determined by the need to timely update the requirements for professional competencies of a cybersecurity specialist in the context of the development of methods and tools for information warfare and the lack of a theoretical apparatus that allows automating this process. The purpose of this work is to develop models for the automated formation of competencies of a cybersecurity specialist based on a scenario approach, which allow analyzing information about the actions of a cybersecurity violator and, based on this information, determining the current set of professional competencies of a cybersecurity specialist. The task of developing models for the automated formation of competencies of a cybersecurity specialist based on a scenario approach is to develop a model of actions of a cybersecurity violator and an associated model of a countermeasure system that determines the actual set of competencies of a cybersecurity specialist. In contrast to existing expert approaches to determining the professional competence model of a cybersecurity specialist, this paper uses a scenario approach that allows describing scenarios of actions of a cybersecurity violator at a formalized level, integrating the data obtained into the appropriate graph model and forming an activity professional model of a cybersecurity specialist based on optimizing the structure of the system counteraction. The set of developed models for the automated formation of competencies of a cybersecurity specialist based on a scenario approach takes into account many factors of information confrontation, such as: techniques and tactics of cybersecurity offenders, their corresponding methods and tools of counteraction. The proposed approach of structuring the countermeasure system in the form of a set of interrelated modules based on the results of the analysis of attack scenarios, techniques and corresponding tactics used by the violator of cybersecurity allows taking into account the features of attacks that are most often implemented, forming a set of professional actions of a cybersecurity specialist based on the use of appropriate methods and tools to counter these techniques grouped by functional modules. Analysis of the results of the conducted computer experiment showed the operability of the proposed models for the automated formation of competencies of a cybersecurity specialist based on the scenario approach. Read more...

Method of two-stage cybersecurity incidents fuzzy clustering for economic entities

The work is aimed at improving the efficiency of cybersecurity management (­CS) of economic entities (­SED) by organizing effective ­CB monitoring, taking into account such features of its process as the heterogeneity of sources of initial ­CB monitoring data, their presentation in different data formats, their inaccuracy, and largely uncertainty and noisiness, as well as a large number of ­KB events processed by heterogeneous components of the ­ERMS ­KB monitoring system. In this paper, in contrast to existing methods, a complex two-stage method for fuzzy clustering of ­SI events is proposed, taking into account the assessment of the criticality of ­SI events and the functionality of the ­ES ­IS monitoring system. At the first stage, the ­KB event clustering model based on the fuzzy c-means method is used. This model allows splitting the set of ­CI events into several fuzzy clusters according to the a priori probability that the ­CI event is an incident. At the second stage, to refine the results of the clustering of ­SI events obtained at the first stage, the model of clustering of ­SI incidents based on the method of extracting α-kernels of fuzzy clusters is used. This model allows you to manually select the thresholds for the degree of belonging of ­SI incidents to fuzzy clusters, taking into account additional information and features of processing ­SI incidents in the ­SI monitoring system of a particular ­EDMS. The paper evaluates the effectiveness of the two-stage method of fuzzy clustering of ­KB incidents in the ­EDMS ­KB monitoring system. The proposed approach makes it possible to increase the efficiency of ­ERMS ­CM monitoring and reduce the period of time required to make a decision on the ­ERMS ­CM management due to the complex consideration of the features of ­CM event processing in the ­ERMS ­CM monitoring system. Read more...