FIELD: physics.
SUBSTANCE: invention relates to a method for prioritizing information security threats based on data from open sources. In the method, using the software of a computer, which includes a first database (DB 1) associated with the computer software, sending a request to the open source servers to search for reports (Reports) on the investigation of the activities of cybercriminals carrying out computer attacks, which include information on the sectors of the economy subjected to computer attacks, on groups of malefactors, on tactics, techniques and procedures (TTP), which are used by groups of malefactors when conducting computer attacks on industries, as well as methods of counteracting TTP used by groups of malefactors. Found reports are loaded and stored in database 1. With the help of computer software from the All-Russian classifier of types of economic activities (ARCTEA), the types of economic activities (TEA) of the said branches of the economy are added to DB 1. Computer software is used to associate each subject to computer attacks of TEA of the corresponding branch of the economy with the corresponding TTP. Using computer software, reports are analyzed and groups of malefactors and TTPs used by them are selected in accordance with each TEA. Computer software is used to establish links between TEA, a group of malefactors and the TTP used by them in the corresponding branch of the economy. With the help of computer software, information on organizations in respect to which it is necessary to perform profiling of the list of threats (LT) of computer attacks is added to the database, wherein each organization is associated with TEA in database 1. With the help of computer software for each branch of the economy in accordance with TEA, a ranked list of actual threats of computer attacks is created depending on the frequency of use of the corresponding TTP from the most common to the most rare TTP. With the help of computer software, LT profiling is performed for each organization depending on their TEA and determining priority measures for protection against current TTP in accordance with methods of counteracting used by groups of malefactors TTP, wherein the profiled list of threats is stored in database 1 and information security threats are prioritized for each organization.
EFFECT: more accurate determination of personalized threats to information security with respect to a specific organization.
6 cl, 9 dwg
| Title | Year | Author | Number |
|---|---|---|---|
| METHOD FOR SELECTING AND SUBSTANTIATING THE TACTICAL AND TECHNICAL CHARACTERISTICS OF THE PROTECTION SYSTEM AGAINST GROUP HETEROGENEOUS COMPUTER ATTACKS FOR THE MEDIUM TERM | 2020 |
|
RU2760099C1 |
| MULTIFUNCTION SPACE SYSTEM OF AUTOMATED MANAGEMENT AND OPERATIONAL CONTROL (MONITORING) OF CRITICALLY IMPORTANT OBJECTS AND TERRITORIES OF UNION STATE ''RUSSIA-BELARUS'' | 2006 |
|
RU2338233C2 |
| METHOD OF CONTROLLING PROTECTION SURFACE OF CORPORATE COMMUNICATION NETWORK | 2023 |
|
RU2824314C1 |
| METHOD FOR MONITORING AND MANAGING INFORMATION SECURITY OF MOBILE COMMUNICATION NETWORK | 2020 |
|
RU2747368C1 |
| WARNING OF DANGER IN NEAR-EARTH SPACE AND ON EARTH AND ACS TO THIS END | 2014 |
|
RU2570009C1 |
| METHOD OF ASSESSING STABILITY OF A CYBER PHYSICAL SYSTEM TO COMPUTER ATTACKS | 2019 |
|
RU2710985C1 |
| METHOD AND SYSTEM OF CYBER TRAINING | 2022 |
|
RU2808388C1 |
| ARTIFICIAL INTELLIGENCE BASED COMPUTER SECURITY SYSTEM | 2017 |
|
RU2750554C2 |
| METHOD FOR EARLY DETECTION OF DESTRUCTIVE EFFECTS OF BOTNET ON A COMMUNICATION NETWORK | 2019 |
|
RU2731467C1 |
| METHOD OF DETECTING ANOMALIES ON MULTIPLE SITES FOR ASSESSING THE LEVEL OF SECURITY OF SITES AND A SERVER FOR IMPLEMENTING SAID | 2018 |
|
RU2724782C1 |
