Model of security threats arising from the management of information security systems

Authors: Soloviev M. L., Mineeva T. E., Konev A. A., Buintsev D. N.

Annotation: This paper presents a threat model aimed at improving the security level of an information protection system. To build the model, graph theory and business process management theory are used. The developed model includes threats aimed at personnel, technical and regulatory components of the information protection system. The types of threats are formed on the basis of the Deming cycle, which allows to take into account all the significant processes of system management. Taking into account all the significant components and processes of managing the information security system is a significant advantage over existing threat models.

Keywords: security threat model, information protection system, integrity threats, life cycle, management processes, list of information threats