Modeling advanced persistent threats using risk matrix methods

The aim of the study is to assess the security of information systems during an influence of advanced persistent threats. The article shows the need to build a threat model during an analyzing the security of information systems. Various approaches to modeling threats in information systems are considered, their advantages and disadvantages are noted, requirements for the developed methodology are formed. As a result of the study, a method for modeling computer attack scenarios and assessing the security of information systems under the influence of advanced persistent threats is formed, based on the use of risk matrix models. A method for determining categorical variables characterizing the probability and damage as a result of the implementation of information threats using clustering methods is also proposed. The example demonstrates the use of a graph of threat matrices for modeling scenarios of targeted computer attacks on information system assets. The scientific novelty of the work consists in the proposal of a method for analyzing the security of information systems, which takes into account the possibility of changing the probability of the implementation of information threats during the life cycle of an advanced persistent threat, the dependence of information threats and the value of information assets for the intruder and their owner, which makes it possible to predict various scenarios of computer attacks.