PSYCHOLOGICAL ASPECTS OF INFORMATION SECURITY ESTIMATES IN THE CONTEXT OF SOCIO-ENGINEERING ATTACKS

Complex corporate information systems are widely distributed in the modern world. Development, support and protection of similar systems require a significant amount of time and resources, besides only highly skilled experts can be engaged in similar systems. Information stored in such information systems has a huge value for the companies owing these systems; therefore, considerable efforts are spent to protect them from various threats. The purpose of this article is the combination of an indistinct and likelihood approach to an assessment of user immunity against ill minded attacks; rather elementary («one movement») actions aimed at «elementary» vulnerabilities of the user are considered. Influence on these vulnerabilities directly leads to some user's response.

1. Azarov A.A., Tulupeva T.V., Filchenkov A.A., Tulup'ev A.L. Veroyatnostno-relyatsionnyi podkhod k predstavleniyu modeli kompleksa «Informatsionnaya sistema – personal – kritichnye dokumenty» [Probabilistic relational approach to presenting complex model of "Information system – staff – critical documents"]. Trudy SPIIRAN [SPIIRAS proceedings]. 2012. N 1. Pp. 57–71. (In Russ.)

2. Granovskaya R.M. Elementy prakticheskoi psikhologii [Elements of applied psychology]. SanktPeterburg. 2003. 560 p. (In Russ.)

3. Granovskaya R.M., Nikol'skaya I.M. Zashchita lichnosti: psikhologicheskie mekhanizmy [Identity protection: psychological mechanisms]. Sankt-Peterburg. 1999. 507 p. (In Russ.)

4. Vanyushicheva O.Yu., Tulupeva T.V., Pashchenko A.E., Tulupev A.L. Klassifikatsiya psikhologicheskikh osobennostei, sostavlyayushchikh osnovu uyazvimostei pol'zovatelya pri ugroze sotsioinzhenernykh atak [Classification of psychological characteristics that form the basis of user’s vulnerabilities under the threat of social engineering attacks]. Trudy SPIIRAN [SPIIRAS proceedings]. 2011. N 2. Pp. 70–99. (In Russ.)

5. Kuznetsov M., Simdyanov I., Sotsial'naya inzheneriya i sotsial'nye khakery [Social engineering and social hackers]. Sankt-Peterburg. 2007. 368 p. (In Russ.)

6. Mitnik K. D., Saimon V. L. Iskusstvo obmana [The Art of Deception]. Moskva. 2004. 360 p. (In Russ.)

7. Ob informatsii, informatizatsii i zashchite informatsii : federal'nyi zakon ot 10.01.2003 N 15-FZ [On information, informatization and information protection (Federal law of 10.01.2003 N 15-FZ)]. Moskva. 2005. 32 p. (In Russ.)

8. Tulupev A.L., Tulupeva T.V., Grigoreva O.Yu., Azarov A.A. Psikhologicheskie osobennosti personala, predraspolagayushchie k uspeshnoi realizatsii sotsioinzhenernykh atak [Psychological characteristics of staff, predisposing to the successful implementation of social engineering attacks]. Nauchnye trudy Severo-Zapadnogo instituta upravleniya Rossiiskoi akademii narodnogo khozyaistva i gosudarstvennoi sluzhby pri Prezidente Rossiiskoi Federatsii (RANKhiGS) [Scientific works of Northwestern's Institute for Management of the Russian Academy of National Economy and Public Administration under the President of the Russian Federation (RANKhiGS)]. 2012. Vol. 3, issue 3. Pp. 256–266. (In Russ.)

9. Filippov G.G. Opyt klassifikatsii tekhnologii sotsial'nogo manipulirovaniya. Upravlencheskoe konsul'tirovanie [Experience of classifying technologies for social manipulation. Management consulting]. Aktual'nye problemy gosudarstvennogo i munitsipal'nogo upravleniya [Public Administration Issues]. 2011. N 1. Pp. 112–122. (In Russ.)

10. Sheinov V.P. Skrytoe upravlenie chelovekom (psikhologi manipulirovaniya) [Invisible man management (psychologists of manipulation]. Moskva ; Minsk. 2001. 848 p. (In Russ.)