Assessment of probabilities of computer attacks based on function

An objective assessment of the level of protection of an organization’s information system provided by an appropriate information security system (ISS), both at the stage of its design and at the operation stage, is possible based on the use of estimates of current and predicted probabilities of computer attacks of intruder of this IS using vulnerabilities ISS. To assess the probability of a computer attack by an intruder, this study proposes to use the expected utility function that takes into account key attack criteria of the possibility of a computer attack (criteria for choosing an object of a computer attack by an intruder, stages and methods of implementing an attack, methods of obtaining information about an object, skills of an intruder) and the expected usefulness of the attack (motives the offender, the state of the offender before a computer attack, in particular, his income, the principles for deciding on the conduct / continuation / termination of a computer attack intruder), modernized taking into account the characteristics of this type and crimes in the computer sphere. The proposed solution is based on the theory of provisions in criminology, which states that an attack is implemented by an intruder in cases where it is possible to implement an attack and, at the same time, the expected utility of the attack from the point of view of the offender is sufficient. It is demonstrated that the selected utility function adequately describes the relationship between the probability of a computer attack and the key attack criteria of a computer attack. The analysis of the modernized utility function, the results of which showed that: 1) the value of the expected utility, ceteris paribus, for the offender prone to risk, is determined by the probability of exposing it (which is equivalent to the likelihood of an inconspicuous computer attack), for the offender not prone to risk, - the severity of the punishment, therefore it is necessary to build a differentiated protection system depending on the type of intruder; 2) there is the possibility of a significant reduction in the number of potential violators by increasing revenues from the legal activities of security experts; 3) there is a dependence of the number of computer attacks for a certain period of time on the probability of an inconspicuous computer attack, the severity of the punishment, the presence and magnitude of alternative income (benefits).