V.D. Zhiryakov1, O.Yu. Perfilov2, P.N. Fedorov3

1 MIREA – Russian Technological University (Moscow, Russia)
2 16th Central research testing institute of communications Ministry of Defense of the Russian Federation
 (Mytishchi, Moscow Region, Russia)
3 Research Center of Military Academy of Communications, (St.-Petersburg, Russia)

A significant increase in the volume of technical information, due to the rapid development of innovative technologies, leads to the need to optimize the training of technical specialists. This problem is also relevant in the training of information security specialists. At the same time, the development of information technologies on the one hand contributes to the increasing digitalization of all aspects of life, and on the other hand leads to the emergence of new threats to information security. In these conditions, the problem of training information security specialists in accordance with the requirements that are caused by modern threats to information security is urgent.

The purpose of the work is to consider one of the approaches to training specialists in the skills of creating scenarios for the implementation of threats to proactively respond to the risks of their implementation.

The analysis of the most common threats is carried out. The scenarios of their implementation and ways of analyzing problems are analyzed, taking into account the circumstances leading to the implementation of different development options.

The results of the work can be used to prepare work programs for training information security specialists.

Zhiryakov V.D., Perfilov O.Yu., Fedorov P.N. Scenario approach skills in training information security specialists. Science Intensive Technologies. 2022. V. 23. № 4. P. 38−45. DOI: https://doi.org/10.18127/j19998465-202204-05 (in Russian)

1. Top ugroz IB v korporativnyh setyah, 2021. https://www.ptsecurity.com/ru-ru/research/analytics/top-ugroz-ib-v-korporativnyh-setyah-2021/ (in Russian).
2. FGOS VO 10.03.01 Informacionnaya bezopasnost'. Utverzhden prikazom Ministerstva nauki i vysshego obrazovaniya Rossijskoj Federacii ot 17 noyabrya 2020 g. N 1427 (in Russian).
3. Professional'nyj standart «Specialist po zashchite informacii v telekommunikacionnyh sistemah i setyah», utverzhdennyj prikazom Ministerstva truda i social'noj zashchity Rossijskoj Federacii ot 3 noyabrya 2016 g. № 608n (zaregistrirovan Ministerstvom yusticii Rossijskoj Federacii 25 noyabrya 2016 g., registracionnyj N 44449) 2. 06.032 (in Russian).
4. Professional'nyj standart «Specialist po bezopasnosti komp'yuternyh sistem i setej», utverzhdennyj prikazom Ministerstva truda i social'noj zashchity Rossijskoj Federacii ot 1 noyabrya 2016 g. № 598n (zaregistrirovan Ministerstvom yusticii Rossijskoj Federacii 28 noyabrya 2016 g., registracionnyj N 44464) (in Russian).
5. Professional'nyj standart «Specialist po zashchite informacii v avtomatizirovannyh sistemah», utverzhdennyj prikazom Ministerstva truda i social'noj zashchity Rossijskoj Federacii ot 15 sentyabrya 2016 g. № 522n (zaregistrirovan Ministerstvom yusticii Rossijskoj Federacii 28 sentyabrya 2016 g., registracionnyj N 43857) (in Russian).
6. Professional'nyj standart «Specialist po tekhnicheskoj zashchite informacii», utverzhdennyj prikazom Ministerstva truda i social'noj zashchity Rossijskoj Federacii ot 1 noyabrya 2016 g. № 599n (zaregistrirovan Ministerstvom yusticii Rossijskoj Federacii 25 noyabrya 2016 g., registracionnyj N 44443) (in Russian).
7. FGOS VO – specialitet po special'nosti 10.05.03 informacionnaya bezopasnost' avtomatizirovannyh sistem (in Russian).
8. Kuznecov D. Modelirovanie ugroz na osnove scenariev, ili Kak Cyber Kill Chain i ATT&CK pomogayut analizirovat' ugrozy IB. https://safe-surf.ru/specialists/article/5247/626649/ (in Russian).
9. GOST R ISO/MEK 27007:2014 Informacionnaya tekhnologiya. Metody i sredstva obespecheniya bezopasnosti. Rukovodstvo po auditu sistem menedzhmenta informacionnoj bezopasnosti (in Russian).