Building a model of infringer

By a model of infringer one means a set of assumptions about the specific (restricted) tools of the infringer, which the latter can use to conduct attacks. The infringer model is an important part of the organization's information security. One should realize that ignoring the model, or building it without due care, can seriously affect the security of confidential information and lead to its loss. The infringer model is informal, which implies the absence of strict and unambiguous methodology for developing such a model. There exist many academic and technical publications proposing various methods of classifying violators.  Meanwhile, many information security practitioners are forced to create their own normative and methodological documents, because existing models do not necessarily capture all the aspects of the organization's work. Despite the fact that many models have a high level of correlation between classification characteristics, it has not been possible to work out a unified model so far. We attempt to develop our own methodology for building the infringer model. We have started this project by outlining the roadmap: (1) study the existing methods of constructing the infringer model; (2) identify shortcomings of existing methods; (3) develop a model of the infringer and a methodology for listing the most likely violators, with taking into account the identified shortcomings. In the process of implementation of the plan, we have analyzed several existing models of infringer and revealed their shortcomings and inherent difficulties. In the developed model, causal relationships between the elements of the model and the chains of the alleged consequences have been constructed, and possible types of alleged violators have been described and ranked. As a result, our model allows one to create a more deep description of the infringer