Our society, in the center of which is a person and his activities, is a complex dynamic system, which is characterized by many connections, interactions, and relations in different spheres and at different levels. Existence in such a system is impossible without disagreements, confrontations, contradictions, and conflicts.

More and more scientists are turning to theoretical and practical developments in conflict theory. This is connected not only with the problem of studying man as a conflicted creature, but also with the growing tension in various spheres of social interaction of the participants of the organization, the state, and the world.

There is no unequivocal opinion about the concept of “conflict”. In modern literature, there are more than a dozen different definitions of conflict. All of them have the right to exist because each emphasizes one or more characteristics of this multifaceted phenomenon.

For the term “conflict” we come across several synonyms: clash of opposing interests, and views; a sharp dispute; extreme aggravation of contradictions, which leads to complications or acute struggle [ 1 ]. However, contradiction and conflict should not be equated. Contradiction (opposite as its component) is a defining feature of any phenomenon or event. Contradictions turn into conflict if their level increases to a critical limit and at the same time a subject is formed, which will deliberately exacerbate them in its interests [ 2 ].

At the same time, the authors of the study [ 3 ] emphasize that outside the subjects and independently of them there are contradictions, but not conflicts. The concept of conflict is not a fixation, but a qualification of the state of relations in a certain situation, which defines conflict as an assessment of the nature of interaction. Such a definition makes it possible to preserve the name conflict for situations of the opposition of the parties to each other, which are traditionally called conflict, and at the same time to extend this concept to situations of incompatibility of certain elements in the composition of the whole [3, p. 41]. This interpretation will allow us to describe conflicts of various natures, for example, a conflict of immunities, a conflict between software and a security system, and others.

The transition of society to the information age gave rise to innovative conflicts—informational. Modern informational conflicts have significantly transformed on both the micro and macro levels: starting from communication in social networks and ending with cyberespionage, cyberattacks, cyberwars, and involvement of non-state actors in relations in the international arena. With the development of information technologies, the risk of new conflicts that may threaten the integrity, availability, and confidentiality of information increases [ 4–6 ].

The beginning of the discussion of these aspects of the analysis of information conflicts in security systems was presented by us in the study [ 7 ]. The analysis of the literature made it possible to determine the following approaches to the definition of conflicts in security systems: 1. Information conflicts as a part of conflicts in various spheres and industries, since information is a strategic resource, the value of which acquires especially in the process of creation, therefore it needs to be protected. 2. Information conflicts as conflicts in information systems between implemented programs or in telecommunication systems between radio-electronic means and security systems. 3. Cyber conflicts are part of international information conflicts and are most often associated with information wars, cyber espionage, and cyber operations.

It is substantiated that it is advisable to consider the coverage of this problem through the interaction of the planes of the theory of conflict theory and the theory of information and cybernetic security in three perspectives: ● “subject—subject” or “person—person”, possibly “group of people—group of people”, “person—group of people”. ● “subject—object” or “man—machine”. ● “object—object” or “machine—machine”.

Within the scope of this article, it is intended to consider the applied aspects of the theory of conflict theory in information security systems through the interaction of data flows from the perspective of “subject—subject”. In particular, analyze the issues at four levels: 1. Personality level (criminal—user) 2. Business level (internal and/or external offender—company manager) 3. State level (violators/hackers—state institutions, state officials) 4. The level of international relations (states, a group of subjects/hackers—institutions and/or political leaders of another state).

Subject” Information Conflict

Conflict is a very complex system with adaptive structures and evolutionary mechanisms. It is a system made up of interconnected parts that, as a whole, exhibit properties that cannot be easily understood just by disassembling and analyzing the properties of the individual components. A deep understanding of conflicts requires, on the one hand, a systems thinking approach, and on the other, a combination of many social and scientific disciplines [ 8 ]. The analysis of analytical reports and scientific literature confirms the fact that together with the development of hardware and software means of information protection, the number of malicious software that allows one subject (group) to gain unauthorized access to the information resources of another subject (institution) is growing rapidly. As a result of the implementation of such a threat, information protection is violated, and its destruction and/or theft, loss of integrity, availability, and confidentiality are possible. The interaction of these parties is conflictual. The modern theory of researching models of real processes using the mathematical theory of conflict. In this case, we will use the well-known “prey—predator” model, which is based on a system of two first-order ordinary differential equations. The equation was proposed independently by scientists

Alfred James Lotka and Vito Volterra in 1925 and 1926 [ 9 ]. The classical Lotka-Volterra “predator— prey” mathematical model is used in many fields of science and technology due to its successful combination of relatively low complexity and strong nonlinearity. The model has a high degree of universality when describing the behavior of complex systems operating in the mode of selfoscillations [ 10, 11 ]. It should be noted the existence of spot developments for the implementation of this model in the security system [ 12–13 ].

In general, the model looks as follows: { where is the amount of information available to the user and interest to the attacker,

is the amount of information obtained by hacking, is the duration of the process, 1 is the probability that the volume of information of interest to the attacker is well Protected, the information, 2 is the probability that an attacker will obtain 3 is the probability that an attacker will not be able to obtain the information,

4 is the probability that an attacker has sufficient potential to breach the user’s protection.

However, the presented model is of a generalized nature, since this information security system is not isolated from others and is in a complex relationship with them. To bring the model closer to real data, various modifications are used. Thus, work [ 14 ] presents an approach where x and y are vector values:

= ( 1, 2 , . . . , ),

= ( 1, 2 , . . . , ), > 1.

Therefore, the

values x and y can be represented not only by the volume of information but also by other characteristics of the security system.

The model can also be improved by introducing the delay time of the argument t, the value of which is determined by the method of experimental selection.

The next conflict system that can be modeled in security systems is the conflict triad model [ 15 ]. The dynamic model of the conflict triad is a model that is defined by the interaction between three natural substances: the population of a biological species (life), the environment (resource of existence), and negative factors for existence (virus).

Let’s apply the described model to the security system. Let us denote by P, R, Q substances that exist in a common space and interact with each other in a certain way. Then, in the conflict system of the “subject—subject” security system, we get the following subsystems at different levels (see Substances in the conflict triad of information security

The birth of the Internet in 1989 caused a rapid growth of computer equipment, in particular, personal. The use of the World Wide Web led to the creation of new interactions and relationships between people—virtual, the era of digital society began.

Persons, relationships, and social institutions are formed by both software and hardware [ 16 ]. Along with this, where there are new social facts, new habits, new ways to meet, buy, pay, store, protect, and transfer assets, new digital identities, and new systems for gathering information, it is only natural that new crimes appear, related to information technologies [ 17 ].

According to an analytical report [ 18 ] in 2022, the frequency of email attacks has increased to reach 86% of all file-based in-the-wild attacks, Zip files are the most common format for hiding malware, Joker mobile malware, which accesses contact lists by hiding in at least 8 Google Store apps, has been downloaded more than 3 million times, allowing attackers to obtain relevant information. accesses users’ contact lists and sends information to attackers. Every day, the AV-TEST Institute registers more than 450,000 new malicious programs (malware) and potentially unwanted programs (PUAs), in the last year there have been about 70 million malicious programs for Windows, which is 5000 times more than for samples) macOS (where only

about 12,000 and 60 times more than the corresponding system, usually two participants (however, there may be a third person—the customer). The duration of such a conflict is determined by the strength of the defenses and capabilities of the attacker. Table 2 presents the stages of this conflict.

Regulation of this conflict is possible at a latent stage, if the user has a high level of information protection, following the basic rules: password management; use of at least two-factor authentication; use of licensed antivirus programs; control over personal information transmitted over the Internet; avoiding the use of public Wi-Fi networks.

The direction of our research will further be directed to the analysis of possible conflict situations between the head of the company and a subordinate in the context of the existence of an information conflict, which causes a violation of the information protection system.

Information conflict in security systems “subject-subject” at the level of business “internal employee—manager” is defined as the result of an employee’s insider activity, which led to a violation of the security policy in the company’s information system.

Insider activity—directed actions of motivated subjects who have legitimate access to information assets and skills to obtain valuable information, know the vulnerabilities of information systems and business processes, to cause material losses and/or reputational losses of the organization [ 20 ].

As the 2022 Cost of Insider Threats: Global Report reveals, insider threat incidents have risen 44% over the past two years, with costs per incident up more than a third to $15.38 million; the cost of credential theft to organizations increased 65% from $2.79 million in 2020 to $4.6 million at present; the time to contain an insider threat incident increased from 77 days to 85 days, leading organizations to spend the most on containment [ 21 ].

The authors [ 22 ] propose to consider the portrait of an insider from the point of view of psychological characteristics and activities: lowclass and high-class insiders. The activities of low-class insiders have been exposed and punished. The profile of such a violator includes the following features: these people do not have high-quality technical education; worked in various positions; are motivated by personal gain and are influenced by emotions; are not aware of the potential negative consequences of their actions; their behavior arouses suspicion on the part of colleagues.

High-class insiders see their malicious mission as their career decision. The portrait of such a violator is high-quality professional abilities, diligence, reliability, leadership, and dedication. Such insiders are very dangerous. The structure and stages of the informational conflict are different for each of these types. The description is presented in Table 3 and Table 4.

It should be noted that an insider can be an external actor, for example, a former employee, whose motive may be revenge for, in his opinion, unfair dismissal from work.

An information conflict is also possible if the insider activity was unintentional, but the loss of the company’s information data occurred. Moreover, the manager learned about this event after this incident. The structure of such a conflict does not contain a latent stage, since the informational conflict has occurred. The stage of the end of the conflict is the punishment of the employee (verbal or written penalty, material penalty, dismissal from work).

The conflict struggle is most often caused by a primitive perception of reality, as if one of the parties is capable of winning, and the other—is defeated. There is some redistribution of the spectral characteristics of the opposing sides in the conflict. The victorious gain in one aspect means inevitable loss, defeat, and loss in another. The essence of the contradiction is transformed and appears again in the future at another level of gradation of the complex structure of interests [ 14 ]. This process is demonstrated by an example of a dismissed employee. Therefore, it is important to understand the problem of conflict prevention. The authors of the study [ 23 ] proposed three approaches to detecting insider threats: ● Sociological, psychological, and organizational. ● Socio-technical. ● Technical.

In our opinion, this will make it possible to stop the informational conflict before the active stage.

The current stage is characterized by the introduction of mixed systems and methods of detecting insider threats [ 20 ]. Scientists are trying to combine two approaches in this direction: ● Psychosocial approach, the basis of which is the analysis of the mental and emotional states of employees, and it is possible to predict the behavior of an insider. ● Continuous monitoring in the network.

A large business has the material resources to implement software products to detect insider threats, for example, the CHAMPION system (Columnar Hierarchical Autoassociative Memory Processing in Ontological Networks), small and medium-sized businesses practically do not deal with this issue. In this regard, we offer the following recommendations regarding the possible forecasting of conflicts in the company’s information security. This process is based on two components: 1. Software for determining the user’s computer activity, the main of which is: ● Role-based access policy. ● Restrictions on data transmission and copying. ● Using MPI (Microsoft Purview Insider or DLP (Digital Light Processing). 2. Psychological methods for personality profiling can be used: • “Big Five” test • Test “Ability to self-govern” • Individual psychological test.

As a result of processing the obtained results, if everything is satisfactory, then there is constant monitoring of the information system on the one hand and training with employees on the other. Otherwise, the security policy should be further reviewed and additional methods of detecting and countering insiders should be added. Fig. 2 presents the algorithm of this process.

Therefore, increasing investments in the company’s information security will reduce the likelihood of information conflicts. However, companies stop at a level of rational investment that is equal to or less than the expected losses from a hack. This leads to a gap in investments (Fig. 3) in the cyber defense of companies [ 24 ]. Special measures of the government would allow the filling of this delta. For example, to subsidize equipment, software, and training, and increase the number of cyber specialists who know how to work with systems, programs, and equipment and ensure the functioning of all these components. No 1

Rational Investment Level

Minimum

Risk Level Possible Approaches to information conflict resolution g n i r o t i n o m S I s u o u n i t n o C

The relevance of the issue of information conflict at the level of international relations is confirmed by a large number of studies in the field of politics, law, military affairs, and cyber security [ 26–35 ].

Analysis of the literature made it possible to identify the following features and characteristics of information conflict in security systems: ● the geography of the conflict (in traditional battles, the defender has an advantage due to his knowledge of the terrain and the direction of the attack, in the cyber world these advantages disappear, since states often do not know where the attack will come from or even if an attack is happening [ 30 ]). ● the globality of the conflict (in any conflict, cyberattacks quickly become global as secretly acquired or hacked computers and servers around the world are brought into action [ 30 ]). ● responsibility for the conflict (in the digital sphere, identifying perpetrators is more difficult: most states deny any involvement in actions that can be considered military in cyberspace; it is easy to hide behind proxies, raise false flags and act on behalf of another person [ 27, 31 ]). ● an imbalance between offense and defense (a single weak point may be enough for an attacker to enter systems and networks to achieve their goals, while defenders need to guard many systems, often without adequate resources [ 27, 28, 31 ]).

An information conflict in security systems “subject-subject” at the international level “states, a group of subjects/hackers—institutions and/or political leaders of another state” is called the process of confrontation between subjects of international relations in cyberspace, where offensive means and techniques of subjects of one state are aimed at information systems of critical infrastructure objects of another state, as a result of which it is possible to disrupt the functioning of these objects.

The increase in the number of information conflicts at the international level is especially intensified during the period of armed conflicts between states. Thus, cyberattacks on the Ukrainian government and the military sector increased by 196% in the first three days of the Russian Federation’s war against Ukraine [18.

Summarizing the above, we have the following results: 1. The study of information conflicts from the point of view of information and cyber security is relevant and important since the relationships between participants in the virtual space are completely different. 2. When analyzing information conflicts in cyberspace, the following key issues should be considered: ● the problem of attribution (anonymity of the created cyber attack, it is difficult to distinguish different types of actors, including states, non-state groups, and individual hackers; the reward is a high level of information protection). ● the advantage of offense over defense (cyberspace encourages offensive strategies as opposed to defensive ones; attackers act without warning, looking for vulnerabilities, while cyber defense monitoring must be realtime and constant). ● unlimited territory.

● globality. 3. Effective prevention of cyber conflicts and their resolution requires public-private cooperation (involvement of security experts, IT technologies, members of the government, and scientists). 4. The creation of mathematical models in the process of analyzing information conflicts in cyber security systems will become an adequate tool for knowledge, description, and modeling of real phenomena in this field. 5. The theory of information conflicts in information and cyber security systems has an innovative character, strengthening the creation and development of new technologies for ensuring the integrity, availability, and confidentiality of information.