12 TH INTERNATIONAL CONFERENCE ON APPLICATION OF INFORMATION AND COMMUNICATION TECHNOLOGY AND STATISTICS IN ECONOMY AND EDUCATION (ICAICT SEE 2022), DECEMBER 2-3 RD , 2022, UNWE, SOFIA, BULGARIA 15 Threats Model for the Security of Personal Data During Their Processing Serghei Ohrimenco 1 , Svetlana Apachita 1 , Eduard Ryzhkov 2 , Lyudmila Rybalchenko 2 1 Academy of Economic Studies of Moldova, Chisinau, Republic of Moldova 2 State University of Internal Affairs, Dnipro, Ukraine osa@ase.md, tibuleac.svetlana@gmail.com revord924@ukr.net, luda_r@ukr.net Abstract. The article describes the main steps to form a model of threats to the security of personal data during their processing in information systems. Particular attention is paid to the deliberate actions of the violator, which lead to damage to the interests of the individual, society and the state. The results of the analysis of existing methods and standards are presented, including: ISO 27005-2022, The STRIDE Threat Model, NIST Special Publication 800-37. The hierarchical intruder model is described as one of the sources of threats along with malware carriers and bookmarks, the definition and description of attack channels. Keywords: Information security, Threats model, ISO Standards, Computer attack, Personal data security. 1. Introduction In European countries, the relevant personal data protection (PD) legislation is used, which defines: principles and criteria for automated data processing; rights and obligations of entities and holders of personal data; issues of cross-border transfer of personal data; liability and sanctions for damage [1, 2, 3]. A separate, completely unresolved problem is the development of a list of data security threats during their processing in PD information systems. Security threats can be caused by intentional or unintentional actions of persons, services, organizations that lead to the damage ot of questions arise regarding the formation of initial threats to PD. 2. Formation of a list of current threats Threat modeling is an independent scientific and practical direction in information security. Among the many literature sources, it should be for threat modeling for the Windows operating system. This is one of the earliest and most famous works, which presents approaches to the description of threats and their modeling. Strategies for Threat Modeling covers a great many ways to approach threat modeling. A list of the main threats has been proposed and their analysis has been carried out, with the following steps identified: Mitigating threats; Eliminating threats: Transferring threats: Accepting the risk. When analysing the available literature sources [3, 9, 11, 15, etc.], a list of actual threats to the security of PD was determined. They should include the following: threats from the