Solution of a number of tasks in the field of computer systems security analysis requires building the most optimal strategy of intruder's actions: analysis of system security, a detailed risk assessment of the operated or designed system, solving the problem of optimal placement of information protection tools, etc. Building an optimal strategy often involves creation of attack trees or attack graphs. After building such objects one can search for the optimal path from the intruder's starting position to the target system malicious event (e.g., disabling the target component). This can be achieved for example by classical optimization problems solutions on graphs. However, when considering real systems, it is necessary to take into account the presence of multiple intruder starting positions that represent, for example, vulnerable system components accessible from external networks. Moreover, usually intruder needs to disable several system components in order to damage the system as a whole. This paper presents a description of the attack impact graph, for which the problem of finding an optimal attack strategy is solved, as well as an method for finding the optimal strategy of an intruder in a computer system modelled by an attack graph. Presented method accepts possibility of multiple initial attack vectors and a set of components (target events) that must be affected by the attack to cause damage to the system.