Cyber risk management technology to strengthen the information security of the national economy
- Details
- Category: Content №5 2024
- Last Updated on 29 October 2024
- Published on 30 November -0001
- Hits: 110
Authors:
S.Onyshchenko, orcid.org/0000-0002-6173-4361, National University “Yuri Kondratyuk Poltava Polytechnic”, Poltava, Ukraine, e-mail: This email address is being protected from spambots. You need JavaScript enabled to view it.
Ye.Zhyvylo, orcid.org/0000-0003-4077-7853, National University “Yuri Kondratyuk Poltava Polytechnic”, Poltava, Ukraine, e-mail: This email address is being protected from spambots. You need JavaScript enabled to view it.
A.Hlushko*, orcid.org/0000-0002-4086-1513, National University “Yuri Kondratyuk Poltava Polytechnic”, Poltava, Ukraine, e-mail: This email address is being protected from spambots. You need JavaScript enabled to view it.
S.Bilko, orcid.org/0000-0003-0259-4482, National University “Yuri Kondratyuk Poltava Polytechnic”, Poltava, Ukraine, e-mail: This email address is being protected from spambots. You need JavaScript enabled to view it.
* Corresponding author e-mail: This email address is being protected from spambots. You need JavaScript enabled to view it.
Naukovyi Visnyk Natsionalnoho Hirnychoho Universytetu. 2024, (5): 136 - 142
https://doi.org/10.33271/nvngu/2024-5/136
Abstract:
Purpose. Developing a technology for managing cyber risks based on their improved classification by the level of impact on the occurrence of an extreme situation.
Methodology. To achieve the goal, general scientific and special methods of cognition were used in the study: dialectical and systemic approaches, analysis and synthesis, logical generalization and grouping, structural-logical method, iterative approach, modeling, method of formal representations of uncertainty.
Findings. A cyber risk management technology has been developed, consisting of four main stages: analysis of cyber threats (context establishment; security audit; formation of scenario concepts); scenario modeling (threat decomposition; scenario formation; setting criteria; setting probability estimates of concepts (variables); building a network architecture; formation of a private threat model; scenario analysis); risk assessment; object classification. The proposed approach to cybersecurity risk management provides vulnerability detection and risk assessment (risk potential) and simplifies the development of management solutions to prevent events affecting cybersecurity.
Originality. The proposed technology differs from the existing ones by focusing on identifying those vulnerabilities and cyber threats that, according to their improved classification by the level of impact on the occurrence of an extreme situation, can lead to serious disruptions in the functioning of critical information infrastructure of the national economy.
Practical value. The practical significance of the study lies in the fact that the proposed cyber risk management technology is one of the tools for preventing the realization of risks in cyberspace and the basis for strengthening the information security of economic entities in particular and the national economy as a whole.
Keywords: cybersecurity, critical information infrastructure, artificial intelligence, economic entity, digitalization
References.
1. Onyshchenko, S., Yanko, A., Hlushko, A., Maslii, O., & Cherviak, A. (2023). Cybersecurity And Improvement Of The Information Security System. Journal of the Balkan Tribological Association, 29(5), 818-835.
2. Shefer, O., Laktionov, O., Pents, V., Hlushko, A., & Kuchuk, N. (2024). Practical principles of integrating artificial intelligence into the technology of regional security predicting. Advanced Information Systems, 8(1), 86-93. https://doi.org/10.20998/2522-9052.2024.1.11.
3. Krasnobayev, V., Yanko, A., & Hlushko, A. (2023). Information Security of the National Economy Based on an Effective Data Control Method. Journal of International Commerce, Economics and Policy, 2350021. https://doi.org/10.1142/S1793993323500217.
4. Onyshchenko, S., Yanko, A., & Hlushko, А. (2023). Improving the efficiency of diagnosing errors in computer devices for processing economic data functioning in the class of residuals. Eastern-European Journal of Enterprise Technologies, 5(4(125)), 63-73. https://doi.org/10.15587/1729-4061.2023.289185.
5. Slayton, R. (2021). Governing Uncertainty or Uncertain Governance? Information Security and the Challenge of Cutting Ties. Science, Technology, & Human Values, 46(1), 81-111. https://doi.org/10.1177/0162243919901159.
6. Wouters, J., & Verhelst, A. (2020). Filling Global Governance Gaps in Cybersecurity: International and European Legal Perspectives. International Organisations Research Journal. https://doi.org/10.17323/1996-7845-2020-02-07.
7. Amankwa, E., Loock, M., & Kritzinger, E. (2018). Establishing information security policy compliance culture in organizations. Information & Computer Security, 26(4), 420-436. https://doi.org/10.1108/ICS-09-2017-0063.
8. Yusif, S., & Hafeez-Baig, A. (2021). A Conceptual Model for Cybersecurity Governance. Journal of Applied Security Research, 16(4), 490-513. https://doi.org/10.1080/19361610.2021.1918995.
9. Hidouri, A., Hajlaoui, N., Touati, H., Hadded, M., & Muhlethaler, P. (2022). A Survey on Security Attacks and Intrusion Detection Mechanisms in Named Data Networking. Computers, 11, 186. https://doi.org/10.3390/computers11120186.
10. Onyshchenko, S., Yanko, A., Hlushko, A., Maslii, O., & Skryl, V. (2023). The Mechanism of Information Security of the National Economy in Cyberspace. Proceedings of the 4 th International Conference on Building Innovations. ICBI 2022. Lecture Notes in Civil Engineering, 299, 791-803. Cham: Springer. https://doi.org/10.1007/978-3-031-17385-1_67.
11. Laktionov, A. (2019). Application of index estimates for improving accuracy during selection of machine operators. Eastern-European Journal of Enterprise Technologies, 3(1(99)), 18-26. https://doi.org/10.15587/1729-4061.2019.165884.
12. Aven, T. (2016). Risk assessment and risk management: Review of recent advances on their foundation. European Journal of Operational Research, 253(1), 1-13. https://doi.org/10.1016/j.ejor.2015.12.023.
13. Cyber insurance: a new risk management tool (n.d.). Retrieved from http://forbes.net.ua/ua/opinions/1426423-kiber-strahuvannya-novij-instrument-rizik-menedzhmentu.
14. Jain, P., Pasman, H. J., Waldram, S., Pistikopoulos, E. N., & Mannan, M. S. (2018). Process Resilience Analysis Framework (PRAF): A systems approach for improved risk and safety management. Journal of Loss Prevention in the Process Industries, 53, 61-73. https://doi.org/10.1016/j.jlp.2017.08.006.
15. Cherdantseva, Yu., Burnap, P., Blyth, A., Eden, P., Jones, K., Soulsby, H., & Stoddart, K. (2016). A review of cyber security risk assessment methods for SCADA systems. Computers & Security, 56, 1-27. https://doi.org/10.1016/j.cose.2015.09.009.
16. Eling, M., & Wirfs, J. (2019). What are the actual costs of cyber risk events? European Journal of Operational Research, 272(3), 1109-1119. https://doi.org/10.1016/j.ejor.2018.07.021.
17. Young, D., Lopez Jr., J., Rice, M., Ramsey, B., & McTasney, R. (2016). A framework for incorporating insurance in critical infrastructure cyber risk strategies. International Journal of Critical Infrastructure Protection, 14, 43-57. https://doi.org/10.1016/j.ijcip.2016.04.001.
18. Alali, M., Almogren, A., Hassan, M. M., Rassan, I. A. L., & Md Bhuiyan, Z. A. (2018). Improving risk assessment model of cyber security using fuzzy logic inference system. Computers & Security, 74, 323-339. https://doi.org/10.1016/j.cose.2017.09.011.
19. Onyshchenko, S., Zhyvylo, Y., Cherviak, A., & Bilko, S. (2023). Determination of the peculiarities peculiarities of using information security systems in financial institutions in order to increase the financial security level. Eastern-European Journal of Enterprise Technologies, 5(13(125)), 65-76. https://doi.org/10.15587/1729-4061.2023.288175.
20. Global Cyber Insurance Market (2019–2025). Retrieved from https://www.researchandmarkets.com/reports/4871728/global-cyber-insurancemarket-2019-2025.
Newer news items:
- Transformation of e-commerce business models in the digital economy - 29/10/2024 18:15
- Prerequisites of hybridization of university financing as a tool for ensuring sustainability and strategic development - 29/10/2024 18:15
- Analysis of mathematical methods for describing financial flows: dynamic modeling of an innovative company - 29/10/2024 18:15
- Analysing forced migration’s impact on Ukraine’s economic sustainability - 29/10/2024 18:15
- Innovation and infrastructure: driving forces for entrepreneurship development and economic opportunities - 29/10/2024 18:14
- Assessment of competitive advantages of IT system integrator companies taking industry factors into account - 29/10/2024 18:14
- Assessment of digital elevation models accuracy for local geoid modeling - 29/10/2024 18:14
- Intelligent Sentinel satellite image processing technology for land cover mapping - 29/10/2024 18:14
Older news items:
- Frequency dependence of reflections on radar landmarks - 29/10/2024 18:14
- Pipe production cost management model based on graph theory - 29/10/2024 18:14
- Establishing a plastic waste map using remote sensing data in the coastal area of Thanh Hoa province (Vietnam) - 29/10/2024 18:14
- Assessment of the efficiency of functioning of the environmental management system of enterprises - 29/10/2024 18:14
- Adequacy of measures to threats as one of the fundamental principles of safety riskology - 29/10/2024 18:14
- Analysis of natural and man-made factors of landslide development in the Carpathian region using GIS - 29/10/2024 18:14
- Justification of the safe parameters of recreational zones during the reclamation of watered residual quarry spaces - 29/10/2024 18:14
- Optimizing solar panel tilt angles across diverse Algerian terrain - 29/10/2024 18:14
- Aspects of Developing an Innovative, Energy-Efficient, LowEmission Co-Generator - 29/10/2024 18:14
- Saving energy resources during operation of rolling stock of underground electrified transport - 29/10/2024 18:14