Cyber risk management technology to strengthen the information security of the national economy

User Rating:  / 0
PoorBest 

Authors:


S.Onyshchenko, orcid.org/0000-0002-6173-4361, National University “Yuri Kondratyuk Poltava Polytechnic”, Poltava, Ukraine, e-mail: This email address is being protected from spambots. You need JavaScript enabled to view it.

Ye.Zhyvylo, orcid.org/0000-0003-4077-7853, National University “Yuri Kondratyuk Poltava Polytechnic”, Poltava, Ukraine, e-mail: This email address is being protected from spambots. You need JavaScript enabled to view it.

A.Hlushko*, orcid.org/0000-0002-4086-1513, National University “Yuri Kondratyuk Poltava Polytechnic”, Poltava, Ukraine, e-mail: This email address is being protected from spambots. You need JavaScript enabled to view it.

S.Bilko, orcid.org/0000-0003-0259-4482, National University “Yuri Kondratyuk Poltava Polytechnic”, Poltava, Ukraine, e-mail: This email address is being protected from spambots. You need JavaScript enabled to view it.

* Corresponding author e-mail: This email address is being protected from spambots. You need JavaScript enabled to view it.


повний текст / full article



Naukovyi Visnyk Natsionalnoho Hirnychoho Universytetu. 2024, (5): 136 - 142

https://doi.org/10.33271/nvngu/2024-5/136



Abstract:



Purpose.
Developing a technology for managing cyber risks based on their improved classification by the level of impact on the occurrence of an extreme situation.


Methodology.
To achieve the goal, general scientific and special methods of cognition were used in the study: dialectical and systemic approaches, analysis and synthesis, logical generalization and grouping, structural-logical method, iterative approach, modeling, method of formal representations of uncertainty.


Findings.
A cyber risk management technology has been developed, consisting of four main stages: analysis of cyber threats (context establishment; security audit; formation of scenario concepts); scenario modeling (threat decomposition; scenario formation; setting criteria; setting probability estimates of concepts (variables); building a network architecture; formation of a private threat model; scenario analysis); risk assessment; object classification. The proposed approach to cybersecurity risk management provides vulnerability detection and risk assessment (risk potential) and simplifies the development of management solutions to prevent events affecting cybersecurity.


Originality.
The proposed technology differs from the existing ones by focusing on identifying those vulnerabilities and cyber threats that, according to their improved classification by the level of impact on the occurrence of an extreme situation, can lead to serious disruptions in the functioning of critical information infrastructure of the national economy.


Practical value.
The practical significance of the study lies in the fact that the proposed cyber risk management technology is one of the tools for preventing the realization of risks in cyberspace and the basis for strengthening the information security of economic entities in particular and the national economy as a whole.



Keywords:
cybersecurity, critical information infrastructure, artificial intelligence, economic entity, digitalization

References.


1. Onyshchenko, S., Yanko, A., Hlushko, A., Maslii, O., & Cherviak, A. (2023). Cybersecurity And Improvement Of The Information Security System. Journal of the Balkan Tribological Association, 29(5), 818-835.

2. Shefer, O., Laktionov, O., Pents, V., Hlushko, A., & Kuchuk, N. (2024). Practical principles of integrating artificial intelligence into the technology of regional security predicting. Advanced Information Systems, 8(1), 86-93. https://doi.org/10.20998/2522-9052.2024.1.11.

3. Krasnobayev, V., Yanko, A., & Hlushko, A. (2023). Information Security of the National Economy Based on an Effective Data Control Method. Journal of International Commerce, Economics and Policy, 2350021. https://doi.org/10.1142/S1793993323500217.

4. Onyshchenko, S., Yanko, A., & Hlushko, А. (2023). Improving the efficiency of diagnosing errors in computer devices for processing economic data functioning in the class of residuals. Eastern-European Journal of Enterprise Technologies, 5(4(125)), 63-73. https://doi.org/10.15587/1729-4061.2023.289185.

5. Slayton, R. (2021). Governing Uncertainty or Uncertain Governance? Information Security and the Challenge of Cutting Ties. Science, Technology, & Human Values, 46(1), 81-111. https://doi.org/10.1177/0162243919901159.

6. Wouters, J., & Verhelst, A. (2020). Filling Global Governance Gaps in Cybersecurity: International and European Legal Perspectives. International Organisations Research Journal. https://doi.org/10.17323/1996-7845-2020-02-07.

7. Amankwa, E., Loock, M., & Kritzinger, E. (2018). Establishing information security policy compliance culture in organizations. Information & Computer Security, 26(4), 420-436. https://doi.org/10.1108/ICS-09-2017-0063.

8. Yusif, S., & Hafeez-Baig, A. (2021). A Conceptual Model for Cybersecurity Governance. Journal of Applied Security Research, 16(4), 490-513. https://doi.org/10.1080/19361610.2021.1918995.

9. Hidouri, A., Hajlaoui, N., Touati, H., Hadded, M., & Muhletha­ler, P. (2022). A Survey on Security Attacks and Intrusion Detection Mechanisms in Named Data Networking. Computers, 11, 186. https://doi.org/10.3390/computers11120186.

10. Onyshchenko, S., Yanko, A., Hlushko, A., Maslii, O., & Skryl, V. (2023). The Mechanism of Information Security of the National Economy in Cyberspace. Proceedings of the 4 th International Conference on Building Innovations. ICBI 2022. Lecture Notes in Civil Engineering, 299, 791-803. Cham: Springer. https://doi.org/10.1007/978-3-031-17385-1_67.

11. Laktionov, A. (2019). Application of index estimates for improving accuracy during selection of machine operators. Eastern-European Journal of Enterprise Technologies3(1(99)), 18-26. https://doi.org/10.15587/1729-4061.2019.165884.

12. Aven, T. (2016). Risk assessment and risk management: Review of recent advances on their foundation. European Journal of Operational Research, 253(1), 1-13. https://doi.org/10.1016/j.ejor.2015.12.023.

13. Cyber insurance: a new risk management tool (n.d.). Retrieved from http://forbes.net.ua/ua/opinions/1426423-kiber-strahuvannya-novij-instrument-rizik-menedzhmentu.

14. Jain, P., Pasman, H. J., Waldram, S., Pistikopoulos, E. N., & Mannan, M. S. (2018). Process Resilience Analysis Framework (PRAF): A systems approach for improved risk and safety management. Journal of Loss Prevention in the Process Industries53, 61-73. https://doi.org/10.1016/j.jlp.2017.08.006.

15. Cherdantseva, Yu., Burnap, P., Blyth, A., Eden, P., Jones, K., Soulsby, H., & Stoddart, K. (2016). A review of cyber security risk assessment methods for SCADA systems. Computers & Security, 56, 1-27. https://doi.org/10.1016/j.cose.2015.09.009.

16. Eling, M., & Wirfs, J. (2019). What are the actual costs of cyber risk events? European Journal of Operational Research272(3), 1109-1119. https://doi.org/10.1016/j.ejor.2018.07.021.

17. Young, D., Lopez Jr., J., Rice, M., Ramsey, B., & McTasney, R. (2016). A framework for incorporating insurance in critical infrastructure cyber risk strategies. International Journal of Critical Infrastructure Protection, 14, 43-57. https://doi.org/10.1016/j.ijcip.2016.04.001.

18. Alali, M., Almogren, A., Hassan, M. M., Rassan, I. A. L., & Md Bhuiyan, Z. A. (2018). Improving risk assessment model of cyber security using fuzzy logic inference system. Computers & Security, 74, 323-339. https://doi.org/10.1016/j.cose.2017.09.011.

19. Onyshchenko, S., Zhyvylo, Y., Cherviak, A., & Bilko, S. (2023). Determination of the peculiarities peculiarities of using information security systems in financial institutions in order to increase the financial security level. Eastern-European Journal of Enterprise Technologies, 5(13(125)), 65-76. https://doi.org/10.15587/1729-4061.2023.288175.

20. Global Cyber Insurance Market (2019–2025). Retrieved from https://www.researchandmarkets.com/reports/4871728/global-cyber-insurancemarket-2019-2025.

 

Visitors

7309692
Today
This Month
All days
1255
79975
7309692

Guest Book

If you have questions, comments or suggestions, you can write them in our "Guest Book"

Registration data

ISSN (print) 2071-2227,
ISSN (online) 2223-2362.
Journal was registered by Ministry of Justice of Ukraine.
Registration number КВ No.17742-6592PR dated April 27, 2011.

Contacts

D.Yavornytskyi ave.,19, pavilion 3, room 24-а, Dnipro, 49005
Tel.: +38 (056) 746 32 79.
e-mail: This email address is being protected from spambots. You need JavaScript enabled to view it.
You are here: Home Authors and readers EngCat Archive 2024 Content №5 2024 Cyber risk management technology to strengthen the information security of the national economy