Methodology for Assessing Comprehensive Damages from an Information Security Incident

Соколов, Володимир Юрійович and Складанний, Павло Миколайович (2023) Methodology for Assessing Comprehensive Damages from an Information Security Incident Електронне фахове наукове видання «Кібербезпека: освіта, наука, техніка», 1 (21). pp. 99-120. ISSN 2663-4023

[thumbnail of Sokolov_Skladannyi_cest_21_1_2023.pdf] Text

Download (636kB)


Security incidents can have significant economic consequences for public authorities. To mitigate the economic impact of cybersecurity incidents, public authorities must invest in robust countermeasures, and collaboration with other government agencies, private sector partners, and international organizations can help increase resilience and response capacity to cyber attacks. The article uses the analysis of various vulnerabilities and the mechanism of transformation into a security incident, as well as analyzed approaches to monitoring existing threats and methods of countering them. International and national organizations and associations can act as data sources. Results from various reports are aggregated depending on the field of work of a certain organization and its form of ownership. Consideration of the mechanics of the transition of vulnerabilities into security incidents allows the creation of formalized models for audit systems and analysis of detected incidents or real-time monitoring. One of the main criteria is the assessment of cyber security risks. The publication proposes a method that takes into account the interrelationship of system components and allows taking into account the sequence of engagement of these components. Sources of operational and reporting information on security incidents are considered as international and national experiences. As a result, measures are proposed to reduce the risk of using existing vulnerabilities for state information networks and systems. Since the only method of qualitative transition to reduce losses from cyber incidents is to improve the quality of cyber security specialists, the article proposes a new retraining program for specialists from related fields: information technology, telecommunications, electronics, radio engineering, programming, etc. As a result of this study, it can be seen that the formation of security policy for state institutions should also take into account the economic impact and probable losses from cyber attacks. Further research is aimed at validating the proposed recommendations for the formation of security policy for state and commercial institutions and organizations.

Item Type: Article
Uncontrolled Keywords: cyber security; information protection; vulnerability; risk; security incident
Subjects: Це архівна тематика Київського університету імені Бориса Грінченка > Статті у журналах > Фахові (входять до переліку фахових, затверджений МОН)
Divisions: Це архівні підрозділи Київського університету імені Бориса Грінченка > Факультет інформаційних технологій та математики > Кафедра інформаційної та кібернетичної безпеки імені професора Володимира Бурячка
Depositing User: Павло Миколайович Складанний
Date Deposited: 02 Oct 2023 10:18
Last Modified: 02 Oct 2023 10:18

Actions (login required)

View Item View Item