Methodological Approaches to Assessing Enterprise Information Security Using a Process-Oriented Approach

Kostiuk, Yuliia та Sokolov, Volodymyr та Skladannyi, Pavlo та Khorolska, Karyna (2026) Methodological Approaches to Assessing Enterprise Information Security Using a Process-Oriented Approach International Journal of Information Engineering and Electronic Business, 18 (3). с. 37-51. ISSN 2074-9023

Текст Y_Kostiuk_ P_Skladannyi_V_Sokolov_K_Khorolska_IJIEED_18_3_2026.pdf Download (1MB)

Анотація

The article proposes a process-oriented methodology for assessing enterprise information security, which serves as an integral indicator of business process security Q based on a multi-level system of mathematical models. The proposed approach combines risk-oriented analysis, stochastic modelling, fuzzy set methods, and optimisation of the distribution of protection resources, ensuring the linkage of security indicators to the enterprise's functional business processes. The simulation model allows the reproduction of the dynamics of cyberattack flows and the assessment of the impact of variable threat intensity on the stability of business processes in near real time. Experimental validation of the methodology on depersonalised incident logs and simulated attack scenarios showed that the integration of the optimisation module provides an increase in the integral security indicator Q by 12-27% depending on the intensity of threats, and also contributes to the rational redistribution of cybersecurity resources in favour of the most critical business processes. A comparative analysis with the Classical Risk Matrix, NIST SP 800-30, and ISO/IEC 27005 confirmed the proposed model's higher accuracy and adaptability in a dynamic cyber environment. Machine learning methods are used as an auxiliary adaptive mechanism to refine model parameters, rather than as the primary risk assessment tool. The results obtained demonstrate the practical applicability of the process-oriented simulation and optimisation model for improving the resilience of enterprise business processes and reducing residual cyber risk.

Тип елементу :	Стаття
Ключові слова:	Information Security; Business Processes; Process-Oriented Approach; Simulation Modelling; Risk Assessment; Integral Security Indicator; Resource Optimisation
Типологія:	Статті у базах даних > Scopus > У виданнях Q4 Scopus
Підрозділи:	Факультет інформаційних технологій та математики > Кафедра інформаційної та кібернетичної безпеки ім. професора Володимира Бурячка
Користувач, що депонує:	Павло Миколайович Складанний
Дата внесення:	10 Черв 2026 08:50
Останні зміни:	10 Черв 2026 08:50
URI:	https://elibrary.kubg.edu.ua/id/eprint/57880

Actions (login required)

Перегляд елементу