Decision-Making Method for Cybersecurity Incident Management in Critical Infrastructure of the State

Abstract

In modern conditions of increasing intensity and complexity of cyber threats, the issue of effective cybersecurity incident management in critical infrastructure of the state becomes a top priority for ensuring national security and the continuity of critical services. The uncertainty of cyber incident development, the multiplicity of possible response options, and limited resources necessitate the application of formalized and scientifically grounded approaches to decision support. This paper presents a decision-making method for cybersecurity incident management in critical infrastructure of the state, which is based on a systems approach and formalization of the response process. The proposed method provides a step-by-step analysis of a cyber incident, formation of a set of response alternatives, modeling of probabilistic development scenarios, quantitative assessment of consequences using a results matrix, and selection of an optimal managerial decision based on the criterion of maximizing the expected effect. A distinctive feature of the proposed method is the integration of a feedback mechanism that enables evaluation of the effectiveness of implemented response measures and adaptation of the decision-making process to changing operating conditions of critical infrastructure facilities and the emergence of new types of cyber threats. The practical significance of the results lies in the applicability of the method in security operation centers and decision support systems to improve the justification of managerial actions and minimize the negative consequences of cyber incidents. Further research will focus on experimental verification of the method in various critical infrastructure sectors and its extension using multi-criteria analysis and dynamic resource constraints.