Аналіз сучасних підходів до управління вимогами кібербезпеки при впровадженні програмного забезпечення

S.O. Gnatyuk; V.M. Sydorenko; A.A. Skurativskyi

doi:10.18372/2073-4751.82.20363

Authors

S.O. Gnatyuk State University "Kyiv Aviation Institute" https://orcid.org/0000-0003-4992-0564
V.M. Sydorenko State University "Kyiv Aviation Institute" https://orcid.org/0000-0002-5910-0837
A.A. Skurativskyi State University "Kyiv Aviation Institute" https://orcid.org/0009-0000-0566-2394

DOI:

https://doi.org/10.18372/2073-4751.82.20363

Keywords:

cybersecurity, cybersecurity requirements, requirements management, information systems, data protection, cyber threats, functional requirements, non-functional requirements, ISO/IEC 27001, NIST, security policy, governance policy, requirements documentation

Abstract

This article examines modern approaches to managing cybersecurity requirements during software implementation. It analyzes the regulatory and legal framework, as well as scientific sources governing the requirements for the protection of information systems. Particular attention is paid to the classification of cybersecurity requirements (functional and non-functional), methods of their formulation, documentation, and integration into the software development process. It is determined that cybersecurity requirements management involves not only technical but also organizational and legal aspects, requiring a systematic approach. The role of policies, procedures, technical solutions, and regulations in forming a secure digital environment is considered. The importance of continuous monitoring, updating of requirements, and consideration of the dynamics of cyber threats is substantiated. Furthermore, best practices for managing cybersecurity requirements are presented, along with recommendations for improving the security level of information systems. The obtained results can be used to improve cybersecurity risk management practices, implement security standards, and develop secure software in both the public and private sectors.

References

Li L. et al. LogicEdu: Enhancing Computational Logic Understanding through Web-Based Boolean Logic Simplification Tool. 2024 21st International SoC Design Conference (ISOCC) : proceedings, Sapporo, Japan, 19–22 August 2024 / IEEE. 2024. P. 390–391. DOI: 10.1109/ISOCC62682.2024.10762040.

Deepak S. et al. New Decision-Making Process Based on Set Theory: Towards Application of Set Theory. 2023 IEEE International Conference on ICT in Business Industry & Government (ICTBIG) : proceedings, Indore, India, 08–09 December 2023 / IEEE. 2024. P. 1–6. DOI: 10.1109/ICTBIG59752.2023.10456045.

Wang H. Network Graph Theory and Organization Model Analysis based on Mathematical Modeling with the Dynamic Systematic Data Perspective. 2022 6th International Conference on Trends in Electronics and Informatics (ICOEI) : proceedings, Tirunelveli, India, 28–30 April 2022 / IEEE. 2022. P. 915–919. DOI: 10.1109/ICOEI53556.2022.9776767.

Yu Q., Li Z. A Bayesian Model Averaging Method for Software Reliability Assessment. 2020 Asia-Pacific International Symposium on Advanced Reliability and Maintenance Modeling (APARM) : proceedings, Vancouver, BC, Canada, 20–23 August 2020 / IEEE. 2020. P. 1–5. DOI: 10.1109/APARM49247.2020.9209504.

Yang B. et al. A critical and comprehensive handbook for game theory applications on new power systems: Structure, methodology, and challenges. Protection and Control of Modern Power Systems. 2025. P. 1–27. DOI: 10.23919/PCMP.2024.000297.

Shukla P. et al. 9 Nature-inspired optimization techniques. Nature-Inspired Optimization Algorithms: Recent Advances in Natural Computing and Biomedical Applications / ed. by A. Khamparia et al. Berlin : De Gruyter, 2021. З. 137-152.

Beniwal R., Kumar V., Sharma V. Metaheuristics Approaches Towards Secure and Optimized Routing in IoT: A Systematic Literature Review. 2024 International Conference on Electrical Electronics and Computing Technologies (ICEECT) : proceedings, Greater Noida, India, 29–31 August 2024 / IEEE. 2024. P. 1–6. DOI: 10.1109/ICEECT61758.2024.10739076

Zin T. T. et al. Fusion of Strategic Queueing Theory and AI for Smart City Telecommunication System. 2024 IEEE 21st International Conference on Mobile Ad-Hoc and Smart Systems (MASS) : proceedings, Seoul, Republic of Korea, 23–25 September 2024 / IEEE. 2024. P. 653–657. DOI: 10.1109/MASS62177.2024.00104.

Zhang N. et al. Application of Fault Tree Analysis for Reliability Evaluation and Weak Link Identification of Stadium Power Supply System Using Monte Carlo Simulation. 2021 IEEE Sustainable Power and Energy Conference (iSPEC) : proceedings, Nanjing, China, 23–25 December 2021 / IEEE. 2021. P. 4209–4214. DOI: 10.1109/iSPEC53008.2021.9735815.

Kim D., Jeon B., Koo K. C. Addressing Timely AI Technology Standardization Challenges through a Hierarchical Analysis Approach. 2023 14th International Conference on Information and Communication Technology Convergence (ICTC) : proceedings, Jeju Island, Korea, Republic of, 11–13 October 2023 / IEEE. 2023. P. 1431–1433. DOI: 10.1109/ICTC58733.2023.10393654.

ISO/IEC. Information Security, Cybersecurity and Privacy Protection — Information Security Management Systems — Requirements. ISO/IEC 27001:2022. Geneva, Switzerland: International Organization for Standardization, 2022. 33 p. DOI: 10.3403/30514785.

European Parliament and Council. General Data Protection Regulation (GDPR). Regulation (EU) 2016/679. Brussels, Belgium, 2016. 88 p.

National Institute of Standards and Technology. Cybersecurity Framework 2.0. Gaithersburg, MD, USA: NIST, 2024. 58 p. DOI: 10.6028/NIST.CSWP.02022024.

U.S. Congress. Cybersecurity Information Sharing Act (CISA). Public Law No: 114-113. Washington, DC, USA, 2015. 13 p.

U.S. Department of Health and Human Services. Health Insurance Portability and Accountability Act (HIPAA). Washington, DC, USA, amended 2024. 42 p.

U.S. Congress. Federal Information Security Modernization Act (FISMA) of 2014. Washington, DC, USA, 2014. 16 p.

` European Parliament and Council. Directive on Measures for a High Common Level of Cybersecurity across the Union (NIS2 Directive). Directive (EU) 2022/2555. Brussels, Belgium, 2022. 71 p.

European Parliament and Council. Directive on Privacy and Electronic Communications (ePrivacy Directive). Directive 2002/58/EC. Brussels, Belgium, 2002, consolidated 2009. 10 p.

QATestLab. Нефункціональні вимоги: приклади, типи, підходи URL: https://training.qatestlab.com/blog/technical-articles/non-functional-requirements-examples-types-approaches/.

Сироватченко М. Правові аспекти забезпечення кібербезпеки в Україні: сучасні виклики та перспективи. Юридичний вісник. 2024. № 4(41). С. 78–85.

Худолій А. Кібербезпека: сучасні виклики перед Україною. Acta De Historia & Politica: Saeculum XXI. 2019. № 1. С. 138–146.

Цвілій О. О. Система сертифікації кібербезпеки інформаційних та комунікаційних технологій. Наукові праці ОНАЗ ім. О.С. Попова. 2020. № 2. С. 121–126.

Трофіменко О. Г. та ін. Кібербезпека України: аналіз сучасного стану. Захист інформації. 2019. Т. 21. С. 3–12.

Admass W. S., Munaye Y. Y., Diro A. A. Cyber Security: State of the Art, Challenges and Future Directions. Cyber Security and Applications. 2024. Vol. 2. 100031.URL: Available: https://www.scirp.org/journal/paperinformation.aspx?paperid=129715.

Kim H., Park J., Lee S. A Framework for Cybersecurity Requirements Management in the Automotive Industry. Sensors. 2023. Vol. 23, no. 10. P. 4979. DOI: 10.3390/s23104979.

Cremer S., Sheehan B., Smith J. Cyber Risk and Cybersecurity: A Systematic Review of Data Availability. Global Policy and Public Risk. 2022. Vol. 47, no. 3. P. 123–139.

Nguyen T. T., Tran M. H., Le D. H. Managing Cybersecurity Risks in Emerging Technologies. Journal of Emerging Technologies. 2023. Vol. 5, no. 2. P. 89–102.

Analysis of modern approaches to cybersecurity requirements management during soft-ware implementation

Authors

DOI:

Keywords:

Abstract

References

Downloads

Published

Issue

Section

License

Developed By

Language

Information