SYSTEM OF CYBER RESISTANCE ASSESSMENT INDICATORS INFORMATION SYSTEMS OF CRITICAL INFRASTRUCTURE OBJECTS

Authors

  • Volodymyr Shypovskyi Department of Information and Analytical Technologies of the Institute of Information and Telecommunication Technologies and Cyber Defense of the National Defense University of Ukraine named after Ivan Chernyakhovsky https://orcid.org/0000-0003-3743-3064

DOI:

https://doi.org/10.18372/2410-7840.25.17597

Keywords:

cyber resistance, information system, critical objects, methods of assessing the level of cyber protection, critical infrastructure

Abstract

In today's world, where computer technology is an integral part of most aspects of our lives, cyber security is becoming more and more relevant and critical. This is especially true for critical facilities such as power plants, transportation systems, medical facilities, banks, and other systems where insufficient cyber resilience can lead to serious consequences, including loss of life and property damage. The article provides a comparative analysis of the main approaches to assessing the level of cyber protection of information systems, analyzes the main criteria and indicators of these approaches, and develops a general model of the system of indicators for assessing the cyber resistance of information systems of critical objects. Evaluating the cyber resistance of such systems is a complex and responsible task, as it requires the analysis of a large number of factors that affect the security of information systems. Therefore, the selection of indicators and criteria for assessing the cyber resilience of information systems of critical objects is a very important and urgent problem for scientific research in the field of cyber security.

References

Cybersecurity in the Internetof Things in Indus-trial Management. R.J. Raimundo, A.T. Rosário. URL: https://www.mdpi.com/2076-3417/ 12/3/ 1598 (дата звернення: 12.02.2023).

Evaluation of Cybersecurity Management Control sand Metrics of Critical Infrastructures: A Litera-ture Review Consideringthe NIST Cybersecurity Framework. Barbara Krumay, Edward W. N. Bernroider, Roman Walser URL: https: // link. springer. com / chapter/10.1007/978-3-030-0363 8-6_23 (дата звернення: 12.02.2023).

Evaluation of Cybersecurity Management Control sand Metrics of Critical Infrastructures: A Litera-ture Review Considering the NIST Cybersecurity Framework. Barbara Krumay, Edward W. N. Bernroider, Roman Walser URL: https: // link. springer .com / chapter/ 10.1007 / 978-3-030-0363 8-6_23 (дата звернення: 12.02.2023).

A comprehensive framework for the assessment of Governmen tprojects J. Rhoda, C. Joseph b URL: https: // www. sciencedirect. com/science/ arti-cle/abs/pii/S0740624X07000603 (дата звернення: 18.02.2023).

Національний інститут стандартів та технологій (NIST) США. URL: https://www.nist.gov/ cyberframework / cybersecurity-framework (дата звернення: 10.02.2023).

Європейське агентства з кібербезпеки (ENISA). URL: https: // www.enisa.europa.eu/topics/cybersecurity-act/cybersecurity-certification (дата звернення: 15.02.2023).

Міжнародна організація зі стандартизації (ISO). URL:https://www.nist.gov/cyberframework/cybersecurity - framework (дата звернення: 10.02. 2023).

NIST Cybersecurity Framework, NIST. URL: https://www.nist.gov/cyberframework (дата звернення: 11.02.2023).

Introduction to the Cybersecurity Capability Ma-turity Model (C2M2), NIST. URL: https://www. nist. gov/services-resources/software/cybersecurity-evaluation-tool-cset (дата звернення: 11.03. 2023).

Cybersecurity Evaluation Tool, CSET.URL: https: //www.nist.gov/cyberframework/cybersecurity-framework (дата звернення: 10.02.2023).

Cybersecurity of AI and Standardisation. URL: https:// www. enisa. europa.eu / publications /cybersecurity-of-ai-and-standardisation (дата звернення: 22.02.2023).

Embedded Sim Ecosystem, Security Risksand-Measures. URL: https: //www.enisa.europa. eu/ publications/embedded-sim-ecosystem-security-risks-and-measures (дата звернення: 11.03.2023).

Building Effective Governance Frameworksfor the Implementation of National Cybersecurity Strategies. URL: https: // www. enisa. europa.eu /publications/building-effective-governance-fra-meworks-for-the-implementation-of-national-cybersecurity - strategies (дата звернення: 10.02. 2023).

Стандарты управления информационной безопасностью ISO/IEC 27001:2013. URL:https:// learn.microsoft. com / ru-ru /compliance/regulatory/offering-iso-27001 (дата звернення: 20.02. 2023).

Сертифікація систем управління інформаційною безпекою. URL: https://www.bureauveritas.com.ua/needs/iso-27001-sertifikaciya-sistem-upravlinnya-informaciynoyu-bezpekoyu (дата звернення: 21.02.2023).

Розробка системи ISO 27001. URL: https: // atestor.ua / uk / services / vnedrenie-standarta-ISO-27001 / (дата звернення: 20.02.2023).

Downloads

Published

2023-05-25

Issue

Vol. 25 No. 1 (2023): Ukrainian Information Security Research Journal

Section

Articles

License

Authors who publish with this journal agree to the following terms:

  1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.

  2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.

  3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).