METHODOLOGY FOR ASSESSMENT THE SUM OF CYBERSECURITY RISKS OF THE INFORMATION SYSTEM OF OBJECTS OF CRITICAL INFRASTRUCTURE
Keywords:cybersecurity, risk, critical infrastructure, information system, methodology
To determine the economic feasibility of the application and selection of certain measures to handle the risk of the project as a whole, including both organizational and technical, it is necessary to make an estimated comparison of the cost of such measures with the maximum amount of losses resulting from several risks. The paper proposes a methodology for assessing the amount of cybersecurity risks of the information system of critical infrastructure facilities. The methodology proposed in the article is based on the application of methods for calculating the sum of risks and calculating complex risk. Based on the methodology proposed in this article, structural solutions of computing systems for assessing the risk of cybersecurity of information systems that implement methods for calculating the sum of risks and calculating complex risk are presented, as well as software systems are built. The results can be used to determine the risk of a complex project (there may be a complex information system), characterized by the consequences of the project and the likelihood of these consequences.
Petar Radanlieva, David Charles De Rourea, Razvan Nicolescub, Michael Huthb, Rafael Mantilla Montalvoc, Stacy Cannadyc, Peter Burnap. Future develop-ments in cyber risk assessment for the internet of things. Computers in Industry. Vol. 102. 2018. pp.14-22.
Мохор В.В., Гончар С.Ф., Дибач О.М. Методи оцінки сумарного ризику кібербезпеки об’єктів критичної інфраструктури // Ядерна та радіаційна безпека. 2019. №2(82). С. 57-61.
MansourAlali, AhmadAlmogren, Mohammad MehediHassan, Iehab A.L. Rassan, Md Zakirul Alam Bhuiyan. Improving risk assessment model of cyber security using fuzzy logic inference system. Computers & Security. Vol. 74. 2018. pp. 323-339.
Derek Young, Juan Lopez Jr., Mason Rice, Benjamin Ramsey, Robert McTasney. A framework for incorporating insurance in critical infrastructure cyber risk strategies. International Journal of Critical Infrastruc-ture Protection. Vol. 14. 2016. pp. 43-57.
Martin Eling, Jan Wirfs. What are the actual costs of cyber risk events? European Journal of Operational Research. 2019. Vol. 272, Issue 3. pp. 1109-1119.
Jain P., Pasman H. J., Waldram S., Pistikopoulos E. N., Mannan M. S. Process Resilience Analysis Framework (PRAF): A systems approach for im-proved risk and safety management. Journal of Loss Prevention in the Process Industries. 2018. Vol. 53. pp. 61-73.
Rowe W. D. An Anatomy of Risk. Environmental Protection Agency. Washington, 1975. 125 р.
Мохор В.В., Гончар С.Ф. Идея построения ал-гебры рисков на основе теории комплексных чисел // Електронне моделювання. 2018. Т.40. №4. С. 107-111.
LicenseAuthors who publish with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).