PERFORMANCE INDICATORS OF FUNCTIONING OF THE INFORMATION PROTECTION AND CYBER SECURITY SYSTEM OF OBJECTS OF CRITICAL INFORMATION INFRASTRUCTURE
Authors: Oleksandr Chernonoh; Lesya Kozbtsova; Igor Kozubtsov; Nyna Zdolbytskaia; Vyktor Kosheliuk; Sergei Sctanenko
Affiliation: Directorate of digital transformation and information security policy in the field of Defense, Ministry of defense of Ukraine, Kiev, Ukraine; Military institute of telecommunications and informatization named after Heroes of Krut, Kiev, Ukraine; Military institute of telecommunications and informatization named after Heroes of Krut, Kiev, Ukraine; Lutsk National Technical University, Lutsk, Ukraine; Lutsk National Technical University, Lutsk, Ukraine; Military institute of telecommunications and informatization named after Heroes of Krut, Kiev, Ukraine
Category:
Keywords: indicators, criteria, assessments, efficiency, functioning, information security and cybersecurity system, critical information infrastructure facilities.
ABSTRACT. The scientific article solves a private scientific and technical problem of the need to select possible indicators of the effectiveness of the information security system and cybersecurity of critical information infrastructure facilities. The scientific novelty of the obtained result lies in the fact that for the first time consistent indicators and criteria for evaluating the effectiveness of the information security system and cybersecurity of critical information infrastructure objects are proposed. The practical significance of the work lies in the fact that, based on the obtained indicators and criteria, in further work on their basis, to develop a private methodology for evaluating the effectiveness of the information security system and cybersecurity of critical information infrastructure facilities.
References:
1. Закон України “Про основні засади забезпечення кібербезпеки України”. URL: https://zakon.rada.gov.ua/laws/show/2163-19.
2. Маслова Н.А. Методы оценки эффективности систем защиты информационны систем. Искусственный интеллект. 2008. № 4.С. 253–264.
3. Андреев К. Метод оценки экономической эффективности подразделения по защите информации. Информационная безопасность. 2010. №5. URL: http://www.itsec.ru/articles2/ Oborandteh/metod-ocenki-ekonomicheskoi-effektivnosti-podrazdeleniya-po-zashite-informacii.
4. Ефимов Е.Н., Лапицкая Г.М. Оценка эффективности мероприятий информационной безопасности в условиях неопределенности. Бизнес-информатика. 2015. №1(31). С. 51–57.
5. Козубцова Л.М., Хлапонин Ю.І., Козубцов І.М. Методика оцінювання ефективності виконання заходів забезпечення кібербезпеки об’єктів критичної інформаційної інфраструктури організацій. Сучасні інформаційні технології у сфері безпеки та оборони. 2021. №2(41). С. 17–22.
6. Козубцова Л.М., Рудоміно-Дусятська І.А., Сновида В.Є. Обчислення показників ефективності функціонування системи захисту інформації і кібербезпеки // Науковий журнал «Комп'ютерно-інтегровані технології: освіта, наука, виробництво». Луцьк, 2021. Випуск №45. С. 19–25. URL: http://cit-journal.com.ua/index.php/cit/article/view/315/405.
7. International Energy Agency (2021) Enhancing Cyber Resilience in Electricity Systems. URL: https://webstore.iea.org/download/direct/4359.
8. International Organization for Standardization/International Electrotechnical Commission (2013) ISO/IEC 27001:2013 – Information technology – Security techniques – Information security management systems – Requirements (ISO, Geneva, Switzerland). URL: https://www.iso.org/standard/54534.html.
9. National Institute of Standards and Technology and North American Electric Reliability Corporation (2020) Mapping of NIST Cybersecurity Framework v1.1 to NERC CIP Reliability Standards. URL: https://doi.org/10.18434/mds2-2348.
10. North American Electric Reliability Corporation (2021) NERC CIP Enforceable Standards. URL: https://www.nerc.com/pa/Stand/Pages/CIPStandards.aspx.
11. National Institute of Standards and Technology (2018) Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1. (National Institute of Standards and Technology, Gaithersburg, MD). URL: https://doi.org/10.6028/NIST.CSWP.04162018.
12. National Institute of Standards and Technology (2021) National Online Informative References Program. URL: https://csrc.nist.gov/projects/olir.
13. Joint Task Force Transformation Initiative (2013) Security and Privacy Controls for Federal Information Systems and Organizations. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-53, Rev. 4, Includes updates as of January 22, 2015. URL: https://doi.org/10.6028/NIST.SP.800-53r4.
14. International Society of Automation (2013) ISA 62443-3-3:2013 – Security for industrial automation and control systems Part 3-3: System security requirements and security levels (ISA, North Carolina, USA). URL: https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu.
15. Department of Energy (2021) Cybersecurity Capability Maturity Model. URL: https://www.energy.gov/ceser/cybersecurity-capability-maturity-model-c2m2.
16. Center for Internet Security (2021) CIS Controls V8. URL: https://www.cisecurity.org/controls/.
17. Information Systems Audit and Control Association (ISACA) (2021) Control Objectives for Information and Related Technologies. URL: https://www.isaca.org/resources/cobit.
Menu