EFFICIENCY OF SOFTWARE FOR NATIONAL CYBERSECURITY
DOI:
https://doi.org/10.28925/2663-4023.2025.30.922Keywords:
cybersecurity, risks, goal hierarchy, relative efficiency, algorithm, method, information securityAbstract
The article presents a method for assessing the effectiveness of cybersecurity programs (CSP) considering cyberattacks and associated risks, which is a continuation of the authors' previous research. The proposed approach is based on a modification of the target dynamic evaluation method for programs over a specified time interval, enabling the consideration of a complex structure of interrelations between objectives, the impact of cyberattacks, risks, and delays in achieving results. The method involves constructing a network hierarchy of objectives in three stages: first, the main objective is decomposed from top to bottom by identifying sub-objectives that directly influence its achievement, with their types defined (quantitative, qualitative, deterministic, stochastic, qualifying, or threshold); second, a bottom-up analysis is performed to establish feedback loops; third, models of cyberattacks and risks are integrated into the hierarchy. Cyberattacks are modeled as special programs that negatively affect objectives, while risks are accounted for by introducing indicators in the form of additional objectives. The evaluation of CSP effectiveness is based on determining the degree of impact of program implementation (both simple and complex) on the achievement of the main objective. The paper introduces the concept of an instantaneous relative efficiency indicator, which allows analyzing the dynamics of efficiency at different implementation stages. An iterative algorithm for simulating the hierarchy is used to calculate the degree of objective achievement, taking into account nonlinearity, feedback, and time-dependent parameters. A key feature of the method is the ability to promptly recalculate efficiency when program structures change. The method is applied to assess the effectiveness of CSP implementation directions, sets of cyberattacks and risks, as well as countermeasures against them. The developed approach can be used not only in the field of cybersecurity but also for analyzing complex target programs in technical, economic, and other domains.
Downloads
References
Kostiuk, Yu. V., Skladannyi, P. M., Bebeshko, B. T., Khorolska, K. V., Rzaieva, S. L., & Vorokhob, M. V. (2025). Information and communication systems security. [Textbook] Kyiv: Borys Grinchenko Kyiv Metropolitan University.
Kostiuk, Yu. V., Skladannyi, P. M., Hulak, H. M., Bebeshko, B. T., Khorolska, K. V., & Rzaieva, S. L. (2025). Information security systems. [Textbook] Kyiv: Borys Grinchenko Kyiv Metropolitan University.
Hulak, H. M., Zhyltsov, O. B., Kyrychok, R. V., Korshun, N. V., & Skladannyi, P. M. (2023). Enterprise information and cyber security. [Textbook] Kyiv: Borys Grinchenko Kyiv Metropolitan University.
Brailovskyi, M. M., Khoroshko, V. O., Koziura, V. D., & Blavatska, N. H. (2023). Software for protecting the state against cyberattacks. Information Protection, 23(4), 184–191.
Laptiev, O. A., Kuzavkov, V. V., & Khoroshko, V. O. (2023). Systems for detecting covert acoustic information interception devices. Kyiv: Millennium. ISBN 978-966-8063-76-7.
Khoroshko, V. O., Shelest, M. Ye., & Tkach, Yu. M. (2020). Multicriteria evaluation of cybersecurity project effectiveness. Technical Sciences and Technologies, 1(19), 141–124.
Totsenko, V. H. (2000). Harmonization and aggregation of expert assessments considering competence in group evaluation of alternatives for decision support. Problems of Control and Informatics, (4), 128–141. https://doi.org/10.15407/pci2000.04.128
Zghurivskyi, M. Z., & Kovalenko, N. I. (2000). Information approach to project risk analysis and management. Problems of Control and Informatics, (4), 146–156. https://doi.org/10.15407/pci2000.04.146
Novosad, V. P., & Seliverstov, R. H. (2008). Methodology of expert evaluation. Kyiv: NAPA.
Ivanenko, O. H., & Lapa, V. H. (2000). Prediction of random processes (3rd ed., rev.). Kyiv: Naukova Dumka. https://doi.org/10.15407/naukova_dumka.2000.ivanenko
Katrenko, A. V., Pasychnyk, V. V., & Pasko, V. P. (2009). Decision-making theory. Kyiv: BHV Publishing Group. https://doi.org/10.15407/bhv2009.katrenko
Veres, O. M. (2010). Decision support technologies. Lviv: Lviv Polytechnic Publishing.
Laptiev, O. A., & Khoroshko, V. O. (2024). Detection, localization, and processing of signals from covert information interception devices. Kyiv: Millennium.
Laptiev, O. A., & Marchenko, V. V. (2025). Using interference to protect information from leakage via radio channel. Modern Information Protection, (1), 89–97. https://doi.org/10.31673/2409-7292.2025.013057
Khoroshko, V., Khokhlachova, Y., Laptiev, O., & Fowad, A. A. (2025). Mathematical apparatus for finding the optimal configuration of a secure communication network with a specified number of subscribers. Informatyka, Automatyka, Pomiary w Gospodarce i Ochronie Środowiska, 15(1), 62–66. https://doi.org/10.35784/iapgos.6406
Laptiev, O., Laptieva, T., & Brailovskyi, M. (2025). Methods of calculating parameters for detecting signals of covert information acquisition devices. Cybersecurity: Education, Science, Technology, 4(28), 575–585. https://doi.org/10.28925/2663-4023.2025.28.812
Al-Dalvash, A., Petchenko, M. V., & Laptiev, O. A. (2025). Method for detecting digital radio signals using differential transformation. Modern Information Protection, (1), 285–291. https://doi.org/10.31673/2409-7292.2025.014329
Kalchuk, I., Laptieva, T., Lukova-Chuiko, N., & Kharkevych, Yu. (2021). Method for building secure data transmission channels using a modified neural network. Information Technology and Security, 9(2), 232–243.
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 Володимир Хорошко, Олександр Лаптєв, Микола Браіловський, Тетяна Лаптєва, Сергій Лаптєв
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
