INFORMATION THREATS AND METHODS OF ENSURING SECURITY IN MODERN ONLINE GAMES
DOI:
https://doi.org/10.28925/2663-4023.2025.31.1009Keywords:
cybersecurity, ethical hacking, technical information protection, offensive testing, enterprise cyber resilience, information security, threat modeling, system vulnerability, security audit, integrated protection system, preventive measures, cyber threat monitoring, risk management, penetration testing, conceptual model of cyber protection.Abstract
The article provides a comprehensive analysis of modern approaches to organizing cybersecurity at enterprises, which allowed not only to systematize existing concepts of information security management, but also to identify key trends, contradictions and problematic aspects in the field of technical information protection. Particular attention is paid to the relationship between organizational and technological components of cyber protection, since it is their inconsistency that often causes critical vulnerabilities in corporate systems. It has been established that traditional means of protection, focused mainly on preventive measures - in particular, antivirus solutions, firewalls, access control systems - are no longer able to provide a full level of cyber resilience in the conditions of dynamic development of cyber threats, the growth of the role of social engineering and the spread of targeted attacks. This indicates the need to transition from reactive models of cyber protection to proactive strategies, in which the identification of potential risks precedes their implementation. The importance of ethical hacking as a tool for actively identifying vulnerabilities in information systems before they can be exploited by attackers is substantiated. Ethical hacking allows an enterprise to assess the real level of security of its information assets in conditions as close to real-world as possible, which makes it one of the most effective means of independent security auditing. Based on the analysis, it is proven that the integration of offensive security testing methods with technical protection tools creates a synergistic effect, which allows for a deeper understanding of the system's weaknesses, increases the speed of response to potential threats, and makes the risk management process more flexible and adaptive. The interaction of offensive practices with monitoring tools (IDS/IPS, SIEM), cryptographic systems, and backup tools contributes to the formation of a closed information protection cycle. The developed conceptual model for integrating ethical hacking into the technical information protection system demonstrates the possibility of combining preventive, detection, and reactive mechanisms in a single cycle of continuous improvement of cyber protection. This approach is based on the principles of dynamic adaptation, where the results of penetration tests directly affect the configuration and development of technical protection tools. As a result, a system is formed that is capable of self-learning and constant updating in accordance with new attack vectors. This ensures not only an increase in the level of cyber resilience, but also optimization of the use of enterprise resources, since preventive threat detection is much cheaper than eliminating the consequences of incidents. The expected benefits of implementing an integrated approach are a significant increase in the level of trust in the enterprise's information infrastructure, increased reputational stability in the market, reduction of risks of unauthorized access and data loss. In addition, this approach contributes to the improvement of internal security audit processes, the formation of a unified corporate information risk management policy and the development of a culture of responsible attitude to cyber security issues at all levels of the organizational structure. It is also important that the integration of ethical hacking stimulates staff training, promotes the development of internal security expertise and creates the prerequisites for long-term improvement of the enterprise's competitiveness in the digital environment.
Downloads
References
Skandylas, C., & Asplund, M. (2025). Automated penetration testing: Formalization and realization. https://www.sciencedirect.com/science/article/pii/S0167404825001439
Kitsios, F., Chatzidimitriou, E., & Kamariotou, M. (2023). The ISO/IEC 27001 information security management standard: How to extract value from data in the IT sector. Sustainability, 15(7), 5828. https://www.mdpi.com/2071-1050/15/7/5828
Adam, H. M., Widyawan, W., & Putra, G. D. (2023). A review of penetration testing frameworks, tools, and application areas. In 2023 IEEE 7th International Conference on Information Technology, Information Systems and Electrical Engineering (ICITISEE) (pp. 319–324). IEEE.
ISO/IEC. (2022). ISO/IEC 27001:2022 Information security, cybersecurity and privacy protection – Information security management systems – Requirements. https://www.iso.org/standard/27001
Parambil, M. M. A., Rustamov, J., Ahmed, S. G., Rustamov, Z., Awad, A. I., Zaki, N., & Alnajjar, F. (2024). Integrating AI-based and conventional cybersecurity measures into online higher education settings: Challenges, opportunities, and prospects. https://www.sciencedirect.com/science/article/pii/S2666920X24001309
Yulianto, S., Soewito, B., Gaol, F. L., & Kurniawan, A. (2024). Enhancing cybersecurity resilience through advanced red-teaming exercises and MITRE ATT&CK integration: A paradigm shift in cybersecurity assessment. https://www.sciencedirect.com/science/article/pii/S2772918424000432
Zhang, W., Xing, J., & Li, X. (2025). Penetration testing for system security: Methods and practical approaches. arXiv preprint. https://arxiv.org/html/2505.19174v1
Kukharska, N. P., Semeniuk, S. A., & Polotai, O. I. (2025). Key aspects of the updated ISO/IEC 27002:2022 standard. Modern Information Protection, (2), 76–87.
Lukianenko, T. Yu., Ponochovnyi, P. M., & Lehominova, S. V. (2022). A methodology for detecting network intrusions and signs of computer attacks based on an empirical approach. Modern Information Protection, 2(50), 15–21.
Polotai, O. I. (2025, June 11–12). Zero trust architecture: A new security standard for corporate enterprise networks. In Information Society: Technological, Economic and Technical Aspects of Development (Vol. 100, pp. 17–20). Ternopil.
Polotai, O. I., & Dovhanyk, S. (2020, March 16–22). SIEM systems as an element of event analysis and management in CSOC. In All-Ukrainian Scientific and Practical Online Conference “Automation and Computer-Integrated Technologies in Production and Education: State, Achievements, Prospects of Development” (pp. 60–61). Cherkasy: Bohdan Khmelnytsky National University of Cherkasy.
Polotai, O. I., & Puzyr, A. O. (2024). Analysis and implementation of tools for preventing confidential information leakage in enterprises: A case study of DLP systems. Bulletin of Lviv State University of Life Safety, (30), 134–144.
Tkachenko, A. M., Ivanusa, A. I., & Brych, T. B. (2025). Development of an automated vulnerability scanning program for web applications. In Information and Analytical Support for the Activities of Security and Defense Sector Bodies of Ukraine: Scientific and Practical Conference (pp. 37–40). Lviv: Lviv State University of Internal Affairs.
Tkachuk, R. L., Ivanusa, A. I., Yashchuk, V. I., Maslova, N. O., & Tkachenko, A. M. (2025). Methods and models of information security and cybersecurity management in higher education institutions. Bulletin of Lviv State University of Life Safety: Collection of Scientific Papers, (31), 101–116.
Toliupa, S., Pliushch, O. H., & Parkhomenko, I. I. (2020). Construction of attack detection systems in information networks based on neural network structures. Cybersecurity: Education, Science, Technique, 2(10), 169–181.
Chychkarov, Ye., Zinchenko, O., Bondarchuk, A., & Asieieva, L. (2023). Feature selection method for intrusion detection systems using an ensemble approach and fuzzy logic. Cybersecurity: Education, Science, Technique, 1(21), 234–251.
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 Орест Полотай, Тарас Брич, Артур Ткаченко , Валентина Ящук, Богдана Федина
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
