МЕТОДИ ТА ЗАСОБИ ПОБУДОВИ КОМПЛЕКСНОЇ СИСТЕМИ ЗАХИСТУ ІНФОРМАЦІЇ ТИПОВОГО ОБ’ЄКТА ІНФОРМАЦІЙНОЇ ДІЯЛЬНОСТІ

Dmytro Zadvornyi; Valeriy Kozachok; Vyacheslav Cherevyk; Dmytro Bodnenko; Yurii Dobryshyn

doi:10.28925/2663-4023.2025.31.1073

Authors

Dmytro Zadvornyi Borys Grinchenko Kyiv Metropolitan University https://orcid.org/0009-0005-5163-1472
Valeriy Kozachok Borys Grinchenko Kyiv Metropolitan University https://orcid.org/0000-0003-0072-2567
Vyacheslav Cherevyk Borys Grinchenko Kyiv Metropolitan University https://orcid.org/0000-0002-2735-5341
Dmytro Bodnenko Borys Grinchenko Kyiv Metropolitan University https://orcid.org/0000-0001-9303-6587
Yurii Dobryshyn National Academy of the Security Service of Ukraine https://orcid.org/0000-0003-2473-9507

DOI:

https://doi.org/10.28925/2663-4023.2025.31.1073

Keywords:

information security; cyber threats; object of information activity; comprehensive information protection system; threat model; intruder model; cryptographic protection; technical means of protection.

Abstract

This work highlights the problem of developing a comprehensive information protection system (CIPS) for a typical information activity object in the context of increasing cyber threats and increasing requirements for information security. It presents an analysis of current trends in cyber incidents in Ukraine and the world, examines the regulatory framework governing the creation of CIPS, and also considers international standards ISO/IEC 27001, ISO/IEC 27002, ISO/IEC 27005 and NIST recommendations. The methodology for building CIPS is disclosed, in particular, the classification of information activity objects, stages of threat analysis, modeling of the intruder and the formation of a security policy. The results of developing a CIPS model for a typical enterprise are presented: analysis of information flows, threat and intruder models, assessment of the level of security, formation of a security profile and selection of technical, cryptographic and organizational measures. The effectiveness of the implementation was assessed, and the expected benefits were identified, including reduced risk of leakage, increased business process resilience, and compliance with international standards. The conclusions include recommendations for improving cyber resilience and prospects for further research.

Downloads

Download data is not yet available.

References

Bishop, M. (2019). Computer security: Art and science. Addison-Wesley.

Chen, T. (2014). Advances in persistent threats. IEEE Security & Privacy, 12(3), 16–25. https://doi.org/10.1109/MSP.2014.51

CERT-UA. (2024). Operational report on cyberattacks in the first half of 2024. https://cert.gov.ua

Verkhovna Rada of Ukraine. (2010). Law of Ukraine “On Personal Data Protection” No. 2297-VI. https://zakon.rada.gov.ua

Verkhovna Rada of Ukraine. (2017). Law of Ukraine “On the Basic Principles of Cybersecurity of Ukraine” No. 2163-VIII. https://zakon.rada.gov.ua

International Organization for Standardization. (2022). ISO/IEC 27001:2022 — Information security, cybersecurity and privacy protection — Information security management systems — Requirements. ISO.

National Institute of Standards and Technology. (2024). Cybersecurity Framework 2.0. https://www.nist.gov/cyberframework

Whitman, M. E., & Mattord, H. J. (2021). Principles of information security (7th ed.). Cengage Learning.

Stallings, W. (2022). Network security essentials. Pearson.

Menezes, A. J., van Oorschot, P. C., & Vanstone, S. A. (2019). Handbook of applied cryptography. CRC Press.

Scarfone, K., & Mell, P. (2007). Guide to intrusion detection and prevention systems (IDPS) (NIST Special Publication 800-94). National Institute of Standards and Technology.

International Organization for Standardization. (2022). ISO/IEC 27005:2022 — Information security, cybersecurity and privacy protection — Guidance on information security risk management. ISO.

Rid, T., & Buchanan, B. (2015). Attributing cyber attacks. Journal of Strategic Studies, 38(1–2), 4–37. https://doi.org/10.1080/01402390.2014.977382

Derzhspetszviazok of Ukraine. (2022). Methodological recommendations on building comprehensive information security systems. DSSZZI.

ND TZI 3.7-003-2023. (2023). The procedure for carrying out work on creating a comprehensive information protection system in information and telecommunications systems.

Kozachok, V. A. (2014). Conceptual principles for creating comprehensive information protection systems in information and telecommunications systems. Zviazok: Collection of Scientific Works, 3(109), 8–13.

Kozachok, V. A., & Kovalenko, Y. B. (2015). Features of building complex information protection systems in distributed corporate networks. Modern Information Protection, 1, 41–47.

Kozachok, V. A., Kyrychok, R. V., Skladannyi, P. M., Buryachok, V. L., & Gulak, G. M. (2016). Problems of ensuring control of corporate network security and ways to solve them. Scientific Notes of the Ukrainian Research Institute of Communications, 3(43), 48–61.

Gulak, G. M., Kozachok, V. A., Skladannyi, P. M., Bondarenko, M. O., & Vovkotrub, B. V. (2017). Personal data protection systems in modern information and telecommunication systems. Modern Information Security, 2(30), 65–71.

METHODS AND MEANS OF BUILDUNG A COMPREHENSIVE INFORMATION SECURITY SYSTEM FOR A TYPICAL INFORMATION ACTIVITY OBJECT

Authors

DOI:

Keywords:

Abstract

Downloads

References

Downloads

Published

How to Cite

Issue

Section

License

Most read articles by the same author(s)

index

Language

Make a Submission

counter

Information

Developed By

Current Issue