FUNCTIONS OF THE INFORMATION SECURITY AND CYBERSECURITY SYSTEM OF CRITICAL INFORMATION INFRASTRUCTURE
DOI:
https://doi.org/10.28925/2663-4023.2022.15.1241341Keywords:
function; system; information protection; cybersecurity; critical information infrastructure objectAbstract
The subject of research in the scientific article is the system of Information Protection and cybersecurity of critical information infrastructure objects. An information security and cybersecurity system is a complex set of software, cryptographic, organizational, and other tools, methods, and measures designed to protect information and cybersecurity. Since the system of Information Protection and cybersecurity of critical information infrastructure facilities is relatively new, there is no single view on what functions this system should perform. As a result, the process of its formation and formation as a system continues. There was a need to define functions for further evaluation of the effectiveness of its functioning as a system. Evaluation is supposed to be carried out both in the process of creation, acceptance, and daily operation. Partial performance indicators are required to implement the procedure for evaluating the effectiveness of the information security system and cybersecurity of critical information infrastructure facilities. Using these indicators, it is possible to characterize the degree of achievement of the system's tasks assigned to it. The following performance indicators are proposed according to the functions: ID identification of cybersecurity risks; PR Cyber Defense; DE detection of cyber incidents; RS response to cyber incidents; RC restoration of the state of cybersecurity. The scientific novelty of the obtained result lies in the fact that Universal functions are proposed that the information security and cybersecurity system should implement at critical information infrastructure facilities. The presented study does not exhaust all aspects of this problem. The theoretical results obtained in the course of scientific research form the basis for further justification of indicators and criteria for evaluating the effectiveness of the information security and cybersecurity system.
Downloads
References
Pro osnovni zasady zabezpechennia kiberbezpeky Ukrainy, Zakon Ukrainy № 2163-VIII (2021) (Ukraina). https://zakon.rada.gov.ua/laws/show/2163-19#Text
Pro rishennia Rady natsionalnoi bezpeky i oborony Ukrainy vid 27 sichnia 2016 roku "Pro Stratehiiu kiberbezpeky Ukrainy", Ukaz Prezydenta Ukrainy № 96/2016 (2021) (Ukraina). https://zakon.rada.gov.ua/laws/show/96/2016#Text.
Pro stan vykonannia rishennia Rady natsionalnoi bezpeky i oborony Ukrainy vid 29 hrudnia 2016 roku «Pro zahrozy kiberbezpetsi derzhavy ta nevidkladni zakhody z yikh neitralizatsii», vvedenoho v diiu Ukazom Prezydenta Ukrainy vid 13 liutoho 2017 roku № 32, Rishennia Rady natsionalnoi bezpeky i oborony Ukrainy (2017) (Ukraina). https://zakon.rada.gov.ua/laws/show/n0006525-17#Text.
Kozubtsov, I.M., Kutsaiev, V.V., Tkach, V.O., Kozubtsova, L.M. (2015). Kontseptualnyi pidkhid do pobudovy systemy kibernetychnoi bezpeky statsionarnykh informatsiino-telekomunikatsiinykh vuzliv Ukrainy na pryntsypakh masshtabuvannia ta dopovnennia. Suchasni informatsiini tekhnolohii u sferi bezpeky ta oborony, 3(24), 47-55.
Kozubtsov, I. M., Neshcheret, I. H., Tereshchenko, T. P. (2021). Poshuk pidkhodiv do otsiniuvannia efektyvnosti funktsionuvannia systemy zakhystu informatsii i kiberbezpeky v informatsiino-telekomunikatsiinykh systemakh Zbroinykh Syl Ukrainy. U I Mizhnarodna naukovo-tekhnichna konferentsiia “Systemy i tekhnolohii zviazku, informatyzatsii ta kiberbezpeky: aktualni pytannia i tendentsii rozvytku” (s. 159). VITI.
Kozubtsova, L.M., Rudomino-Dusiatska, I.A., Snovyda, V.Ie. (2021). Obchyslennia pokaznykiv efektyvnosti funktsionuvannia systemy zakhystu informatsii i kiberbezpeky. Kompiuterno-intehrovani tekhnolohii: osvita, nauka, vyrobnytstvo, (45), 19-25.Zabara, S., Kozubtsova, L. Kozubtsov, I. (2020). Improved method of diagnostics of cyber security of the information system taking into account disruptive cyber impacts. «Danish Scientific Journal» (DSJ). Kobenhavn. Denmark, 35(1), 68-74.
Nakaz Administratsii Derzhspetszviazku vid 06 zhovtnia 2021 roku №601 «Pro zatverdzhennia Metodychnykh rekomendatsii shchodo pidvyshchennia rivnia kiberzakhystu krytychnoi informatsiinoi infrastruktury». https://cip.gov.ua/ua/docs/nakaz-administraciyi-derzhspeczv-yazku-vid-06-zhovtnya-2021-roku-601-pro-zatverdzhennya-metodichnikh-rekomendacii-shodo-pidvishennya-rivnya-kiberzakhistu-kritichnoyi-informaciinoyi-infrastrukturi.
Zhyvylo, Ye.O., Chernonoh, O.O., Mashtalir, V.V. (2016). Stratehiia voiennoi bezpeky kiberprostoru Ukrainy. Zbirnyk naukovykh prats Viiskovoho instytutu telekomunikatsii ta informatyzatsii, (1), 41-52.
Department of Energy. (2021). Cybersecurity Capability Maturity Model. https://www.energy.gov/ceser/cybersecurity-capability-maturity-model-c2m2.
Center for Internet Security. (2021). CIS Controls V8. https://www.cisecurity.org/controls.
Information Systems Audit and Control Association (ISACA) (2021). Control Objectives for Information and Related Technologies. https://www.isaca.org/resources/cobit.
International Energy Agency. (2021). Enhancing Cyber Resilience in Electricity Systems. https://webstore.iea.org/download/direct/4359.
International Society of Automation (2013) ISA 62443-3-3:2013 – Security for industrial automation and control systems Part 3-3: System security requirements and security levels (ISA, North Carolina, USA). https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu.
International Organization for Standardization/International Electrotechnical Commission (2013) ISO/IEC 27001:2013 – Information technology – Security techniques – Information security management systems – Requirements (ISO, Geneva, Switzerland). https://www.iso.org/standard/54534.html.
National Institute of Standards and Technology and North American Electric Reliability Corporation (2020) Mapping of NIST Cybersecurity Framework v1.1 to NERC CIP Reliability Standards. https://doi.org/10.18434/mds2-2348.
North American Electric Reliability Corporation (2021) NERC CIP Enforceable Standards. https://www.nerc.com/pa/Stand/Pages/CIPStandards.aspx.
National Institute of Standards and Technology (2018) Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1. (National Institute of Standards and Technology, Gaithersburg, MD). https://doi.org/10.6028/NIST.CSWP.04162018.
National Institute of Standards and Technology (2021) National Online Informative References Program. https://csrc.nist.gov/projects/olir.
Joint Task Force Transformation Initiative (2013) Security and Privacy Controls for Federal Information Systems and Organizations. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-53, Rev. 4, Includes updates as of January 22, 2015. https://doi.org/10.6028/NIST.SP.800-53r4.
Pro zatverdzhennia Zahalnykh vymoh do kiberzakhystu obiektiv krytychnoi infrastruktury, Postanova Kabinetu Ministriv Ukrainy № 518 (2019) (Ukraina). https://zakon.rada.gov.ua/laws/show/518-2019-p#Text