CONTROL OF CYBER SECURITY PARAMETERS AS A MECHANISM FOR EVALUATING THE EFFECTIVENESS OF PROTECTION AND FORECASTING THE SITUATION

Abstract

The current legal framework in Ukraine defines a set of cybersecurity measures and the need to plan their further development, which allows us to formulate and describe a general approach to cybersecurity in the form of a systematic process. At the same time, there is a need to form specific cybersecurity parameters that allow quantifying cybersecurity not only as a management process, but also as a real protection system with its own peculiarities and disadvantages. Based on the author's experience, an approach to the formation of cybersecurity parameters as a mechanism for assessing the effectiveness of protection by quantifying each of the parameters under consideration and their further use as a tool for forecasting the cybersecurity situation is proposed. The parameters proposed by the author are related to the external information and communication perimeter of the organization, user authentication systems, ensuring their remote work, the usage of e-mail, as well as endpoint protection and web technology protection implemented in the organization. The cybersecurity parameters proposed by the author are technically oriented and contain a description that allows determining their number and conditionally normal behavior. Based on statistical data and taking into account conditionally normal behavior according to the parameters defined by the author, it is proposed to assess cyber risks. The author proposes optimal periods of observation in relation to certain parameters of cyber defense and notes the dependence of their informativeness and objectivity of observation on the accumulation of data by the time parameter. The author also proposes to consider indicative values that allow assessing the effectiveness, which allows to perform certain forecasting of cyber defense situations in general.