CONTROL OF CYBER SECURITY PARAMETERS AS A MECHANISM FOR EVALUATING THE EFFECTIVENESS OF PROTECTION AND FORECASTING THE SITUATION
DOI:
https://doi.org/10.28925/2663-4023.2024.25.5158Keywords:
cyber security, assessment of protection effectiveness.Abstract
The current legal framework in Ukraine defines a set of cybersecurity measures and the need to plan their further development, which allows us to formulate and describe a general approach to cybersecurity in the form of a systematic process. At the same time, there is a need to form specific cybersecurity parameters that allow quantifying cybersecurity not only as a management process, but also as a real protection system with its own peculiarities and disadvantages. Based on the author's experience, an approach to the formation of cybersecurity parameters as a mechanism for assessing the effectiveness of protection by quantifying each of the parameters under consideration and their further use as a tool for forecasting the cybersecurity situation is proposed. The parameters proposed by the author are related to the external information and communication perimeter of the organization, user authentication systems, ensuring their remote work, the usage of e-mail, as well as endpoint protection and web technology protection implemented in the organization. The cybersecurity parameters proposed by the author are technically oriented and contain a description that allows determining their number and conditionally normal behavior. Based on statistical data and taking into account conditionally normal behavior according to the parameters defined by the author, it is proposed to assess cyber risks. The author proposes optimal periods of observation in relation to certain parameters of cyber defense and notes the dependence of their informativeness and objectivity of observation on the accumulation of data by the time parameter. The author also proposes to consider indicative values that allow assessing the effectiveness, which allows to perform certain forecasting of cyber defense situations in general.
Downloads
References
National Institute of Standards and Technology. (2024). NIST Cybersecurity Framework 2.0. https://www.nist.gov/cyberframework
National Institute of Standards and Technology. (2012). NIST SP 800-61: Computer Security Incident Handling Guide.
National Institute of Standards and Technology. (2008). NIST SP 800-55 Rev. 1: Performance Measurement Guide for Information Security.
The Australian Signals Directorate. (2017). Strategies to mitigate cyber security incidents.
Administratsiia Derzhspetszviazku. (2021). Pro zatverdzhennia metodychnykh rekomendatsii shchodo pidvyshchennia rivnia kiberzakhystu krytychnoi informatsiinoi infrastruktury (Nakaz № 601, zi zminamy). https://cip.gov.ua/ua/news/nakaz-ad-2021-10-06-601
Administratsiia Derzhspetszviazku. (2023). Pro zatverdzhennia metodychnykh rekomendatsii shchodo reahuvannia subiektamy zabezpechennia kiberbezpeky na rizni vydy podii u kiberprostori (Nakaz № 570). https://cip.gov.ua/ua/news/nakaz-administraciyi-derzhspeczv-yazku-vid-03-07-2023-570-pro-zatverdzhennya-metodichnikh-rekomendacii-shodo-reaguvannya-sub-yektami-zabezpechennya-kiberbezpeki-na-rizni-vidi-podii-u-kiberprostori
Derzhavna sluzhba spetsialnoho zviazku ta zakhystu informatsii Ukrainy. (2024). Statystychnyi zvit za rezultatamy roboty systemy vyiavlennia vrazlyvostei i reahuvannia na kiberintsydenty ta kiberataky v 2023 rotsi.
DSTU ISO/IEC 27002:2023 Informatsiina bezpeka, kiberbezpeka ta zakhyst konfidentsiinosti. Zasoby kontroliuvannia informatsiinoi bezpeky (ISO/IEC 27002:2022, IDT).
Kabinet Ministriv Ukrainy. (2023). Deiaki pytannia reahuvannia subiektamy zabezpechennia kiberbezpeky na rizni vydy podii u kiberprostori (Postanova № 299). https://zakon.rada.gov.ua/laws/show/299-2023-%D0%BF#Text
Ministerstvo enerhetyky Ukrainy. (2022). Pro vymohy z kiberbezpeky palyvno-enerhetychnoho sektoru krytychnoi infrastruktury (Nakaz № 417). https://zakon.rada.gov.ua/laws/show/z0249-23#Text
Published
How to Cite
Issue
Section
License
Copyright (c) 2024 Валерій Єрмошин
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.