METHOD OF STRATEGIC PLANNING OF CYBERSECURITY MEASURES BASED ON THE SWOT CONCEPT
DOI:
https://doi.org/10.28925/2663-4023.2025.30.953Keywords:
strategic planning, cybersecurity, critical infrastructure, SWOT model, risk assessment, multicriteria optimization, situational center, information security, fuzzy logic, decision making.Abstract
The paper proposes a method for strategic planning of cybersecurity measures for critical infrastructure objects, developed on the basis of a formalized SWOT model that integrates qualitative analysis of strengths, weaknesses, opportunities, and threats with quantitative assessment of risks, costs, and the effectiveness of protective actions. Unlike the classical descriptive SWOT analysis, which lacks analytical consistency, the proposed approach involves constructing a mathematical model of strategic planning in which each factor is represented by a weighted set, and the relationships between internal and external factors are defined through a strategic influence matrix. An integrated risk coefficient is introduced, taking into account the probability of threat realization, the level of its impact on critical functions, and the residual vulnerability of the system. This enables a transition from qualitative expert assessment to an optimization problem of maximizing cybersecurity effectiveness under resource constraints. The mathematical model implements multicriteria optimization, where the objective function describes the difference between the expected efficiency of measures and the weighted cost of their implementation while maintaining the permissible level of residual risk. To select a rational set of actions, methods of fuzzy normalization of evaluations and Pareto optimization are applied, ensuring adaptive planning in a dynamic threat environment. Based on the model, an architecture of a cybersecurity situational center is developed, implementing functions of monitoring, protection level assessment, risk forecasting, and decision support at the strategic level. Modeling results demonstrated that the use of the formalized SWOT approach increases coherence between tactical and strategic decisions, reduces residual risk by 25–30%, and enhances the resilience of critical infrastructure operations. The proposed method can be integrated into decision-support systems of cybersecurity situational centers and serve as an analytical core of national cybersecurity platforms to strengthen the resilience and continuity of critical infrastructure.
Downloads
References
Šijan, A., Viduka, D., Ilić, L., Predić, B., & Karabašević, D. (2024). Modeling cybersecurity risk: The integration of decision theory and pivot pairwise relative criteria importance assessment with scale for cybersecurity threat evaluation. Electronics, 13(21), 4209. https://doi.org/10.3390/electronics13214209
Krzysztoń, E., Mikołajewski, D., & Prokopowicz, P. (2025). Review of fuzzy methods application in IIoT security—Challenges and perspectives. Electronics, 14(17), 3475. https://doi.org/10.3390/electronics14173475
Singh, U., & Joshi, C. (2018). Comparative study of information security risk assessment frameworks. International Journal of Computer Application, 2(8). https://doi.org/10.26808/rs.ca.i8v2.08
Hussain, K., & Rasool, M. (2025). Advanced risk assessment models for enhancing digital transaction security in critical sectors. https://doi.org/10.13140/RG.2.2.32689.08802
Melaku, H. M. (2023). Context-based and adaptive cybersecurity risk management framework. Risks, 11(6), 101. https://doi.org/10.3390/risks11060101
Kerimkhulle, S., Dildebayeva, Z., Tokhmetov, A., Amirova, A., Tussupov, J., Makhazhanova, U., Adalbek, A., Taberkhan, R., Zakirova, A., & Salykbayeva, A. (2023). Fuzzy logic and its application in the assessment of information security risk of industrial Internet of Things. Symmetry, 15(10), 1958. https://doi.org/10.3390/sym15101958
Nalluri, S., Malyala, M., Konatam, S., & Kandagiri, K. (2023). Cybersecurity risk management in cloud computing environment. International Journal of Science and Research Archive. https://doi.org/10.30574/ijsra.2023.10.1.1127
Zybin, S., Korchenko, O., Korystin, O., Shulha, V., Kazmirchuk, S., & Demediuk, S. (2025). Method for the risk assessing of hybrid threats in cyber security based on fuzzy set theory. SSRN Preprint. https://ssrn.com/abstract=5143937 or http://dx.doi.org/10.2139/ssrn.5143937
Hrechanynov, V. (2025). Models and technologies of intelligent protection of information systems of critical infrastructure for increasing resilience. Cybersecurity: Education, Science, Technology, 1(29), 877–896. https://doi.org/10.28925/2663-4023.2025.29.948
Hulak, H. M., Zhyltsov, O. B., Kyrychok, R. V., Korshun, N. V., & Skladannyi, P. M. (2023). Enterprise information and cyber security [Textbook]. Kyiv: Borys Grinchenko Kyiv Metropolitan University.
Kostiuk, Y. V., Skladannyi, P. M., Bebeshko, B. T., Khorolska, K. V., Rzaieva, S. L., & Vorokhob, M. V. (2025). Information and communication systems security [Textbook]. Kyiv: Borys Grinchenko Kyiv Metropolitan University.
Kostiuk, Y., Skladannyi, P., Samoilenko, Y., Khorolska, K., Bebeshko, B., & Sokolov, V. (2025). A system for assessing the interdependencies of information system agents in information security risk management using cognitive maps. In Cyber Hygiene & Conflict Management in Global Information Networks (Vol. 3925, pp. 249–264).
Hrechanynov, V. (2021). Decision support features in the situational centers of public authorities for critical infrastructure protection. Data Registration, Storage and Processing, 23(3), 80–90. http://jnas.nbuv.gov.ua/article/UJRN-0001304909
Kostiuk, Y. V., Skladannyi, P. M., Hulak, H. M., Bebeshko, B. T., Khorolska, K. V., & Rzaieva, S. L. (2025). Information security systems [Textbook]. Kyiv: Borys Grinchenko Kyiv Metropolitan University.
Shevchenko, H., Shevchenko, S., Zhdanova, Y., Spasiteleva, S., & Negodenko, O. (2021). Information security risk analysis SWOT. Conference paper.
Kostiuk, Y., Skladannyi, P., Sokolov, V., Zhyltsov, O., & Ivanichenko, Y. (2025). Effectiveness of information security control using audit logs. In Proceedings of the Workshop on Cybersecurity Providing in Information and Telecommunication Systems (CPITS 2025) (pp. 524–538).
Abramov, V., Astafieva, M., Boiko, M., Bodnenko, D., Bushma, A., Vember, V., Hlushak, O., Zhyltsov, O., Ilich, L., Kobets, N., Kovaliuk, T., Kuchakovska, H., Lytvyn, O., Lytvyn, P., Mashkina, I., Morze, N., Nosenko, T., Proshkin, V., Radchenko, S., & Yaskevych, V. (2021). Theoretical and practical aspects of the use of mathematical methods and information technology in education and science. https://doi.org/10.28925/9720213284km
Nyamasvisva, T., & Mahmoud, A. (2022). A comprehensive SWOT analysis for Zero Trust network security model. International Journal of Innovation and Research in Management, 10(1), 44–53.
Elwalda, A., & Benzaghta, M. (2021). SWOT analysis applications: An integrative literature review. Journal of Global Business Insights, 6(1), 54–72. https://doi.org/10.5038/2640-6489.6.1.1148
Kostiuk, Y., Skladannyi, P., Sokolov, V., & Rzaieva, S. (2025). Intelligent system for simulation modeling and research of information objects. In Proceedings of the 1st Workshop Software Engineering and Semantic Technologies (SEST 2025), co-located with the 15th International Scientific and Practical Programming Conference (UkrPROG 2025) (Vol. 4053, pp. 237–251).
Bratko, A., Oleshko, D., Datskov, A., Vychavka, V., Olytskyi, O., & Balytskyi, I. (2021). Use of the SWOT analysis in the field of national security planning. Emerging Science Journal, 5(3), 330–337. https://doi.org/10.28991/esj-2021-01280
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 Admin Skladannyi
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
