EVOLUTION OF INTEGRATED INFORMATION SECURITY SYSTEMS AND THE INTEGRATION OF BLOCKCHAIN TECHNOLOGIES IN THE CYBER PROTECTION OF STATE INFORMATION SYSTEMS OF UKRAINE
DOI:
https://doi.org/10.28925/2663-4023.2025.30.975Keywords:
Integrated Information Security System (IISS), blockchain, cybersecurity, state information resources, critical information infrastructure, risk management, security profile, Law of Ukraine No. 4336-IX, distributed ledgers, data integrity, cryptographic protection, auditing, ISO/IEC 27001, ISO/IEC 27701, GDPRAbstract
The article examines the evolution of the concept of Integrated Information Security Systems (IISS) in the context of the digital transformation of the public sector, modernization of the national cybersecurity framework, and harmonization of Ukrainian legislation with international information security standards. The study reveals the relationship between classical approaches to building IISS – based on mandatory certification of technical protection complexes – and the modern paradigm of risk-oriented security management introduced by the new Law of Ukraine No. 4336-IX “On Amendments to Certain Laws of Ukraine on the Protection of Information and Cybersecurity of State Information Resources and Critical Information Infrastructure Objects.” The research emphasizes the shift from a formal certification model to a process-oriented approach based on security profiles, risk management, continuous monitoring, and security auditing.
Special attention is devoted to analyzing the potential of blockchain technologies in enhancing the resilience of state information systems against cyberattacks, insider threats, and unauthorized data modifications. The study substantiates the feasibility of using distributed ledgers to ensure the immutability, authenticity, transparency, and accountability of information processes. It is determined that blockchain can serve as an innovative component of the modern IISS architecture, complementing cryptographic protection mechanisms, access control, user activity auditing, and event monitoring.
A conceptual model of blockchain integration into the traditional structure of IISS is proposed, forming a new trust ecosystem within state information resources. The combination of technological innovation with the legal requirements of Law No. 4336-IX creates a foundation for improving the effectiveness of the national cybersecurity system.
The purpose of the study is to substantiate the scientific, methodological, and technological directions for the modernization of Ukraine’s Integrated Information Security Systems through the integration of blockchain technologies in protecting state information resources in accordance with current legislation and international standards ISO/IEC 27001, ISO/IEC 27701, and GDPR.
Downloads
References
Balatska, V. S., & Opirskyy, I. R. (2023). Ensuring personal data confidentiality and cybersecurity through blockchain. Cybersecurity: Education, Science, Technology, (4)(20), 6–19. https://doi.org/10.28925/2663-4023.2023.20.619
Zakon Ukrainy “Pro zakhyst informatsii v informatsiino-komunikatsiinykh systemakh” vid 05.07.1994 r. № 80/94-VR. Vidomosti Verkhovnoi Rady Ukrainy.
Zakon Ukrainy № 4336-IX vid 27.03.2025 r. “Pro vnesennia zmin do deiakykh zakoniv Ukrainy shchodo zakhystu informatsii ta kiberzakhystu derzhavnykh informatsiinykh resursiv, obiektiv krytychnoi informatsiinoi infrastruktury”. Vidomosti Verkhovnoi Rady Ukrainy, 2025.
DSTU 3396.2-96. (1996). Zakhyst informatsii. Tekhnichnyi zakhyst informatsii. Terminy ta vyznachennia . Kyiv: Derzhstandart Ukrainy.
DSTU ISO/IEC 27005:2019. (2019). Informatsiini tekhnolohii. Metody zakhystu. Keruvannia ryzykamy informatsiinoi bezpeky. Kyiv: DP “UkrNDNC.”
ISO/IEC 27001:2022. (2022). Information security, cybersecurity and privacy protection – Information security management systems – Requirements. Geneva: ISO.
ISO/IEC 27701:2019. (2019). Security techniques – Extension to ISO/IEC 27001 and 27002 for privacy information management – Requirements and guidelines. Geneva: ISO.
National Institute of Standards and Technology (NIST). (2018). Framework for improving critical infrastructure cybersecurity (Version 1.1). Gaithersburg, MD: NIST.
European Union Agency for Cybersecurity (ENISA). (2020). Risk management guidelines for the European Union. Athens: ENISA.
Natsionalna stratehiia u sferi kiberbezpeky Ukrainy na 2021–2025 rr. (2021). Ukaz Presydenta Ukrainy vid 26.08.2021 r. № 447/2021. Ofitsiinyi visnyk Presydenta Ukrainy.
Rozporiadzhennia Kabinetu Ministriv Ukrainy № 160-r vid 07.03.2023 r. Pro zatverdzhennia planu zakhodiv iz realizatsii Natsionalnoi stratehii u sferi kiberbezpeky Ukrainy na 2023–2025 roky. Kyiv, 2023.
Ministerstvo tsyfrovoi transformatsii Ukrainy. (2021). Tsyfrova stratehiia Ukrainy–2030. Kyiv, 48 p.
Organisation for Economic Co-operation and Development (OECD). (2018). Blockchains unchained: Blockchain technology and its use in the public sector. Paris: OECD.
Swan, M. (2015). Blockchain: Blueprint for a new economy. Sebastopol, CA: O’Reilly Media.
Crosby, M., Pattanayak, P., Verma, S., & Kalyanaraman, V. (2016). Blockchain technology: Beyond Bitcoin. Applied Innovation Review, 2, 6–19.
Zyskind, G., & Nathan, O. (2015). Decentralizing privacy: Using blockchain to protect personal data. IEEE Security & Privacy Workshops, 180–184.
Androulaki, E., et al. (2018). Hyperledger Fabric: A distributed operating system for permissioned blockchains. Proceedings of the EuroSys Conference 2018.
Finck, M. (2019). Blockchain and the GDPR. Brussels: European Parliamentary Research Service (EPRS).
Disterer, G. (2013). ISO/IEC 27000, 27001 and 27002 for information security management. Journal of Information Security, 4(2), 92–100.
Balatska, V., Opirskyy, I., & Slobodian, N. (2024). Blockchain for enhancing transparency and trust in government registries. In Cybersecurity Providing in Information and Telecommunication Systems II (CPITS-II 2024) (pp. 50–59). Kyiv, Ukraine. https://ceur-ws.org/Vol-3826/
Balatska, V. S., & Dmytriv, N. M. (2025). Inter-organizational exchange of confidential personal data based on permissioned blockchain. Cybersecurity: Education, Science, Technology, 2(29), 178–193. https://doi.org/10.28925/2663-4023.2025.29.875
Balatska, V. S., Poberezhnyk, V. O., Stefankiv, A. V., & Shevchuk, Y. A. (2025). Development of a method for ensuring the reliability and security of personal data in blockchain systems of state registers. Computer Systems and Networks, 7(1), 1–16. https://doi.org/10.23939/csn2025.01.001
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 Valeriia Balatska
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
