Метод визначення пріоритетів ІТ-інцидентів на об’єктах критичної інформаційної інфраструктури держави

V.M. Sydorenko; A.A. Polozhentsev; S.Y. Sydorenko; A.A. Skurativskyi

doi:10.18372/2073-4751.78.18967

Authors

V.M. Sydorenko National Aviation University https://orcid.org/0000-0002-5910-0837
A.A. Polozhentsev National Aviation University https://orcid.org/0000-0003-0139-0752
S.Y. Sydorenko National Aviation University https://orcid.org/0000-0002-7170-123X
A.A. Skurativskyi National Aviation University https://orcid.org/0009-0000-0566-2394

DOI:

https://doi.org/10.18372/2073-4751.78.18967

Keywords:

critical infrastructure, critical information infrastructure, critical information infrastructure facilities, IT incidents, ITIL, IT incident prioritization

Abstract

The article is devoted to the development of a method for prioritizing IT incidents at critical information infrastructure facilities of the state. The study considers the main approaches to classifying and managing IT incidents, such as ITIL, COBIT, ISO/IEC 20000 and NIST Cybersecurity Framework. The proposed method is based on the use of the pairwise comparison method (AHP) to assess and prioritize threats, taking into account their impact on different levels of critical facilities. The article describes in detail the stages of method development, including threat identification, local and global prioritization, and synthesis of the results obtained for effective IT security management. The proposed approach allows rational allocation of resources, ensuring the reliability and resilience of critical information infrastructure. Experimental studies confirm the practical value of the method, which makes it a useful tool for increasing the level of security and effective response to IT incidents in the face of modern threats to IT-security.

References

Король О. Г., Огурцова К. В., Євсеєв С. П. Оцінка ризику реалізації загроз безпеки у телекомунікаційних системах. Автоматика, телемеханіка, зв’язок. Збірник наукових праць ДонІЗТ. 2013. № 36. С. 55–63.

Mokhor V. V., Honchar S.F. Evaluation of risks of cyber security of information systems of objects of critical infrastructure. Electronic modeling. Vol. 41, no. 6. P. 65–76. DOI: 10.15407/emodel.41.06.065

Jablanski D. Method for Determining the State of Protection of Critical Information Infrastructure Objects from IT Risks. Наукові дослідження з кібербезпеки. URL: https://www.researchcybersecurity.com/state-protection-method/ (дата звернення: 01.06.2024).

Anuar N. et al. A risk index model for security incident prioritization. 9th Australian Information Security Management Conference : proceedings, Perth, WA, Australia, 05–07 December 2011 / 2011. P. 25–39.

Качинський А. Б., Варичева Д. І., Свириденко С. В. Ефективне управління ІТ-інцидентами в критичній інформаційній інфраструктурі. Інформація і право. 2016. № 2(17). C. 114–126.

Nosal K., Solecka K. Application of AHP method for multi-criteria evaluation of variants of the integration of urban public transport. Transportation Research Procedia. 2014. Vol. 3. P. 269–278. DOI: 10.1016/j.trpro.2014.10.006.

Saaty T. L. Decision making with the analytic hierarchy process. International Journal of Services Sciences. 2008. Vol. 1(1). P. 83–98. DOI: 10.1504/ijssci.2008.017590.

Закон України про критичну інфраструктуру. Верховна Рада України. URL: https://zakon.rada.gov.ua/laws/show/1882-20#Text (дата звернення: 01.06.2024).

Кабінет Міністрів України. Деякі питання об’єктів критичної інфраструктури: Постанова від 9 жовтня 2020 р. № 1109. URL: https://zakon.rada.gov.ua/laws/show/1109-2020-%D0%BF#Text (дата звернення: 01.06.2024).

ITIL Foundation: ITIL 4 Edition. ITIL 4 Best Practice. URL: https://www.axelos.com/certifications/itil-certifications/itil-foundation (date of access: 01.06.2024).

A method for prioritizing IT incidents at critical information infrastructure facilities of the state

Authors

DOI:

Keywords:

Abstract

References

Downloads

Published

How to Cite

Issue

Section

License

Developed By

Language

Information

Make a Submission