Serhii Yevseiev,Oleksandr Laptiev,Sergii Lazarenko,Anna Korchenko,Iryna Manzhul

DOI: https://doi.org/10.21303/2461-4262.2021.001615

2021-01-29

Abstract:The article analyzes the parameters of social networks. The analysis is performed to identify critical threats. Threats may lead to leakage or damage to personal data. The complexity of this issue lies in the ever-increasing volume of data. Analysts note that the main causes of incidents in Internet resources are related to the action of the human factor, the mass hacking of IoT devices and cloud services. This problem is especially exacerbated by the strengthening of the digital humanistic nature of education, the growing role of social networks in human life in general. Therefore, the issue of personal information protection is constantly growing. To address this issue, let’s propose a method of assessing the dependence of personal data protection on the amount of information in the system and trust in social networks. The method is based on a mathematical model to determine the protection of personal data from trust in social networks. Based on the results of the proposed model, modeling was performed for different types of changes in confidence parameters and the amount of information in the system. As a result of mathematical modeling in the MatLab environment, graphical materials were obtained, which showed that the protection of personal data increases with increasing factors of trust in information. The dependence of personal data protection on trust is proportional to other data protection parameters. The protection of personal data is growing from growing factors of trust in information. Mathematical modeling of the proposed models of dependence of personal data protection on trust confirmed the reliability of the developed model and proved that the protection of personal data is proportional to reliability and trust

English Else

V. M. Akhramovych,

DOI: https://doi.org/10.31673/2412-4338.2021.046277

2021-01-01

Telecommunication and information technologies

Abstract:With the development of digital and information technologies, electronic theft, forgery of documents, etc. began to appear. Criminals have mastered a new space and cause damage, stealing data not only from commercial organizations, for example, Borovikov systems, but also personal files of the average user. The service of protecting information on a PC has already become popular. Users are increasingly becoming aware of the importance of technical security of data stored on electronic devices. Not all users can take care of the security of private files and configure protection on their PC. Therefore, the article is devoted to the issue of quantifying the information security indicator on a computer, depending on the impact on the information structure of various types of internal and external threats (reflects: identification and authentication of users, control of data integrity and authenticity, data backup, delimitation of access to information, Firewall operation (packet filter), audit, antivirus, failures of software and hardware components, speed of information leakage, the effect of the amount of information on their leakage, the effect of information security threats from the loss of trust between users, the effect of the size of the computer system on security, the impact of computer security on information leakage). To solve the specified tasks, a mathematical model of information protection in a PC based on a system of differential equations was developed and solutions were simulated in the MatLab system. Three options for solving the equation near the steady state of the system were considered (a more visual analysis of the system’s behavior was performed, with a transition from the differential form of the equations to a discrete one and modeling of a certain interval of the system’s existence), it was concluded that, based on the conditions of the ratio of dissipation and the natural frequency of fluctuations of the magnitude, damping the latter up to a certain value is carried out periodically, with a decaying amplitude, or according to an exponentially decaying law. Taking into account the impact of the specified parameters on information protection and the possibility of determining a quantitative indicator of protection, PC users will be able to independently assess the impact of each component of threats and make adequate protection decisions.

П.С. ИВЛИЧЕВ,Н.А. ИВЛИЧЕВА

DOI: https://doi.org/10.34925/eip.2023.159.10.192

2023-12-04

Экономика и предпринимательство

Abstract:В статье проводится анализ модели CVSS для информационных систем предприятий с одним периметром безопасности. Определяются условия, при котором угроза кибербезопасности будет являться критической. Сформулированы основные положения управления рисками безопасности информационной системы организации. Приведены рекомендации по применению методов защиты информации для нейтрализации критических угроз информационной безопасности. The article analyzes the CVSS model for enterprise information systems with a single security perimeter. The conditions under which the threat to cybersecurity will be critical are determined. The main provisions of the organization's information system security risk management are formulated. Recommendations on the use of information protection methods to neutralize critical threats to information security are given.

E. A. Russkevich

DOI: https://doi.org/10.21869/2223-1501-2023-13-5-75-86

2023-12-05

Abstract:Relevance. Ensuring the effective protection of an individual's personal data is of high and enduring importance. Despite the efforts made, in Russia the situation in this regard is deteriorating every year more and more incidents with the leakage of personal data of millions of citizens occur. All this not only generates distrust in the efforts of the state to build a digital economy and e-government, but also acts as a powerful determinant of a number of other crimes (primarily against property). The purpose is to obtain new scientific knowledge about the features, problems and prospects of the criminal law protection of personal data of an individual. The objectives of the study is to identify the problems of implementing the mechanism of criminal law protection of personal data of citizens. Methodology. The methodological base of the research is made up of general scientific and particular scientific methods of cognition of reality, such as analysis, synthesis, induction, formal-legal, abstract-logical and others. Results. In the course of the study, statistical data on the dynamics of infringement on personal data in Russia, law enforcement practice available in the public domain, doctrinal sources and analytical materials were analyzed, interviews were conducted with specialists. Taken together, this made it possible to formulate original provisions that develop the domestic theory of criminal law, to develop recommendations aimed at overcoming the problems of law enforcement in cases of infringement of personal data. Conclusions. Digitalization has led to an increase in social tolerance for violations in the field of inviolability of personal data and privacy. It seems promising to implement a model of differentiation of criminal liability depending on the number of victims of the disclosure of personal data. The mechanism of criminal law protection requires improvement in terms of the development of biometric data technologies. The significance of such personal information requires a differentiated approach to establishing responsibility for illegal actions in relation to biometrics.

Oleksandr Laptiev,Valentyn Sobchuk,Andrii Sobchuk,Serhii Laptiev,Tatiana Laptieva

DOI: https://doi.org/10.28925/2663-4023.2021.12.1928

2021-06-24

Abstract:In modern conditions, an important role in ensuring the information security of the enterprise and especially its economic component belongs to the processes of information security of the state as a whole. The key role in building security systems of information resources as components of national information resources of the state is played by theory and practice, in which the scientific and methodological basis is the basis for making sound and effective management decisions of the information security of the state at all levels. The article analyzes the approaches to estimating the assessment of economic costs for the information security system. The base model is selected. Using the basic model of assessing the level of protection of information in the social network from external influences on the information social resource, improvements were made to assess the economic feasibility of implementing a mechanism of technical means of information protection in social networks depending on the value of information. The improvement is based on the assumption that the amount of funds allocated by the attacking party is equal to the value of the information, the value of the information is the same for both parties, and the opposing parties are on equal terms. The main parameters on which the efficiency of the proposed model of estimating economic costs depends. The efficiency of the proposed model of estimating economic costs depends on the accuracy of formulating the probability of success of protection and determining the value of information. The prospect of further research and development may be aimed at taking into account in the model additional factors that affect the estimation of costs for the information security system, which will allow calculations to be performed with greater accuracy.

DOI: https://doi.org/10.26565/2075-1834-2020-29-38

2020-01-01

Abstract:The article is devoted to the research of legal and organizational principles of ensuring information security of states in the modern conditions of development of information society. Theoretical approaches to the definition of the essence of «information security» and «national security» are analyzed and their interrelation is proved. The urgency of the chosen topic of scientific research is caused by the fact that confrontation in the information sphere becomes a fundamentally new sphere of competition between the states. The rapid pace of development of information and communication technologies, creation of a global information space has led to many cybernetic threats in important spheres of political, economic, social and cultural life of society. The paper presents the results of the analysis of information security of the state as a factor of influence on the national security of the state as a whole, and thus defines information security as an integral part of national security. Given the magnitude of the global information challenge, the inability to address these issues through the efforts of individual states, the article explores the issue of international cooperation in providing international information security within the United Nations. The contents of the basic international legal acts adopted by the UN General Assembly, which indicate the threats to the international security of the information space and the need for the states to take joint action to counter the challenges in the field. Particular attention is paid to the peculiarities of regional cooperation of states in providing information security within the European Union. It is determined that this area of EU activity is one of the priorities for today. The main EU normative acts are analyzed, which present the European approach to the problem of information security. The general characteristics of the activities of the special bodies of the EU (European Union Agency for Network and Information Security - ENISA, European Cybercrime Centre), whose activities are aimed at providing information security, are given. The article explores the issues of guaranteeing information security of Ukraine and protection of the national information space. The types of real and potential information threats to the information space of Ukraine are revealed, as well as practical recommendations are given on improving the state information policy and creating an effective system of counteracting cyberspace threats. Emphasis is placed on the fact that state information policy should reflect urgent issues that have arisen in the international information and information security sphere. Effective implementation of strategic priorities, basic principles and tasks of the state information security policy requires improvement of legal and organizational mechanisms of information security management.

A. M. Konakov,A. G. Pevneva

DOI: https://doi.org/10.21822/2073-6185-2023-50-4-109-114

2024-01-23

Abstract:Objective . The purpose of the study is the functionality of designing, building and implementing protection systems taking into account the time factor. Method . The analysis of the functional interaction of the construction of three sequentially interconnected dynamic models and data transfer between them is carried out. Result . A general model of the system of protection and forecasting of possible threats in ensuring the security of information and infrastructure, taking into account the time factor, has been developed and proposed for implementation. Conclusion . The field of information security considered in the article is a necessary component of ensuring the protection of information resources and related systems from various threats. The application of the basics of dynamic modeling of data, processes and structures in terms of time, allows you to assess risks and threats, identify certain significant shortcomings and eliminate them, thereby optimizing costs, increasing the efficiency of ensuring security

A. Muratov,S. Khasanov,Оlga Purchina,Аnna Poluyan,Dmitry Fugarov

DOI: https://doi.org/10.1051/e3sconf/202337103066

2023-03-01

E3S Web of Conferences

Abstract:In the age of rapidly developing information technologies, when the process of informatization has long touched almost all aspects of human life, it is impossible to imagine a single company that would not use a computer network for its functioning. And also with the development of the software and hardware infrastructure of companies, security requirements are growing. But business development through the introduction of the Internet only increases the number of threats associated with the availability, integrity and confidentiality of information. The development of antivirus software, intrusion detection and prevention systems does not fundamentally change the statistics on the number of attacks on enterprises. The number and variety of attacks on information systems is growing every year, and financial losses from the introduction of computer viruses and unauthorized access to the system are growing proportionally. Artificial intelligence (AI) is present in all areas of our activities. Whether it is a household area or a commercial one. In this regard, the use of AI in the fields of information security is more often observed, which is a promising area of research. The article describes the ways of possible application of artificial intelligence methods in the field of information protection, and also proposes an algorithm for the system of information protection from abnormal requests. The use of an artificial immune algorithm makes it possible to increase the effectiveness of threat detection by comparison with existing analogues. A distinctive feature of these methods is the ability of these systems to solve multidimensional problems of enormous computational complexity in real time.

Сергій Толюпа,Сергій Штаненко,Serhiі Tolіupa,,Serhii Shtanenko,

DOI: https://doi.org/10.17721/ists.2023.1.28-36

2023-01-01

Information systems and technologies security

Abstract:An effective solution to the problems of analysis and synthesis of information security management systems can not be provided by simple ways of simply describing their behavior in different conditions - systems engineering solves problems that require quantitative evaluation of characteristics. Such data, obtained experimentally or by mathematical modeling, should reveal the properties of information security management systems. The main one is efficiency, which means the degree of compliance of the results of information protection to the goal. The latter, depending on the resources available, the knowledge of developers and other factors, can be achieved to one degree or another, and there are alternative ways to implement it. In a number of publications the authors propose the basics of the categorical apparatus of set theory, which allows to explain the relationship between sets of threats and sets of information protection system, which allows to build different mathematical models to analyze information exchange systems in critical application systems. At present, the creation of information security management systems is not possible without research and generalization of world experience in building information systems and their constituent subsystems, one of the key of which are information protection and intrusion prevention systems. Components of the process of attacking the mechanisms of protection and blocking or destruction of cyber threats themselves are components of the mathematical support of such systems. The basis of such models is the mathematical apparatus, which should ensure the adequacy of modeling of information security processes for any conditions of cyber threats. When defining the mathematical apparatus, it is necessary to clearly understand how certain sets of cyber threats are built, and how the sets of cyber threat sets, sets of security system elements and sets of cyber attack detection systems, which should control the correctness of the information security process. The article analyzes various options for building models of information security management system and creates a mathematical model that takes into account the internal relationships of different subsets of components of the information security system under the influence of cyber threats.

Svitlana Lehominova,Halyna Haidur

DOI: https://doi.org/10.28925/2663-4023.2023.22.5467

2023-01-01

Abstract:Taking into account the process of complication of the geopolitical and geoeconomic landscape space, the development of information technologies and the formation of new security challenges associated with the emergence of new cyber threats, there is a need for constant monitoring and forecasting of them in order to prevent consequences in the form of damage and leakage of valuable and confidential information. The authors analyzed the new predictable cyber security threats to organizations, with special attention paid to the protection of endpoints. Threats identified in the field of artificial intelligence development (underground development of malicious Large Language Models (LLM); “Script Kiddies” update; voice fraud for social engineering, which is created by artificial intelligence); changing trends in the behavior of threat actors (attacks on supply chains against managed file transfer solutions, malware threats that are becoming multilingual); as new emerging threats and attack methods (growing QR code rivalry; stealth attacks on peripheral devices; Python implementation in Excel creating a potentially new vector for attacks; LOL drivers changing action algorithms). The resulting detection of future threats emphasizes the need for strategic planning for the adoption of new technologies and platforms: such as Endpoint Detection and Response (EDR) capabilities, as well as the use of EDR as part of a multi-instrumented enhanced detection and response (XDR) architecture. Gartner’s research has been proven to have a tremendous impact on improving organizations’ threat detection capabilities by providing valuable insight into the strengths and weaknesses of each cybersecurity service provider with respect to emerging threat intelligence, by focusing organizations’ attention on opportunities to identify gaps in their existing security infrastructure and adopt sound decisions to invest in additional solutions or services that effectively address these gaps. The spheres of activity of the world’s leading companies were analyzed, their connection with Ukrainian companies was found, and further cooperation was proposed for the effective protection of national cyberspace.

Konrad Trzonkowski,Olena Khalina,Paulina Kolisnichenko,Nataliia Rozumovych,Oleksandr Zhyhulin

DOI: https://doi.org/10.34069/ai/2023.69.09.28

2023-09-30

Revista Amazonia Investiga

Abstract:The aim of the article was to study the characteristics of the formation of an information system to implement the administrative and legal mechanism to ensure financial and economic security under the influence of cyber threats. The research methodology involved the use of hierarchical and pairwise comparison analysis, as well as the method of expert analysis, with the help of academic documentary sources. As a result of the study, the main cyber threats in the information system of the administrative and legal mechanism for ensuring financial and economic security were identified and ordered according to their level of influence. This order will allow the management apparatus to understand, at least in theory, the hierarchy of importance of existing threats and subsequently use the latter to build information systems. Everything allows to conclude that, by analyzing the obtained results, a methodical approach to the assessment of cyber threats to financial and economic security was formed. However, the study has its limitations, as for the formation of the above-mentioned information systems, a small number of cyber threats were adopted, which are also characteristic for a particular country like Ukraine.

O.I. Peliukh,M.V. Yesina,D.Yu. Holubnychyi

DOI: https://doi.org/10.30837/rt.2024.1.216.03

2024-03-20

Radiotekhnika

Abstract:In the modern world, information and communication systems (ICS) have become an integral part of our lives, processing, storing and transmitting information. However, this dependence makes them extremely vulnerable to various threats. The article examines the current threats that call into question the normal functioning of ICS. The authors emphasise the constant evolution of these threats, which makes them more complex and dangerous. This necessitates constant research and development of new methods and means of information protection, as well as raising awareness of ICS users about cyber threats. The purpose of the article is to study modern ICS threats and develop recommendations for improving the level of information security (IS). The article provides a classification of ICS IS threats by various criteria: by the basic principles of the cybersecurity triad (confidentiality, integrity and availability), by sources of threats (internal and external), by the amount of damage caused (from general to private), by the degree of impact (passive and active) and by the nature of occurrence (natural and artificial). The article reveals the sources of threats to ICS security: unintentional (related to user errors, software failures or hardware failures) and intentional (cyber-attacks aimed at causing damage to ICS). Particular attention is paid to cyberattacks that are becoming more widespread. The authors describe different types of cyberattacks, as well as methods and means of their implementation. An important aspect of the article is the development of recommendations for improving the level of security. Along with the technical aspects of protection, the article considers the importance of implementing organisational measures such as security policy, access control and privilege management. The article also draws attention to the importance of complying with international and national standards for the protection of information in ICS. These measures help to avoid leakage or prevent unauthorised access to valuable information.

Denys A. Flores,Ricardo Perugachi

DOI: https://doi.org/10.48550/arXiv.2306.04783

2023-06-08

Abstract:Computer systems process, store and transfer sensitive information which makes them a valuable asset. Despite the existence of standards such as ISO 27005 for managing information risk, cyber threats are increasing, exposing such systems to security breaches, and at the same time, compromising users' privacy. However, threat modelling has also emerged as an alternative to identify and analyze them, reducing the attack landscape by discarding low-risk attack vectors, and mitigating high-risk ones. In this work, we introduce a novel threat-modelling-based approach for risk management, using ISO 27005 as a baseline for integrating ISO 27001/27002 security controls with privacy regulations outlined in the European General Data Protection Regulation (GDPR). In our proposal, risk estimation and mitigation is enhanced by combining STRIDE and attack trees as a threat modelling strategy. Our approach is applied to an IoT case study, where different attacks are analyzed to determine their risk levels and potential countermeasures.

Cryptography and Security

Nader Sohrabi Safa,Carsten Maple,Steve Furnell,Muhammad Ajmal Azad,Charith Perera,Mohammad Dabbagh,Mehdi Sookhak

DOI: https://doi.org/10.1016/j.future.2019.03.024

IF: 7.307

2019-08-01

Future Generation Computer Systems

Abstract:Previous studies show that information security breaches and privacy violations are important issues for organisations and people. It is acknowledged that decreasing the risk in this domain requires consideration of the technological aspects of information security alongside human aspects. Employees intentionally or unintentionally account for a significant portion of the threats to information assets in organisations. This research presents a novel conceptual framework to mitigate the risk of insiders using deterrence and prevention approaches. Deterrence factors discourage employees from engaging in information security misbehaviour in organisations, and situational crime prevention factors encourage them to prevent information security misconduct. Our findings show that perceived sanctions certainty and severity significantly influence individuals’ attitudes and deter them from information security misconduct. In addition, the output revealed that increasing the effort, risk and reducing the reward (benefits of crime) influence the employees’ attitudes towards prevent information security misbehaviour. However, removing excuses and reducing provocations do not significantly influence individuals’ attitudes towards prevent information security misconduct. Finally, the output of the data analysis also showed that subjective norms, perceived behavioural control and attitude influence individuals’ intentions, and, ultimately, their behaviour towards avoiding information security misbehaviour.

M. Bielova,D. Byelov

DOI: https://doi.org/10.24144/2307-3322.2023.79.2.2

2023-10-25

Abstract:With the development of artificial intelligence technologies, there are new opportunities to use personal data for various purposes, such as machine learning, process automatization and management of large volumes of information. However, along with these opportunities, questions arise regarding the protection of personal data privacy and the observance of human rights. This article aims to explore the challenges and threats that are becoming relevant in the context of the use of artificial intelligence from the perspective of legal scholars. This research paper explores the challenges and threats associated with the protection of personal data when working with artificial intelligence (AI). The growing role of AI in various spheres of life causes the need to exchange and process a large amount of personal data. However, this process raises serious privacy and security issues. The article analyzes the main challenges, in particular, the instability of technological progress, which complicates the development of effective methods of personal data protection. The problem of processing a large amount of data while ensuring its confidentiality and integrity is also investigated. Important attention is paid to the problem of identification and management of risks related to the protection of personal data in the context of AI. The article also identifies threats to the security of personal data when working with AI. The author consider the possibility of unauthorized access to personal data, identity theft, and the possibility of using AI to manipulate data for the purpose of fraud or discrimination. The problem of algorithmic bias and the risks of insufficient anonymization of data are also analyzed in the present article. The article concludes with recommendations and strategies for protecting personal data when working with AI. In particular, the need to establish strict rules and regulations for the processing of personal data, the use of encryption and anonymization of data, the development of control mechanisms and verification of compliance with security policies, as well as the education and awareness raising of users regarding the protection of personal data.

Hyoung-Gyu Kim,Min-Ho Kim,Jung-Sook Kwon,Yong-Lak Choi

DOI: https://doi.org/10.9716/kits.2014.13.2.163

2014-06-30

Journal of the Korea society of IT services

Abstract:Personal information has been stolen continuously and it is also affected from development of the Internet. So the government requires that companies spend more effort for protecting customers' personal information. The OLAP server also should meet this requirement, but it is hard to satisfy for the authority management. The OLAP server must use personal information to extract required information from database. This thesis suggests a model of separating between general information and personal information, so this model can help to minimize the leakage of personal information. The model is implemented and tested as a prototype. This prototype can prove that the new model is better than the original one. This study presents that the authority management on the separation between personal information and general information helps protect the personal information of customers.

Yulia Yu. Kosenkova,Sergei V. Romanovskii,Elena P. Tsatskina,,,

DOI: https://doi.org/10.28995/2686-679x-2023-2-46-69

2023-01-01

Abstract:The current stage of Russian society development is characterized by the implementation of measures aimed at the development of digital technologies and their introduction into various spheres of the economy. An example of an innovative digital breakthrough in Russia is the Federal Tax Service, which accumulates significant amounts of confidential information, maintains a large number of registries, and implements a large number of services, including those not related to taxation. The realization of threats to information security in relation to information and communication technologies of the Federal Tax Service can lead to negative consequences. The purpose of the study is to build a model that allows assessing the probability of occurrence of the threats in question and their impact on digital interaction system between tax authorities and taxpayers, and the security of databases formed by tax authorities. The study applies universal methods of scientific cognition and mathematical methods for the construction of a risk assessment model. As a result, a model is proposed that allows assessment of information security risks, which information and communication technologies of the Federal Tax Service of Russia are exposed to. The proposed model can be used both at various levels of tax administration and in other spheres of state and municipal administration.

Dmitrii E. Belomoytsev,,Tamara M. Volosatova,Anastasiya A. Kozar,Mikhail V. Filippov,Nikolai V. Chichvarin,,,,

DOI: https://doi.org/10.28995/2686-679x-2021-3-52-73

2021-01-01

Abstract:The article presents results of researches and the analysis of means of unauthorized access and Directors of hindrances to means of communication and navigation of aircraft. It also shows that the issue of protecting automated systems of aviation equipment from threats to information security is becoming increasingly important in the context of an increase in the level of automation for prospective aircraft engines, onboard equipment, systems and units of aircraft, an increase in the complexity of onboard information systems. There is an analysis in the means of electronic warfare, capable of influencing the flight of an aircraft, both intentionally and unintentionally. There also is a statistical inference of aviation accidents on various aircraft flight phases. The airplane mathematical model constructed taking into account hindrances and harmful impacts on the onboard equipment is developed. Static stability of the plane longitudinal movement taking into account the external environment is investigated. The article gives results of a numerical experiment showing offered mathematical model high degree of adequacy. The materials of the publication contain the results of theoretical research and numerical experiment conducted using a mathematical model of the dynamics of controlled flight of the aircraft under the action of both natural noise and intentional harmful effects on the means of communication and navigation of AIRCRAFT, as well as hacker attacks on onboard computing facilities. The model is implemented in Matlab/Simulink, which allows building a workstation simulator. That in turn allows for taking into account the “human factor” when modeling the flight of an aircraft.

I. V. Diorditsa,I. A. Kovalenko,O. M. Koval

DOI: https://doi.org/10.24144/2307-3322.2024.82.2.22

2024-05-23

Abstract:The growing number of breaches of the privacy and security of electronic data is raising outrage and concern among users and professionals in many industries, particularly in the medical field. Risks associated with insufficient security of medical data include the possibility of unauthorized access to personal medical information, its falsification, as well as the disclosure of confidential data without the consent of patients. This can have serious consequences for patients, including violations of their privacy, fear of losing confidential information, and even the possibility of inaccurate diagnosis or treatment due to falsification of medical records. Therefore, to protect medical data and ensure their confidentiality, it is necessary to pay special attention to the implementation of appropriate cyber security measures and compliance with relevant legal norms and standards. This includes the development of modern data encryption technologies, regular training of medical personnel on cyber security issues, as well as strict implementation of regulations on the protection of confidential information. Confidentiality of medical information in the field of health care must be considered in the context of a wide range of cultural, social and religious beliefs and traditions. Some medical data can be particularly sensitive and private, such as information about reproductive health, mental disorders, HIV/ AIDS treatment, and adolescent health services. According to the Law of Ukraine «On Protection of Personal Data» personal data is information or a set of information about a natural person who is identified or can be specifically identified. Article 2 of the 1981 Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data defines personal data as any information relating to a specifically identified person or a person who can be specifically identified. This means that any information that allows or can allow the identification of a specific person is considered personal data and is subject to protection under this convention. This definition is a general standard used in many countries and international legal acts to ensure the protection of privacy and confidentiality of personal data. It covers a wide range of information, including name, address, phone number, email, health information, financial information, and much more.

Vitaliy Chubaievskyi,Valerii Lakhno,Olena Kryvoruchko,Dmytro Kasatkin,Alona Desiatko,Andrii Blozva

DOI: https://doi.org/10.28925/2663-4023.2021.12.96107

2021-06-24

Abstract:The article analyzes publications on the evaluation of investments in information security (IS) of objects of informatization (OBI). The possibility and necessity of obtaining the necessary data have been substantiated, contributing to a reliable assessment of the effectiveness of measures aimed at increasing the company’s IS. In the study process, the modelling methods have been used. A methodology is proposed for calculating indicators from investment activities in the context of increasing IS metrics of OBI. A specific example of such simulation is described. The proposed methodology provides an assessment of the damage prevention from a cyber-attack. The amount of the damage prevention from a cyber-attack is taken as a basic indicator for calculating the economic effect of investing in information security tools (IST). The performed simulation modelling allowed taking into account the relative uncertainty of the real situation with IS of OBI. The conducted study will help practitioners in the field of IS to obtain informed decisions to increase the efficiency of investment projects in the field of IS for OBI, using the approach outlined in the study. Unlike the existing ones, the proposed methodology takes into account both direct and indirect factors of investment projects in the field of IS of OBI