Monika Nowikowska

DOI: https://doi.org/10.1007/978-3-030-78551-2_11

2021-10-28

Abstract:Abstract The dynamic development of technology has led to significant changes in the concept of cyberspace. Currently, it is primarily a virtual space in which we communicate with each other using computers, phones and tablets connected by a network. Cyberspace protection has now become one of the most frequently discussed security-related topics. At a time when information systems allow the collection of huge amounts of information, supervision over data security is one of the key challenges of each country and individual network users. This article describes the principles of personal data protection by national CSIRTs, which are responsible for handling and responding to computer security incidents.

Artur Szleszyński,Dominika Dudziak-Gajowiak

DOI: https://doi.org/10.5604/01.3001.0053.8961

2023-09-15

Scientific Journal of the Military University of Land Forces

Abstract:Public administration bodies are responsible for the organization of crisis management in their allocated area of responsibility. Currently, the exchange of information between elements of crisis management is carried out using the telecommunications system. Thanks to the use of remote sensing, it is possible to exchange data, and build information about the crisis phenomenon on its basis. The responsibility for the protection of information resources is incumbent on heads of municipalities, mayors of cities or marshals of voivodeships (provinces) collecting and processing data in order to carry out the tasks of their subordinate offices. One of the elements of the crisis situation will be a cyberattack carried out against the IT infrastructure of the office in order to hinder or prevent it from performing its tasks. Such incidents have taken place in Poland. Of interest is the issue of managing an incident which directly affects a given office. The article presents an analysis of the cases of cyberattacks described in the media. The paper demonstrates passive reconnaissance methods used by cybercriminals.

Spyridon Papastergiou,Haralambos Mouratidis,Eleni-Maria Kalogeraki

DOI: https://doi.org/10.1007/978-3-030-20257-6_41

2020-03-11

Abstract:This paper aims to enhance the security and resilience of Critical Information Infrastructures (CIIs) by providing a dynamic collaborative, warning and response system (CyberSANE system) supporting and guiding security officers and operators (e.g. Incident Response professionals) to recognize, identify, dynamically analyse, forecast, treat and respond to their threats and risks and handle their daily cyber incidents. The proposed solution provides a first of a kind approach for handling cyber security incidents in the digital environments with highly interconnected, complex and diverse nature.

Computers and Society

Wojciech Wróblewski,Dominik Wysocki,Łukasz Czyżewski

DOI: https://doi.org/10.12845/sft.56.2.2020.8

2020-01-01

Abstract:Aim: The contemporary nature of terrorist attacks forces the rescue services to develop and enhance their operational potential to support the system which guarantees the safety of the civilians. The tasks of the State Fire Service (PSP) in Poland in the country’s anti-terrorist protection system indicate that these units play a key role in neutralizing the effects of terrorist attacks. The tasks of the formation include conducting rescue operations in the field of saving the lives and health of people and protection of property and environment in the situation of a sudden threat, as well as undertaking activities to identify threats, including contamination with chemical and radioactive substances, and conducting initial biological recognition activities. New tools and forms in terrorist threats require much broader skills and competences of PSP officers. Introducing full preparation of PSP officers to act during terrorist events may directly and indirectly strengthen the national anti-terrorist system. Methodology: A non-probabilistic research method with targeted selection using the PAPI (Paper And Pencil Interview) tool was applied. The study was conducted among the management of PSP. The survey involved thirty seven officers, thirty-two of whom were provincial commanders and/or their deputies, as well as officers performing management tasks. The remaining five respondents were officers holding managerial positions in the PSP Headquarters. Literature and legal regulations were reviewed and analysed. Results: In the study officers representing the commanding staff of the State Fire Service were included. A vast majority of the participants of this study claimed that terrorist threats in Poland are real. Which, in turn, resulted in the need to develop far reaching educational programs that adequately prepare fire-fighters to deal with terrorist threats and activities. Conclusions: State Fire Service officers are prepared to respond to many aspects of rescue operations, however, this continues to be an area of great research potential, where the focal point of discussion should focus on the improvement of all aspects of proper and effective response of the State Fire Service terrorist events. An innovative programme that addresses these concerns is the 3P model based on three domains: prevention, practice and psychotraumatology.

Mirosław Karpiuk,Wojciech Pizło,Krzysztof Kaczmarek

DOI: https://doi.org/10.5604/01.3001.0054.2880

2023-12-31

International Journal of Legal Studies ( IJOLS )

Abstract:The objective of this paper is to analyse the threats arising from the rapid development of information and communication technologies (ICTs) without which contemporary information-based societies would not be able to function properly. The authors have advanced the thesis that most perpetrators turn to social engineering methods to carry out cyberattacks, while users of information systems are the weakest links of every cybersecurity management system. The article is also an attempt to define the notions of cybersecurity and cybersecurity management. To this end, the authors have analysed the applicable legal regulations.They have also explored cyberthreats to which small and medium-sized enterprises are exposed, and demonstrated opportunities for further research into the issues being discussed.

Thea Riebe,Marc-André Kaufhold,Christian Reuter

DOI: https://doi.org/10.1145/3479865

2021-10-13

Abstract:Besides the merits of increasing digitization and interconnectedness in private and professional spaces, critical infrastructures and societies are more and more exposed to cyberattacks. In order to enhance the preventative and reactive capabilities against cyberattacks, Computer Emergency Response Teams (CERTs) are deployed in many countries and organizations. In Germany, CERTs in the public sector operate on federal and state level to provide information security services for authorities, citizens, and enterprises. Their tasks of monitoring, analyzing, and communicating threats and incidents is getting more complex due to the increasing amount of information disseminated into public channels. By adopting the perspectives of Computer-Supported Cooperative Work (CSCW) and Crisis Informatics, we contribute to the study of organizational structures, technology use, and the impact on collaborative practices in and between state CERTs with empirical research based on expert interviews with representatives of German state CERTs (N=15) and supplementary document analyses (N=25). We derive design and policy implications from our findings, including the need for interoperable and modular architecture, a shift towards service level agreements, cross-platform monitoring and analysis of incident data, use of deduplication techniques and standardized threat exchange formats, a reduction of resource costs through process automation, and transparent reporting and tool structures for information exchange.

Ivana Cesarec

DOI: https://doi.org/10.51381/adrs.v3i1.45

2020-11-17

Annals of Disaster Risk Sciences

Abstract:States, organizations and individuals are becoming targets of both individual and state-sponsored cyber-attacks, by those who recognize the impact of disrupting security systems and effect to people and governments. The energy sector is seen as one of the main targets of cyber-attacks against critical infrastructure, but transport, public sector services, telecommunications and critical (manufacturing) industries are also very vulnerable. One of most used example of cyber-attack is the Ukraine power grid attack in 2015 that left 230,000 people without power for up to 6 hours. Another most high profile example of a cyber-attack against critical infrastructure is the Stuxnet computer virus (first used on Iranian nuclear facility) which could be adapted to attack the SCADA systems (industrial control systems) used by many critical infrastructures in Europe.Wide range of critical infrastructure sectors are reliant on industrial control systems for monitoring processes and controlling physical devices (sensors, pumps, etc.) and for that reason, physical connected devices that support industrial processes are becoming more vulnerable. Not all critical infrastructure operators in all sectors are adequately prepared to manage protection (and raise resilience) effectively across both cyber and physical environments. Additionally there are few challenges in implementation of protection measures, such as lack of collaboration between private and public sector and low levels of awareness on existence of national key legislation.From supranational aspect, in relation to this papers topic, the European Union has took first step in defense to cyber threats in 2016 with „Directive on security of network and information systems“ (NIS Directive) by prescribing member states to adopt more rigid cyber-security standards. The aim of directive is to improve the deterrent and increase the EU’s defenses and reactions to cyber attacks by expanding the cyber security capacity, increasing collaboration at an EU level and introducing measures to prevent risk and handle cyber incidents. There are lot of other „supporting tools“ for Member States countries, such as European Union Agency for Network and Information Security – ENISA (which organize regular cyber security exercises at an EU level, including a large and comprehensive exercise every two years, raising preparedness of EU states); Network of National Coordination Centers and the European Cybersecurity Industrial, Technology and Research Competence Centre; and Coordinated response to major cyber security incidents and crises (Blueprint) with aim to ensure a rapid and coordinated response to large-scale cyber attacks by setting out suitable processes within the EU.Yet, not all Member States share the same capacities for achieving the highest level of cyber-security. They need to continuously work on enhancing the capability of defense against cyber threats as increased risk to state institutions information and communication systems but also the critical infrastructure objects. In Southeast Europe there are few additional challenges – some countries even don't have designated critical infrastructures (lower level of protection; lack of „clear vision“ of criticality) and critical infrastructures are only perceived through physical prism; non-EU countries are not obligated to follow requirements of European Union and its legislation, and there are interdependencies and transboundary cross-sector effects that needs to be taken in consideration. Critical infrastructure Protection (CIP) is the primary area of action, and for some of SEE countries (like the Republic of Croatia) the implementation of cyber security provisions just complements comprehensive activities which are focused on physical protection.This paper will analyze few segments of how SEE countries cope with new security challenges and on which level are they prepared for cyber-attacks and threats: 1. Which security mechanisms they use; 2. The existing legislation (Acts, Strategies, Plan of Action, etc.) related to cyber threats in correlation with strategic critical infrastructure protection documents. Analysis will have two perspectives: from EU member states and from non-EU member states point of view. Additionally, for EU member states it will be analyzed if there were any cyber security legislation before NIS directive that meets same aims. The aim of research is to have an overall picture of efforts in region regarding cyber-security as possibility for improvement thorough cooperation, organizational measures, etc. providing also some recommendations to reduce the gap in the level of cyber-security development with other regions of EU.

Charles DeVoe,Shawon Rahman

DOI: https://doi.org/10.5121/ijnsa.2013.5201

2015-12-01

Abstract:Most small to medium health care organizations do not have the capability to address cyber incidents within the organization. Those that do are poorly trained and ill equipped. These health care organizations are subject to various laws that address privacy concerns, proper handling of financial information, and Personally Identifiable Information. Currently an IT staff handles responses to these incidents in an Ad Hoc manner. A properly trained, staffed, and equipped Cyber Incident Response Team is needed to quickly respond to these incidents to minimize data loss, and provide forensic data for the purpose of notification, disciplinary action, legal action, and to remove the risk vector. This paper will use the proven Incident Command System model used in emergency services to show any sized agency can have an adequate CIRT

Cryptography and Security,Computers and Society

Celina Sołek-Borowska,Jacek Woźniak

DOI: https://doi.org/10.1080/08874417.2024.2419566

2024-11-09

Journal of Computer Information Systems

Abstract:Data and IT systems security is a critical aspect and plays a significant role in protecting an organization's business. Organizations must safeguard their information and assets to sustain their value and reputation. Security is essential to information systems because it concerns personal and confidential data belonging to users or companies. The study aims to indicate how enterprises in Poland guarantee the security of data and IT systems, as well as to estimate the complexity of this phenomenon. We have confirmed that small and medium enterprises (SMEs) organizations with a lower level of computerization generally invest fewer resources and possess less expertise in establishing and maintaining IT security policies and strategies.

computer science, information systems

Sharifah Roziah Binti Mohd Kassim,Shujun Li,Budi Arief

DOI: https://doi.org/10.48550/arXiv.2306.07988

2023-06-09

Digital Libraries

Abstract:Many CSIRTs, including national CSIRTs, routinely use public data, including open-source intelligence (OSINT) and free tools, which include open-source tools in their work. However, we observed a lack of public information and systematic discussions regarding how national CSIRTs use and perceive public data and free tools in their operational practices. Therefore, this paper provides a systematic literature review (SLR) to comprehensively understand how national CSIRTs use and perceive public data and free tools in facilitating incident responses in operations. Our SLR method followed a three-stage approach: 1) a systematic search to identify relevant publications from websites of pertinent CSIRT organisations, 2) a conventional SLR into the research literature, and 3) synthesise data from stages one and two to answer the research questions. In the first stage, we searched the websites of 100 national CSIRTs and 11 cross-CSIRT organisations to identify relevant information about national CSIRTs. In the second stage, we searched a scientific database (Scopus) to identify relevant research papers. Our primary finding from the SLR is that most discussions concerning public data and free tools by national CSIRTs are incomplete, ad hoc, or fragmented. We discovered a lack of discussions on how the staff of national CSIRTs perceive the usefulness of public data and free tools to facilitate incident responses. Such gaps can prevent us from understanding how national CSIRTs can benefit from public data and free tools and how other organisations, individuals and researchers can help by providing such data and tools to improve national CSIRTs' operation. These findings call for more empirical research on how national CSIRTs use and perceive public data and free tools to improve the overall incident responses at national CSIRTs and other incident response organisations.

Edyta Karolina Szczepaniuk,Hubert Szczepaniuk,Tomasz Rokicki,Bogdan Klepacki

DOI: https://doi.org/10.1016/j.cose.2019.101709

2020-03-01

Abstract:The aim of the article is to characterise and assess information security management in units of public administration and to define recommended solutions facilitating an increase in the level of information security. The article is considered a theoretical-empirical research paper. The aim of theoretical research is to explain the basic terms related to information security management and to define conditions for the implementation of Information Security Management System (ISMS). Within the scope of theoretical considerations, source literature, legislation and reports are being referred to. In the years 2016-2019, empirical research has been conducted, which aim was to assess the efficiency of information security management in public administration offices. The evaluation of results of surveys was accompanied by an analysis of statistical relations between the researched variables, which enabled to define effects of European Union regulations on the delivery of information security in public administration. Results of the empirical data show that in the years 2016-2017, in public administration offices, certain problem areas in the aspect of information security management were present, which include, among others: lack of ISMS organisation, incomplete or outdated ISMS documentation, lack of regular risk analysis, lack of reviews, audits or controls, limited use of physical and technological protection measures, lack of training or professional development. In the years 2018-2019, European Union solutions, i.e. the GDPR Regulation and the NIS Directive, have affected the increase in the security level of information in public administration and have a significantly limited occurrence of identified irregularities. Results of the research enable to assume that the delivery of information security in public administration requires a systemic approach arising from the need for permanent improvement.

computer science, information systems

Moti Zwilling,Galit Klien,Dušan Lesjak,Łukasz Wiechetek,Fatih Cetin,Hamdullah Nejat Basim

DOI: https://doi.org/10.1080/08874417.2020.1712269

2020-02-14

Journal of Computer Information Systems

Abstract:Cyber-attacks represent a potential threat to information security. As rates of data usage and internet consumption continue to increase, cyber awareness turned to be increasingly urgent. This study focuses on the relationships between cyber security awareness, knowledge and behavior with protection tools among individuals in general and across four countries: Israel, Slovenia, Poland and Turkey in particular. Results show that internet users possess adequate cyber threat awareness but apply only minimal protective measures usually relatively common and simple ones. The study findings also show that higher cyber knowledge is connected to the level of cyber awareness, beyond the differences in respondent country or gender. In addition, awareness is also connected to protection tools, but not to information they were willing to disclose. Lastly, findings exhibit differences between the explored countries that affect the interaction between awareness, knowledge, and behaviors. Results, implications, and recommendations for effective based cyber security training programs are presented and discussed.

computer science, information systems

Aleksandra Hęćka-Sadowska,Krzysztof Łyskawa

DOI: https://doi.org/10.33995/wu2023.2.3

2022-09-18

Wiadomości Ubezpieczeniowe

Abstract:Cybersecurity has become one of the greatest challenges in today’s post pandemic, digital and interconnected world, and also a subject of strategic importance for the insurance industry. There is no doubt that the advance of technology and the increased use of big data and cloud computing have set up an opportunity for insurance business, but they also expanded insurance companies’ vulnerabilities towards cyber risk. As insurers collect a large amount of confidential data, including protected personal sensitive information, they are a natural target for cyber-attacks. On the one hand, the aim of the article is to indicate how the risks associated with digitalisation affect the day-to-day operations in selected business areas of an insurance company, and which methods may be used to manage them, on the other. After a general review of cyber risk based on recent branch reports and survey results, the authors identified its global economic impact with particular regard to financial institutions, and also insurers’ exposure and perception of cyber risk and cybersecurity spending. Moreover, administrative decisions issued by the President of the Personal Data Protection Office in Poland, selected jurisdictions and loss scenarios for insurance companies were examined with a deeper dive into underwriting, selling, administration and claims handling processes. The results of the literature study show that cyber risk is recognized to be one of the most significant non-financial risks (in terms of the source, not result of the risk) for insurers and that many proactive security measures can be implemented. However, due to the high vulnerability to leaks of confidential personal and financial data or unauthorized system access, which may cause not only financial loss, but also business interruptions and reputational damage, in the authors’ opinion, loss prevention and reduction are insufficient. Thus, both insurance and non-insurance methods of external financing cyber risk results were indicated. On this basis, the cyber insurance is considered by the authors to be the best tool providing both prevention and financial compensation in case of cyber incidents, also in insurance companies.

Julia Nowicka,Marta Zaroślak

DOI: https://doi.org/10.5604/01.3001.0015.6695

2021-07-05

Rocznik Bezpieczeństwa Morskiego

Abstract:The study indicates actions taken to ensure the safety of minor network users. Prophylactic activity and methods of reacting in the case of identification of perpetrators of prohibited acts are described. It was assumed that in the area of cybersecurity, avoiding threats concerns the educational space, hence information, education and social campaigns play an important role in contemporary social functioning. The study presents the formal and legal framework for the protection of cyberspace users, the functioning of which is determined, among others, by the Convention on the Rights of the Child, the Penal Code, the International Convention on Cybercrime, the Act on Counteracting Drug Addiction, Internet Management Forum, Safer Internet Centers, Scientific and Academic Computer Network. (NASK), Empowering Children Foundation and others. Examples of assumptions of selected social programs building a safe environment for the exchange of information on the Internet are presented.

Adam KONARZEWSKI

DOI: https://doi.org/10.5604/01.3001.0012.1463

2018-01-15

Zeszyty Naukowe Akademii Sztuki Wojennej

Abstract:The article examines the legal and institutional functioning of the aeronautical search and rescue services (ASAR services) in Poland, also in view of their cooperation with civil and military authorities. This study also looks at the international and national legal regulations relating to ASAR services. The work contains a presentation of the most important legal acts underpinning the organisation and functioning of the ASAR services in Poland, as well as the tasks of the civil/military aeronautical rescue coordination centre and the civil and military authorities responsible for establishment and operation of ASAR services. The characteristics of the relevant entities forming part of the ASAR services have been outlined, as have other relevant legal instruments and operational documents that are essential for the functioning of the aeronautical search and rescue services in Poland

O.I. Peliukh,M.V. Yesina,D.Yu. Holubnychyi

DOI: https://doi.org/10.30837/rt.2024.1.216.03

2024-03-20

Radiotekhnika

Abstract:In the modern world, information and communication systems (ICS) have become an integral part of our lives, processing, storing and transmitting information. However, this dependence makes them extremely vulnerable to various threats. The article examines the current threats that call into question the normal functioning of ICS. The authors emphasise the constant evolution of these threats, which makes them more complex and dangerous. This necessitates constant research and development of new methods and means of information protection, as well as raising awareness of ICS users about cyber threats. The purpose of the article is to study modern ICS threats and develop recommendations for improving the level of information security (IS). The article provides a classification of ICS IS threats by various criteria: by the basic principles of the cybersecurity triad (confidentiality, integrity and availability), by sources of threats (internal and external), by the amount of damage caused (from general to private), by the degree of impact (passive and active) and by the nature of occurrence (natural and artificial). The article reveals the sources of threats to ICS security: unintentional (related to user errors, software failures or hardware failures) and intentional (cyber-attacks aimed at causing damage to ICS). Particular attention is paid to cyberattacks that are becoming more widespread. The authors describe different types of cyberattacks, as well as methods and means of their implementation. An important aspect of the article is the development of recommendations for improving the level of security. Along with the technical aspects of protection, the article considers the importance of implementing organisational measures such as security policy, access control and privilege management. The article also draws attention to the importance of complying with international and national standards for the protection of information in ICS. These measures help to avoid leakage or prevent unauthorised access to valuable information.

Jacek Dworzecki

DOI: https://doi.org/10.5604/01.3001.0012.4557

2018-07-03

Abstract:The paper discusses the role and place of private companies offering services related to people and property protection in the Slovak internal security system. The paper outlines the Slovak system of internal security, its institutions, entities and formations and presents organizational and legal basis for functioning of private security entities in the Slovak Republic. Additionally, the paper presents procedures of applying for a license which entitles the holder to start a business in the security sector and to perform tasks written down in the catalogue of services for private security industry. The text is completed with statistics related to the activities of private security companies with respect to security and public order in Slovakia. The paper was prepared as a part of a research and innovation project within operational project Horizon (2020-FCT-2015, No: 700688) Understand the Dimensions of Organized Crime and Terrorist Networks for Developing Effective and Efficient Security Solutions for First-line-practitioners and Professionals.

Abdulaziz Gulay,Leandros Maglaras

2024-10-03

Abstract:The increasing frequency and sophistication of cybersecurity incidents pose significant challenges to organisations, highlighting the critical need for robust incident response capabilities. This paper explores a possible utilisation of IR CMMs assessments to systematically prioritise incidents based on their impact, severity, and the incident response capabilities of an organisation in specific areas associated with human and organisational factors. The findings reveal common weaknesses in incident response, such as inadequate training and poor communication, and highlight best practices, including regular training programs, clear communication protocols, and well-documented response procedures. The analysis also emphasises the importance of organisational culture in enhancing incident response capabilities. By addressing the gap in understanding how the output of IRM assessments can be immediately utilised to prioritise high-risk incidents, this paper contributes valuable insights to academia and practice, offering a structured approach to enhancing organisational resilience against cybersecurity threats.

Cryptography and Security

Svitlana Lehominova,Halyna Haidur

DOI: https://doi.org/10.28925/2663-4023.2023.22.5467

2023-01-01

Abstract:Taking into account the process of complication of the geopolitical and geoeconomic landscape space, the development of information technologies and the formation of new security challenges associated with the emergence of new cyber threats, there is a need for constant monitoring and forecasting of them in order to prevent consequences in the form of damage and leakage of valuable and confidential information. The authors analyzed the new predictable cyber security threats to organizations, with special attention paid to the protection of endpoints. Threats identified in the field of artificial intelligence development (underground development of malicious Large Language Models (LLM); “Script Kiddies” update; voice fraud for social engineering, which is created by artificial intelligence); changing trends in the behavior of threat actors (attacks on supply chains against managed file transfer solutions, malware threats that are becoming multilingual); as new emerging threats and attack methods (growing QR code rivalry; stealth attacks on peripheral devices; Python implementation in Excel creating a potentially new vector for attacks; LOL drivers changing action algorithms). The resulting detection of future threats emphasizes the need for strategic planning for the adoption of new technologies and platforms: such as Endpoint Detection and Response (EDR) capabilities, as well as the use of EDR as part of a multi-instrumented enhanced detection and response (XDR) architecture. Gartner’s research has been proven to have a tremendous impact on improving organizations’ threat detection capabilities by providing valuable insight into the strengths and weaknesses of each cybersecurity service provider with respect to emerging threat intelligence, by focusing organizations’ attention on opportunities to identify gaps in their existing security infrastructure and adopt sound decisions to invest in additional solutions or services that effectively address these gaps. The spheres of activity of the world’s leading companies were analyzed, their connection with Ukrainian companies was found, and further cooperation was proposed for the effective protection of national cyberspace.

Igor Kotenko,Igor Saenko,Roman Zakharchenko,Dmitry Velichko,,,,

DOI: https://doi.org/10.21681/2311-3456-2023-1-13-27

2023-01-01

Voprosy kiberbezopasnosti

Abstract:The purpose of the article: conducting a system analysis of the requirements for the subsystem for preventing computer attacks on critical information infrastructure in order to substantiate the directions for further improved scientific and methodological apparatus for the full functioning of the subsystem for preventing computer attacks. Research method: theoretical and systematic analysis of the requirements of legal acts, scientific publications, protection technologies and means of their implementation in departmental systems for detecting and counteringcomputer attacks.The result obtained: the rationale for the need to build mechanisms for preventing computer attacks on critical information infrastructure objects and the requirements for the subsystem for preventing computer attacks was carried out, an approach was proposed to prevent computer attacks at the stages of reconnaissance by an attacker of critical information infrastructure objects, based on the introduction of a security event correlation mechanism with automatic adaptation to the analyzed information infrastructure and the functions it performs at the current time and a detailed specification of the correlation rules.Scope of the proposed approach: a subsystem for preventing computer attacks of departmental systems for detecting and countering computer attacks, which should identify and prevent attempts to conduct computer attacks on critical information infrastructure objects in advance.The scientific novelty consists in a comprehensive analysis of the need to build mechanisms for preventing computer attacks on critical information infrastructure objects, an analysis of the requirements for the computer attack prevention subsystem, its functions and means of implementation. It is shown that the functions of preventing computer attacks in domestic technical solutions are not fully implemented, and that there is a substitution of the concept of “subsystem for preventing computer attacks” by the concept of “control and technical measures”. It is substantiated that for the implementation of the functions of preventing computer attacks, there is a technological backlog in the form of a ready-made technology based on the technology for building SIEM systems. It is shown that there is a need to refine the scientific and methodological apparatus for implementing computer warning functions based on artificial intelligence methods and big data technologies.Contribution: Kotenko I.V. - analysis of the functionality of the subsystem for preventing computer attacks, setting the task and proposals for developing the functionality of the subsystem for preventing computer attacks on critical information infrastructure objects; Saenko I.B. - analysis of the subsystem for preventing computer attacks in the general context of the theory of information security, substantiation of the implementation of the functions of preventing computer attacks based on the technology of building SIEM systems and big data; Zakharchenko R.I. - analysis of technical solutions that ensure the implementation of the subsystem for preventing computer attacks, Velichko D.V. - an approach to detecting computer attacks at the stages of reconnaissance by an attacker of objects of critical information infrastructure. All authors participated in the writing of the article.