Purpose. Developing a technology for managing cyber risks based on their improved classification by the level of impact on the occurrence of an extreme situation. Methodology. To achieve the goal, general scientific and special methods of cognition were used in the study: dialectical and systemic approaches, analysis and synthesis, logical generalization and grouping, structural-logical method, iterative approach, modeling, method of formal representations of uncertainty. Findings. A cyber risk management technology has been developed, consisting of four main stages: analysis of cyber threats (context establishment; security audit; formation of scenario concepts); scenario modeling (threat decomposition; scenario formation; setting criteria; setting probability estimates of concepts (variables); building a network architecture; formation of a private threat model; scenario analysis); risk assessment; object classification. The proposed approach to cybersecurity risk management provides vulnerability detection and risk assessment (risk potential) and simplifies the development of management solutions to prevent events affecting cybersecurity. Originality. The proposed technology differs from the existing ones by focusing on identifying those vulnerabilities and cyber threats that, according to their improved classification by the level of impact on the occurrence of an extreme situation, can lead to serious disruptions in the functioning of critical information infrastructure of the national economy. Practical value. The practical significance of the study lies in the fact that the proposed cyber risk management technology is one of the tools for preventing the realization of risks in cyberspace and the basis for strengthening the information security of economic entities in particular and the national economy as a whole.
Read full abstract