Development of a mechanism for information security risk management of transport service provision systems

Q3 Mathematics

Eastern-European Journal of Enterprise Technologies Pub Date : 2024-02-28 DOI:10.15587/1729-4061.2024.298144

Olexandr Melnychenko, Olexandr Ignatenko, Vitalii Tsybulskyi, Anastasia Degtiarova, Mykola Kashuba, Igor Derehuz

{"title":"Development of a mechanism for information security risk management of transport service provision systems","authors":"Olexandr Melnychenko, Olexandr Ignatenko, Vitalii Tsybulskyi, Anastasia Degtiarova, Mykola Kashuba, Igor Derehuz","doi":"10.15587/1729-4061.2024.298144","DOIUrl":null,"url":null,"abstract":"The object of the study is the process of analysis, assessment, and management of information security risks in transport service provision systems.\nThe problem of applying the information security risk management approach in the activities of transport business entities was investigated. As a result of the application of effective forms, methods, and means of information security risk management based on international standards, a risk management mechanism was developed. The risk assessment process of transport systems has been systematized. This allows business entities in the transport sector to determine ways to prevent and counter information threats and challenges in their activities, both when designing and operating systems for providing transport services.\nVerification of the devised methodical approach to information security risk management was carried out on an example of the taxi company «Taxifay N». Threats and challenges of the company’s information system were evaluated by an expert method. Based on the results of the analysis of expert risk assessment, it was found that the concordance coefficient (0.86) confirms the high level of agreement of experts’ opinions. As a result, the company’s information security risk management program was developed. The effectiveness of the program was assessed by the efficiency ratio, which was 0.64. This testifies to the effectiveness of the implemented program of measures to manage information security risks.\nThe scope of application may be the activity of business entities that provide transport services to the population, aimed at data storage and processing.\nThe prospect of this study is to expand the list of threats and categories of vulnerabilities depending on the characteristics of the economic activity of various enterprises","PeriodicalId":11433,"journal":{"name":"Eastern-European Journal of Enterprise Technologies","volume":"239 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2024-02-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Eastern-European Journal of Enterprise Technologies","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.15587/1729-4061.2024.298144","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"Mathematics","Score":null,"Total":0}

引用次数: 0

Abstract

The object of the study is the process of analysis, assessment, and management of information security risks in transport service provision systems. The problem of applying the information security risk management approach in the activities of transport business entities was investigated. As a result of the application of effective forms, methods, and means of information security risk management based on international standards, a risk management mechanism was developed. The risk assessment process of transport systems has been systematized. This allows business entities in the transport sector to determine ways to prevent and counter information threats and challenges in their activities, both when designing and operating systems for providing transport services. Verification of the devised methodical approach to information security risk management was carried out on an example of the taxi company «Taxifay N». Threats and challenges of the company’s information system were evaluated by an expert method. Based on the results of the analysis of expert risk assessment, it was found that the concordance coefficient (0.86) confirms the high level of agreement of experts’ opinions. As a result, the company’s information security risk management program was developed. The effectiveness of the program was assessed by the efficiency ratio, which was 0.64. This testifies to the effectiveness of the implemented program of measures to manage information security risks. The scope of application may be the activity of business entities that provide transport services to the population, aimed at data storage and processing. The prospect of this study is to expand the list of threats and categories of vulnerabilities depending on the characteristics of the economic activity of various enterprises

查看原文本刊更多论文

建立运输服务提供系统信息安全风险管理的机制

研究对象是运输服务供应系统中信息安全风险的分析、评估和管理过程。通过应用基于国际标准的信息安全风险管理的有效形式、方法和手段，建立了风险管理机制。运输系统的风险评估过程已经系统化。这使得运输部门的企业实体在设计和运行提供运输服务的系统时，能够确定在其活动中预防和应对信息威胁和挑战的方法。通过专家方法对该公司信息系统面临的威胁和挑战进行了评估。根据专家风险评估的分析结果，发现一致性系数（0.86）证实了专家意见的高度一致。因此，公司制定了信息安全风险管理计划。该计划的有效性通过效率比进行评估，效率比为 0.64。本研究的前景是根据各企业经济活动的特点，扩大威胁清单和脆弱性类别。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Eastern-European Journal of Enterprise Technologies Mathematics-Applied Mathematics

CiteScore

2.00

自引率

0.00%

发文量

369

审稿时长

6 weeks

期刊介绍： Terminology used in the title of the "East European Journal of Enterprise Technologies" - "enterprise technologies" should be read as "industrial technologies". "Eastern-European Journal of Enterprise Technologies" publishes all those best ideas from the science, which can be introduced in the industry. Since, obtaining the high-quality, competitive industrial products is based on introducing high technologies from various independent spheres of scientific researches, but united by a common end result - a finished high-technology product. Among these scientific spheres, there are engineering, power engineering and energy saving, technologies of inorganic and organic substances and materials science, information technologies and control systems. Publishing scientific papers in these directions are the main development "vectors" of the "Eastern-European Journal of Enterprise Technologies". Since, these are those directions of scientific researches, the results of which can be directly used in modern industrial production: space and aircraft industry, instrument-making industry, mechanical engineering, power engineering, chemical industry and metallurgy.