Priorities for the Strategic Development of Ukraine's Cybersecurity Based on the Analysis of Expert Sampling Patterns

PDF (432KB), PP.24-35

Views: 0 Downloads: 0

Author(s)

Oleksandr Korystin 1,2,3,* Serhii Demediuk 4,5 Yaroslav Likhovitskyy 6 Yuriy Kardashevskyy 7 Olena Mitina 8

1. State Scientifically Research Institute of the MIA of Ukraine, Kyiv, Ukraine

2. Private Higher Educational Institution "Bukovinian University", Chernivtsi, Ukraine

3. Institute of Cyber Warfare Research

4. National Security and Defense Council of Ukraine, Kyiv, Ukraine

5. National Academy of the Security Service of Ukraine, Kyiv, Ukraine

6. Uzhhorod National University, Uzhhorod, Ukraine

7. National Agency for the Prevention of Corruption, Kyiv; Ukraine

8. Odesа National Polytechnic University, Odesa, Ukraine

* Corresponding author.

DOI: https://doi.org/10.5815/ijitcs.2025.02.03

Received: 22 Jun. 2024 / Revised: 17 Oct. 2024 / Accepted: 25 Jan. 2025 / Published: 8 Apr. 2025

Index Terms

Cybersecurity, Cyber Threats, Risk-oriented Approach, Risk Assessment, Pattern, Expert Sample

Abstract

The study is devoted to assessing the risks of cyber threats in the future based on expert sampling patterns. One of the key problems of modern cybersecurity is the dynamic nature of threats that change under the influence of technological progress and socio-economic factors. In this context, the authors consider a methodological approach that involves the use of a multi-level analysis of expert opinions. The main emphasis is placed on taking into account the different points of view, experience and professional activities of experts from the public, private and academic sectors. An important stage of the study is the procedure of data cleaning to form a representative sample that takes into account only logically consistent responses of experts. The paper focuses on the integration of the expert sample patterns‘ features. The key differences in threat assessments between different groups of experts depending on their professional role and experience are identified. This made it possible to formulate comprehensive recommendations for strategic cyber risk management focused on both short-term and long-term priorities. The study makes a significant contribution to understanding the peculiarities of cyber risk assessment through the use of multivariate analysis of expert opinions. The proposed methodology allows not only to improve the quality of forecasts of future cyber threats, but also contributes to the creation of adaptive cybersecurity strategies that take into account the specifics of each sector. The findings of the study emphasize the importance of a multidimensional approach to analyzing cyber threats, taking into account the specifics of each expert group. Integration of assessments and consideration of local peculiarities are key to the development of adaptive and effective cyber defense strategies focused on global and local challenges.

Cite This Paper

Оleksandr  Korystin, Serhii Demediuk, Yaroslav Likhovitskyy, Yuriy Kardashevskyy, Olena Mitina, "Priorities for the Strategic Development of Ukraine's Cybersecurity Based on the Analysis of Expert Sampling Patterns", International Journal of Information Technology and Computer Science(IJITCS), Vol.17, No.2, pp.24-35, 2025. DOI:10.5815/ijitcs.2025.02.03

Reference

[1]Foresight Challenges (2021). A study to enable foresight on emerging and future cybersecurity challenges. European Union Agency for Cybersecurity (ENISA). URL: https://www.enisa.europa.eu/sites/default/files/publications/ENISA%20Report%20-%20Foresight%20Challenges.pdf
[2]ENISA (2022). Identifying Emerging Cyber Security Threats and Challenges for 2030. URL: https://www.enisa.europa.eu
[3]Demediuk, S.V. (2024). Rozdil 26. Kiberviina ta forsait kiberstiikosti. V monohafii «Realizatsiia filosofii ILP v systemi kryminalnoho analizu Natsionalnoi politsii Ukrainy», 343-357. DOI: 10.36486/978-966-2310-66-5-26
[4]Biyue Diao, Guoping Chen, Feng He, " Loudspeaker Operation Status Monitoring System based on Power Line Communication Technology", International Journal of Image, Graphics and Signal Processing, Vol.10, No.10, pp. 54-62, 2018. 
[5]Orkhan Aslanli, "Cloud and On-premises Based Security Solution for Industrial IoT", International Journal of Information Engineering and Electronic Business, Vol.16, No.5, pp. 55-62, 2024.
[6]Abhinandan H., Patil, Neena, Goveas, & Krishnan, Rangarajan (2016). Regression Test Suite Prioritization using Residual Test Coverage Algorithm and Statistical Techniques, International Journal of Education and Management Engineering, 6 (5), 32-39. 
[7]Adeyinka, F., Oluyemi, E.S., Victor, A.N., Uchenna, U.C., Ogedengbe, O., & Ale, S. (2017). Parametric Equation for Capturing Dynamics of Cyber Attack Malware Transmission with Mitigation on Computer Network. International Journal of Mathematical Sciences and Computing, 3 (4), 37-51.
[8]Ghaderipour, Y. & Dinari, H. (2020). A Flow-Based Technique to Detect Network Intrusions Using Support Vector Regression (SVR) over Some Distinguished Graph Features. International Journal of Mathematical Sciences and Computing, 6 (4), 1-11.
[9]Hakan, Kekül, Burhan, Ergen & Halil Arslan (2022). Estimating Missing Security Vectors in NVD Database Security Reports. International Journal of Engineering and Manufacturing, 12 (3), 1-13. 
[10]Hakan, Kekül, Burhan, Ergen, & Halil, Arslan (2021). A New Vulnerability Reporting Framework for Software Vulnerability Databases. International Journal of Education and Management Engineering, 11 (3), 11-19. 
[11]Kasliono, Suprapto, & Faizal, Makhrus (2021). Point Based Forecasting Model of Vehicle Queue with Extreme Learning Machine Method and Correlation Analysis. International Journal of Intelligent Systems and Applications, 13 (3), 11-22. 
[12]Anbarasa A., Pandian, & Balasubramanian, R. (2016). Analysis on Shape Image Retrieval Using DNN and ELM Classifiers for MRI Brain Tumor Images. International Journal of Information Engineering and Electronic Business, 8 (4), 63-72. 
[13]Yudianto, Muhammad Resa Arif, Agustin, Tinuk, James, Ronaldus Morgan, Rahma, Firstyani Imannisa, Rahim, Arham, & Utami, Ema (2021). Rainfall Forecasting to Recommend Crops Varieties Using Moving Average and Naive Bayes Methods. International Journal of Modern Education and Computer Science, 13 (3), 23-33. 
[14]Lytvynenko, Volodymyr, Kryvoruchko, Olena, Lurie, Irina, Savina, Nataliia, Naumov, Oleksandr, & Voronenko, Mariia (2020). Comparative Studies of Self-organizing Algorithms for Forecasting Economic Parameters. International Journal of Modern Education and Computer Science, 12 (6), 1-15. 
[15]Zulkifley, Nor Hamizah, Rahman, Shuzlina Abdul, Ubaidullah, Nor Hasbiah, & Ibrahim, Ismail (2020). House Price Prediction using a Machine Learning Model: A Survey of Literature. International Journal of Modern Education and Computer Science, 12 (60), 46-54. 
[16]Yudianto, Muhammad Resa Arif, Agustin, Tinuk, James, Ronaldus Morgan, Rahma, Firstyani Imannisa, Rahim, Arham, & Utami, Ema (2021). Rainfall Forecasting to Recommend Crops Varieties Using Moving Average and Naive Bayes Methods. International Journal of Modern Education and Computer Science, 13 (3), 23-33. 
[17]Babatunde, Gbadamosi, Emmanuel, Adeniyi Abidemi, Oluwaseun, Ogundokun Roseline, Bunmi, Oladosu Bukola, & Precious, Anyaiwe Ehiedu (2019). Impact of Climatic Change on Agricultural Product Yield Using K-Means and Multiple Linear Regressions. International Journal of Education and Management Engineering, 9 (3), 16-26. 
[18]Tanriverdiyev, E. (2022). THE STATE OF THE CYBER ENVIRONMENT AND NATIONAL CYBERSECURITY STRATEGY IN DEVELOPED COUNTRIES. National Security Studies. https://doi.org/10.37055/sbn/149510.
[19]Carroll, J. (2024). The U.S. National Cybersecurity Strategy: A Vehicle with an International Journey. European Conference on Cyber Warfare and Security. https://doi.org/10.34190/eccws.23.1.2300.
[20]Ukhanova, E. (2022). Cybersecurity and cyber defence strategies of Japan. SHS Web of Conferences. https://doi.org/10.1051/shsconf/202213400159.
[21]Vakulyk, O., Petrenko, P., Kuzmenko, I., Pochtovyi, M., & Orlovskyi, R. (2020). CYBERSECURITY AS A COMPONENT OF THE NATIONAL SECURITY OF THE STATE. Journal of Security and Sustainability Issues. https://doi.org/10.9770/jssi.2020.9.3(4).
[22]Gunawan, B., Ratmono, B., & Abdullah, A. (2023). Cybersecurity and Strategic Management. Foresight and STI Governance. https://doi.org/10.17323/2500-2597.2023.3.88.97.
[23]Gercke, M. (2013). Cybersecurity Strategy. 14, 136 - 142. https://doi.org/10.9785/ovs-cri-2013-136.
[24](2021). National Cybersecurity Strategies. Cyber Security Auditing, Assurance, and Awareness Through CSAM and CATRAM. https://doi.org/10.4018/978-1-7998-4162-3.ch005.
[25]Bland, J., Petty, M., Whitaker, T., Maxwell, K., & Cantrell, W. (2020). Machine Learning Cyberattack and Defense Strategies. Comput. Secur., 92, 101738. https://doi.org/10.1016/j.cose.2020.101738.
[26]Tkach, Y. (2020). CONCEPTUAL MODEL OF CYBER SPACE SECURITY. Technical Sciences and Technologies. https://doi.org/10.25140/2411-5363-2020-4(22)-96-108.
[27]Srivastava, S., & Raj, S. (2024). Cyber Security Assessment and Awareness: A Statistical Modelling Approach. 2024 IEEE 1st Karachi Section Humanitarian Technology Conference (KHI-HTC), 1-6. https://doi.org/10.1109/KHI-HTC60760.2024.10482035.
[28]Burton, S. (2022). Strategy: A Business and Cybersecurity Intertwined Necessity. Int. J. Smart Educ. Urban Soc., 13, 1-12. https://doi.org/10.4018/ijseus.312232.
[29]Kissoon, T. (2020). Optimum spending on cybersecurity measures. Transforming Government: People, Process and Policy, 14, 417-431. https://doi.org/10.1108/tg-11-2019-0112.
[30]Boutwell, M. (2019). Exploring Industry Cybersecurity Strategy in Protecting Critical Infrastructure.
[31]Bowman, C., & Ambrosini, V. (1997). Perceptions of Strategic Priorities, Consensus and Firm Performance. Journal of Management Studies, 34, 241-258. https://doi.org/10.1111/1467-6486.00050.
[32]Backman, S. (2022). Risk vs. threat-based cybersecurity: the case of the EU. European Security, 32, 85 - 103. https://doi.org/10.1080/09662839.2022.2069464.
[33]Sadykov, S., Utkin, A., & Sokolov, A. (2023). Analysis of the Dynamics of the Development of High-Tech Areas for the Formation of Strategic Priorities of Company Management. Proceedings of the Southwest State University. Series: Economics. Sociology. Management. https://doi.org/10.21869/2223-1552-2023-13-5-36-47.
[34]Fielder, A., König, S., Panaousis, E., Schauer, S., & Rass, S. (2018). Risk Assessment Uncertainties in Cybersecurity Investments. Games, 9, 34. DOI: 10.3390/g9020034
[35]Ganin, A., Quach, P., Panwar, M., Collier, Z., Keisler, J., Marchese, D., & Linkov, I. (2020). Multicriteria Decision Framework for Cybersecurity Risk Assessment and Management. Risk Analysis, 40.  DOI: 10.1111/risa.12891
[36]Korystin, О., Korchenko, О., Kazmirchuk, S., Demediuk, S., Korystin, O. (2024). Comparative Risk Assessment of Cyber Threats Based on Average and Fuzzy Set Theory. I. J. Computer Network and Information Security, 1, 1-13. 
[37]Allodi, L., & Massacci, F. (2017). Security Events and Vulnerability Data for Cybersecurity Risk Estimation. Risk Analysis, 37. DOI: 10.1111/risa.12864
[38]Dawodu, S., Omotosho, A., Akindote, O., Adegbite, A., & Ewuga, S. (2023). Cybersecurity risk assessment in banking: methodologies and best practices. Computer Science & IT Research Journal. DOI: 10.51594/csitrj.v4i3.659
[39]Rea-Guaman, A., Mejía, J., Feliu, S., & Calvo-Manzano, J. (2020). AVARCIBER: a framework for assessing cybersecurity risks. Cluster Computing, 23, 1827-1843. DOI: 10.1007/s10586-019-03034-9
[40]Aktayeva, A., Makatov, Y., Tulegenovna, A., Dautov, A., Niyazova, R., Zhamankarin, M., & Khan, S. (2023). Cybersecurity Risk Assessments within Critical Infrastructure Social Networks. Data, 8, 156. DOI: 10.3390/data8100156
[41]Tsiodra, M., Panda, S., Chronopoulos, M., & Panaousis, E. (2023). Cyber Risk Assessment and Optimization: A Small Business Case Study. IEEE Access, 11, 44467-44481. DOI: 10.1109/ACCESS.2023.3272670
[42]Angelini, M., Bonomi, S., & Palma, A. (2022). A Methodology to Support Automatic Cyber Risk Assessment Review. ArXiv, abs/2207.03269. DOI: 10.48550/arXiv.2207.03269
[43]Meshkat, L., & Miller, R. (2022). A Systems Approach for Cybersecurity Risk Assessment. Annual Reliability and Maintainability Symposium (RAMS), 1-9. DOI: 10.1109/RAMS51457.2022.9893966
[44]Mokhor, V., Honchar, S., & Onyskova, A. (2020). Cybersecurity Risk Assessment of Information Systems of Critical Infrastructure Objects. IEEE International Conference on Problems of Infocommunications. Science and Technology (PIC S&T), 19-22. DOI: 10.1109/PICST51311.2020.9467957.
[45]Korystin, O.Ye., & Korystin, O.O. (2022). Threats in the sphere of cyber security in Ukraine. Nauka i pravookhoronna, 1, 127–131. DOI: 10.36486/np.2022.1(55)12.
[46]Korystin, Oleksandr, Svyrydiuk, Nataliia, & Vinogradov, Alexander (2021). The Use of Sociological Methods in Criminological Research. Proceedings of the International Conference on Social Science, Psychology and Legal Regulation (SPL 2021). Series: Advances in Social Science, Education and Humanities Research, 617, 18 December, 1-6. DOI: 10.2991/assehr.k.211218.001
[47]Korystin, O.Ie., Demediuk, S.V., Panchenko, Ye.V., Korystin, O.O. (2023). Natsionalni realii analizu kiberzlochynnosti za metodolohiieiu Yevropolu IOSTA. Pivdennoukrainskyi pravnychyi chasopys, 3, 44-46. DOI: 10.32850/sulj.2023.3.10
[48]ISO 31000:2018 - RISK MANAGEMENT. URL: https://www.iso.org/ru/publication/PUB100464.html
[49]Korystin, О., & Svyrydiuk, N. (2020). Methodological principles of risk assessment in law enforcement activity. Nauka i pravooxoronna, 3, 191-197. DOI:10.36486/np.2020349
[50]Korystin, Oleksandr, & Svyrydiuk, Nataliia (2021). Activities of Illegal Weapons Criminal Component of Hybrid Threats. Proceedings of the International Conference on Economics, Law and Education Research (ELER 2021). Series: Advances in Economics, Business and Management Research, 170, 22 March, 86-91. DOI: 10.2991/aebmr.k.210320.016