Development of a mechanism for information security risk management of transport service provision systems

Olexandr Melnychenko, Olexandr Ignatenko, Vitalii Tsybulskyi, Anastasia Degtiarova, Mykola Kashuba, Igor Derehuz
{"title":"Development of a mechanism for information security risk management of transport service provision systems","authors":"Olexandr Melnychenko, Olexandr Ignatenko, Vitalii Tsybulskyi, Anastasia Degtiarova, Mykola Kashuba, Igor Derehuz","doi":"10.15587/1729-4061.2024.298144","DOIUrl":null,"url":null,"abstract":"The object of the study is the process of analysis, assessment, and management of information security risks in transport service provision systems.\nThe problem of applying the information security risk management approach in the activities of transport business entities was investigated. As a result of the application of effective forms, methods, and means of information security risk management based on international standards, a risk management mechanism was developed. The risk assessment process of transport systems has been systematized. This allows business entities in the transport sector to determine ways to prevent and counter information threats and challenges in their activities, both when designing and operating systems for providing transport services.\nVerification of the devised methodical approach to information security risk management was carried out on an example of the taxi company «Taxifay N». Threats and challenges of the company’s information system were evaluated by an expert method. Based on the results of the analysis of expert risk assessment, it was found that the concordance coefficient (0.86) confirms the high level of agreement of experts’ opinions. As a result, the company’s information security risk management program was developed. The effectiveness of the program was assessed by the efficiency ratio, which was 0.64. This testifies to the effectiveness of the implemented program of measures to manage information security risks.\nThe scope of application may be the activity of business entities that provide transport services to the population, aimed at data storage and processing.\nThe prospect of this study is to expand the list of threats and categories of vulnerabilities depending on the characteristics of the economic activity of various enterprises","PeriodicalId":11433,"journal":{"name":"Eastern-European Journal of Enterprise Technologies","volume":"239 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2024-02-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Eastern-European Journal of Enterprise Technologies","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.15587/1729-4061.2024.298144","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"Mathematics","Score":null,"Total":0}
引用次数: 0

Abstract

The object of the study is the process of analysis, assessment, and management of information security risks in transport service provision systems. The problem of applying the information security risk management approach in the activities of transport business entities was investigated. As a result of the application of effective forms, methods, and means of information security risk management based on international standards, a risk management mechanism was developed. The risk assessment process of transport systems has been systematized. This allows business entities in the transport sector to determine ways to prevent and counter information threats and challenges in their activities, both when designing and operating systems for providing transport services. Verification of the devised methodical approach to information security risk management was carried out on an example of the taxi company «Taxifay N». Threats and challenges of the company’s information system were evaluated by an expert method. Based on the results of the analysis of expert risk assessment, it was found that the concordance coefficient (0.86) confirms the high level of agreement of experts’ opinions. As a result, the company’s information security risk management program was developed. The effectiveness of the program was assessed by the efficiency ratio, which was 0.64. This testifies to the effectiveness of the implemented program of measures to manage information security risks. The scope of application may be the activity of business entities that provide transport services to the population, aimed at data storage and processing. The prospect of this study is to expand the list of threats and categories of vulnerabilities depending on the characteristics of the economic activity of various enterprises
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
建立运输服务提供系统信息安全风险管理的机制
研究对象是运输服务供应系统中信息安全风险的分析、评估和管理过程。通过应用基于国际标准的信息安全风险管理的有效形式、方法和手段,建立了风险管理机制。运输系统的风险评估过程已经系统化。这使得运输部门的企业实体在设计和运行提供运输服务的系统时,能够确定在其活动中预防和应对信息威胁和挑战的方法。通过专家方法对该公司信息系统面临的威胁和挑战进行了评估。根据专家风险评估的分析结果,发现一致性系数(0.86)证实了专家意见的高度一致。因此,公司制定了信息安全风险管理计划。该计划的有效性通过效率比进行评估,效率比为 0.64。本研究的前景是根据各企业经济活动的特点,扩大威胁清单和脆弱性类别。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
Eastern-European Journal of Enterprise Technologies
Eastern-European Journal of Enterprise Technologies Mathematics-Applied Mathematics
CiteScore
2.00
自引率
0.00%
发文量
369
审稿时长
6 weeks
期刊介绍: Terminology used in the title of the "East European Journal of Enterprise Technologies" - "enterprise technologies" should be read as "industrial technologies". "Eastern-European Journal of Enterprise Technologies" publishes all those best ideas from the science, which can be introduced in the industry. Since, obtaining the high-quality, competitive industrial products is based on introducing high technologies from various independent spheres of scientific researches, but united by a common end result - a finished high-technology product. Among these scientific spheres, there are engineering, power engineering and energy saving, technologies of inorganic and organic substances and materials science, information technologies and control systems. Publishing scientific papers in these directions are the main development "vectors" of the "Eastern-European Journal of Enterprise Technologies". Since, these are those directions of scientific researches, the results of which can be directly used in modern industrial production: space and aircraft industry, instrument-making industry, mechanical engineering, power engineering, chemical industry and metallurgy.
期刊最新文献
Design of ammonia sensor based on ZnO for analyzing hazards at critical infrastructure Ensuring uniformity of strength of fine-grained concrete based on modified composite cement Physico – chemical study of the adsorption properties of natural minerals for sorption treatment of wastewater from Pb+2, Ni+2, Zn+2 ions Development of a solution search method using a combined bio-inspired algorithm Determining the characteristics of contact interaction between the two-row windshield wiper and a curvilinear glass surface
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1