CONCEPTUAL FRAMEWORK AND BASIC FEATURES OF THE COMPANY'S CYBER RESILIENCE
Abstract
The study analyzes the key aspects of cyber resilience in the modern digital environment, identifies the main challenges faced by companies, and substantiates the need to create a conceptual framework for effective cyber resilience. The author has reviewed current research on cyber resilience in various sectors of the economy, identified gaps in existing approaches, and determined the importance of integrating cyber resilience principles at all levels of organizational management. Particular attention is paid to the concept of resilience in the context of geopolitical conflicts, which strengthen the role of cyber threats as a tool for influencing the economy. The author reveals connections between cyber resilience and technological innovations, including Artificial Intelligence, IoT, cloud computing, and Blockchain, which not only create new opportunities, but also add complexity to systems and increase their vulnerability. Existing approaches to cybersecurity, including traditional methods such as antivirus protection and attack detection systems, are assessed as not effective enough in response to dynamic and complex threats. The author emphasizes the importance of transitioning to adaptive and dynamic solutions that take into account the specifics of modern risks and ensure the ability of companies to quickly recover from incidents. The emphasis is placed on the Resilience Tower multi-level model that covers technical, organizational, and strategic aspects. The importance of creating a culture of cyber resilience, which should combine technological, organizational, and strategic solutions, is emphasized. The conclusions suggest practical tools and methodologies that will help improve the ability of companies to effectively counter modern cyber threats and maintain their competitiveness. Such an approach should be general enough to cover a wide range of approaches, as well as specific and novel enough to be different from existing approaches, in particular, from classical risk management.
References
Hult F., Sivanesan G. What good cyber resilience looks like. Journal of business continuity & emergency planning. 2014. Vol. 7(2). P. 112-125. URL: https://www.ingentaconnect.com/contentone/hsp/jbcep/2014/00000007/00000002/art00004
Kott A., Linkov,I. (Eds.). Cyber resilience of systems and networks (Vol. 1). New York, NY: Springer International Publishing. URL: https://link.springer.com/book/10.1007/978-3-319-77492-3
Anderson R., Bohme R., Clayton R., Moore T. Security economics and the internal market. 2018. URL: https://www.enisa.europa.eu/publications/archive/ economics-sec/
Annarelli A., Palombi G. Digitalization capabilities for sustainable cyber resilience: a conceptual framework. Sustainability. 2021. Vol. 13(23). 13065. DOI: https://doi.org/10.3390/su132313065
Пирожков С.І., Божок Є.В., Хамітов Н.В. Національна стійкість (резильєнтність) країни: стратегія і тактика випередження гібридних загроз. Вісник НАН України. 2021. № 8. С. 74-82. URL: http://dspace.nbuv.gov.ua/handle/123456789/181385
Загірняк Д., Данилко В., Іщенко С., Лига Д. Стратегічна стійкість в умовах глобалізації економіки як антикризовий інструмент. Вісник Національного технічного університету "Харківський політехнічний інститут" (економічні науки). 2020. Вип. 3. С. 98–101. DOI: https://doi.org/10.20998/2519-4461.2020.3.102
Сподіна А.О. Тарасенко І.О. Фінансова стійкість підприємства: сутність та фактори впливу. Міжнародний науковий журнал "Інтернаука". 022. № 12 (131). С. 24-31. URL: https://www.inter-nauka.com/uploads/public/16704889827423.pdf#page=25
Пікуліна О., Огданський К., Пікуліна,Н. Аналіз впливу зовнішньої заборгованості на фінансову стійкість та національну економічну безпеку України. Економіка та суспільство. 2023. Вип. 56. DOI: https://doi.org/10.32782/2524-0072/2023-56-2
Гончар С.Ф., Комаров М Ю. Підходи до оцінки кіберстійкості об’єктів критичної інформаційної інфраструктури. SIST-2021, 2012. 43. URL: http://bit.nau.edu.ua/wp-content/uploads/2021/07/Zbirnyk-tez-Koblevo-2021.pdf#page=43
Ivanchenko Y., Korchenko O., Zarytskyi O., Zybin S., Vishnevska N. Аналіз поняття кіберстійкості критичної інфраструктури. Ukrainian Information Security Research Journal. 2023. Vol. 25(4). P. 221-233. DOI: https://doi.org/10.18372/2410-7840.25.18228
Користін О.Є., Демедю, С.В. Актуалізація кіберстійкості та історичні витоки концепції "стійкість". Аналітично-порівняльне правознавство. 2023. Вип. 6. С. 708-713. DOI: https://doi.org/10.24144/2788-6018.2023.06.122
Столбовий В.М., Кисленко Д.П. Заходи з підвищення кібербезпеки на державному та корпоративному рівнях в умовах діджеталізації суспільства. Scientific notes of Lviv University of Business and Law. 2023. Vol. 37. P. 175-183. URL: https://nzlubp.org.ua/index.php/journal/article/view/802
Криклій О.А. Теорія та практика забезпечення кіберстійкості банків. Ефективна економіка. 2020. № 10. DOI: https://doi.org/10.32702/2307-2105-2020.10.50
Von Solms R., Van Niekerk J. From information security to cyber security. Computers & security. 2013. Vol. 38. P. 97-102. DOI: https://doi.org/10.1016/j.cose.2013.04.004
Kaplan S., Garrick B.J. On the quantitative definition of risk. Risk analysis. 1981. Vol. 1(1). P. 11-27. DOI: https://doi.org/10.1111/j.1539-6924.1981.tb01350.x
Malatji M., Marnewick A.L., Von Solms S. Cybersecurity capabilities for critical infrastructure resilience. Information and Computer Security, 2022. Vol. 30 No. 2, pp. 255-279. DOI: https://doi.org/10.1108/ICS-06-2021-0091
DiMase D., Collier Z. A., Heffner K., Linkov I. Systems engineering framework for cyber physical security and resilience. Environment Systems & Decisions, 2015. Vol. 35(2). P. 291. URL: https://link.springer.com/article/10.1007/s10669-015-9540-y
Björck F., Henkel M., Stirna J., Zdravkovic J. Cyber Resilience – Fundamentals for a Definition. In: Rocha, A., Correia, A., Costanzo, S., Reis, L. (eds) New Contributions in Information Systems and Technologies. Advances in Intelligent Systems and Computing. 2015. Vol. 353. DOI: https://doi.org/10.1007/978-3-319-16486-1_31
Cyber Risk and CFOs: Over-Confidence is Costly 2022 Edition. URL: https://www.kroll.com/-/media/kroll-images/pdfs/cyber-risk-cfos-report.pdf
Half of France’s Data Swiped in Viamedis and Almerys Cyber Attack. EM360. URL: https://em360tech.com/tech-articles/half-frances-data-swiped-viamedis-and-almerys-cyber-attack#:~:text=Viamedis%20and%20Almerys%20Breached,access%20to%20its%20internal%20systems
Armstrong R., Mayo J., Siebenlist F. Complexity science challenges in cybersecurity. Sandia National Laboratories SAND Report. 2009. URL: https://citeseerx.ist.psu.edu/document?repid=rep1&type=pdf&doi=ec5f02125bd83e8d0cb03a7d26e72575160199c3
McMorrow, D. Science of cyber-security. MITRE Corporation report. JASON, MITRE Corporation, McLean, VA, Tech. Rep. 2010. URL: https://apps.dtic.mil/sti/pdfs/ADA534220.pdf
Lin H.S., Goodman S.E. Toward a safer and more secure cyberspace. Committee on Improving Cybersecurity Research in the United States, National Academy of Engineering, Washington, D.C., Tech. Rep. 2007. URL: https://nap.nationalacademies.org/catalog/11925/toward-a-safer-and-more-secure-cyberspace
Seetharaman A., Patwa N., Jadhav V., Saravanan A.S., Sangeeth, D. Impact of Factors Influencing Cyber Threats on Autonomous Vehicles. Applied Artificial Intelligence. 2020. Vol. 35(2). P. 105–132. DOI: https://doi.org/10.1080/08839514.2020.1799149
Hult F., Sivanesan G. (2014). What good cyber resilience looks like. Journal of business continuity & emergency planning, vol. 7(2), pp. 112-125. Available at: https://www.ingentaconnect.com/contentone/hsp/jbcep/2014/00000007/00000002/art00004
Kott A., Linkov I. (2019)Cyber resilience of systems and networks New York, NY: Springer International Publishing, vol. 1. Available at: https://link.springer.com/book/10.1007/978-3-319-77492-3
Anderson R., Bohme R., Clayton R., Moore T. (2008). Security economics and the internal market. Available at: https://www.enisa.europa.eu/publications/archive/ economics-sec/
Annarelli A., Palombi G. (2021). Digitalization capabilities for sustainable cyber resilience: a conceptual framework. Sustainability, vol. 13(23), 13065. DOI: https://doi.org/10.3390/su132313065
Pyrozhkov S.I., Bozhok Ye.V., Khamitov N.V. (2021). Natsionalna stiikist (rezylientnist) krainy: stratehiia i taktyka vyperedzhennia hibrydnykh zahroz [National stability (resilience) of the country: strategy and tactics of preempting hybrid threats]. Visnyk NAN Ukrayiny, no. 8, pp. 74-82. Available at: http://dspace.nbuv.gov.ua/handle/123456789/181385
Zahirniak D., Danylko V., Ishchenko S., Lyha D. (2020) Stratehichna stiikist v umovakh hlobalizatsii ekonomiky yak antykryzovyi instrument [Strategic stability in the context of economic globalization as an anti-crisis tool. Bulletin of the National Technical University "Kharkiv Polytechnic Institute" (Economic Sciences)]. Visnyk Natsionalnoho tekhnichnoho universytetu "Kharkivskyi politekhnichnyi instytut" (ekonomichni nauky), vol. 3, pp. 98–101. DOI: https://doi.org/10.20998/2519-4461.2020.3.102
Spodina A., Tarasenko I. (2022) Finansova stiykist pidpryyemstva: sutnist ta faktory vplyvu [Financial sustainability of an enterprise: essence and factors of influence]. Mizhnarodnyy naukovyy zhurnal "Internauka", no. 12 (131), pp. 24-31. Available at: https://www.inter-nauka.com/uploads/public/16704889827423.pdf#page=25
Pikulina O., Ogdanskyi K., Pikulina N. (2023). Analiz vplyvu zovnishnʹoyi zaborhovanosti na finansovu stiykist ta natsionalnu ekonomichnu bezpeku Ukrayiny [Analysis of the impact of external debt on financial sustainability and national economic security of Ukraine]. Ekonomika ta suspilstvo, no. 56. DOI: https://doi.org/10.32782/2524-0072/2023-56-2
Honchar S., Komarov M. (2021) Pidkhody do otsinky kiberstiykosti ob’yektiv krytychnoyi informatsiynoyi infrastruktury [Approaches to assessing the cyber resilience of critical information infrastructure objects]. SIST-2021, no. 43. Available at: http://bit.nau.edu.ua/wp-content/uploads/2021/07/Zbirnyk-tez-Koblevo-2021.pdf#page=43
Ivanchenko Y., Korchenko O., Zarytskyi O., Zybin S., Vishnevska N. (2023). Analiz ponyattya kiberstiykosti krytychnoyi infrastruktury [Analysis of the concept of cyber resilience of critical infrastructure]. Ukrainian Information Security Research Journal, vol. 25(4), pp. 221-233. DOI: https://doi.org/10.18372/2410-7840.25.18228
Korystin O. E., Demediuk S. I. (2023). Aktualizatsiya kiberstiykosti ta istorychni vytoky kontseptsiyi "stiykistʹ [An update on cyber resilience and the historical origins of the concept of "resilience"]. Analitychno-porivnyalʹne pravoznavstvo, no. 6, pp. 708-713. DOI: https://doi.org/10.24144/2788-6018.2023.06.122
Stolbovy V., Kislenko D. (2023). Zakhody z pidvyshchennya kiberbezpeky na derzhavnomu ta korporatyvnomu rivnyakh v umovakh didzhetalizatsiyi suspilʹstva. [Measures to increase cyber security at the state and corporate levels in the context of digitalization of society]. Scientific notes of Lviv University of Business and Law, no. 37, pp. 175-183
Kryklii O. (2020) Teoriya ta praktyka zabezpechennya kiberstiykosti bankiv [Theory and practice of ensuring cyber resilience of banks]. Efektyvna ekonomika, no. 10. DOI: https://doi.org/10.32702/2307-2105-2020.10.50
Von Solms R., Van Niekerk J. (2013). From information security to cyber security. Computers & security, vol. 38, pp. 97-102. DOI: https://doi.org/10.1016/j.cose.2013.04.004
Kaplan S., Garrick B. J. (1981). On the quantitative definition of risk. Risk analysis, vol. 1(1), pp. 11-27. https://doi.org/https://doi.org/10.1111/j.1539-6924.1981.tb01350.x
Malatji M., Marnewick A.L., Von Solms S. (2022) Cybersecurity capabilities for critical infrastructure resilience. Information and Computer Security, vol. 30, no. 2, pp. 255-279. DOI: https://doi.org/10.1108/ICS-06-2021-0091
DiMase D., Collier Z.A., Heffner K., Linkov I. (2015). Systems engineering framework for cyber physical security and resilience. Environment Systems & Decisions, vol. 35(2), p. 291. Available at: https://link.springer.com/article/10.1007/s10669-015-9540-y
Björck F., Henkel M., Stirna J., Zdravkovic J. (2015). Cyber Resilience – Fundamentals for a Definition. In: Rocha, A., Correia, A., Costanzo, S., Reis, L. (eds) New Contributions in Information Systems and Technologies. Advances in Intelligent Systems and Computing, vol 353. Springer, Cham. DOI: https://doi.org/10.1007/978-3-319-16486-1_31
Cyber Risk and CFOs: Over-Confidence is Costly 2022 Edition. Available at: https://www.kroll.com/-/media/kroll-images/pdfs/cyber-risk-cfos-report.pdf
Half of France’s Data Swiped in Viamedis and Almerys Cyber Attack. EM360. Available at: https://em360tech.com/tech-articles/half-frances-data-swiped-viamedis-and-almerys-cyber-attack#:~:text=Viamedis%20and%20Almerys%20Breached,access%20to%20its%20internal%20systems
Armstrong R., Mayo J., Siebenlist F. (2009). Complexity science challenges in cybersecurity. Sandia National Laboratories SAND Report. Available at: https://citeseerx.ist.psu.edu/document?repid=rep1&type=pdf&doi=ec5f02125bd83e8d0cb03a7d26e72575160199c3
McMorrow D. (2010). Science of cyber-security. MITRE Corporation report. JASON, MITRE Corporation, McLean, VA, Tech. Rep. Available at: https://apps.dtic.mil/sti/pdfs/ADA534220.pdf
Lin H.S., Goodman S.E. (2007). Toward a safer and more secure cyberspace. Committee on Improving Cybersecurity Research in the United States, National Academy of Engineering, Washington, D.C., Tech. Rep. Available at: https://nap.nationalacademies.org/catalog/11925/toward-a-safer-and-more-secure-cyberspace
Seetharaman A., Patwa N., Jadhav V., Saravanan A.S., Sangeeth D. (2020) Impact of Factors Influencing Cyber Threats on Autonomous Vehicles. Applied Artificial Intelligence, vol. 35(2), pp. 105–132. DOI: https://doi.org/10.1080/08839514.2020.1799149
