Методологія побудови системи безпеки банківських інформаційних ресурсів

Abstract

The paper proposes the concept of constructing a synergetic model of threats to the security of banking information resources, the basis of which is a three-level model of strategic management of information technology security in automated banking systems. A synergetic model of threats to the security of banking information resources has been developed, which has made it possible to generalize a known model of a cybercriminal and allows to establish interrelations between elements, communication channels, banking information resources and achieve a synergistic effect. A classifier of threats to the security of banking information resources was developed, based on a synergetic threat model, which allowed to classify threats by security components, types of services and levels of the hierarchy of the ABS infrastructure. To counter the hybrid threats of banking information resources, it is advisable to apply new integrated service provision mechanisms based on hybrid crypto-code constructions on the defective codes. This approach allows us to provide security services and reliability for given probabilistic indicators. The advanced method of two-factor authentication based on hybrid crypto-code constructions on the defective codes makes it possible to ensure the security and reliability of OTP password transmission. The developed method of assessing investments in building the security system of banking information resources allows to optimize the costs of funds for the formation of a security system for banking information resources. A methodology for evaluating the functional efficiency of automated banking systems is developed, taking into account the technical indicators of the network, the safety indicators of technical means of information protection, and economic parameters. A methodology for building a security system for banking information resources was developed. The methodology allows, in conditions of growth of hybrid threats, to open a new effective approach to building the security system of the critical information infrastructure of the state.