Безопасность информационных технологий

Purpose.Due to the use of technology in banks their risks of information security breach are rising significantly. In the context of active introduction of remote banking services (RBS) in banking business of Russia, additional study of issues of assessing the risk of cyberattacks on banking automated systems was required. Methods.The methods of financial management, probability theory, system analysis of scientific literature on fundamental and applied research, and a method of graphical interpretation of analyzed phenomena are used. The paper gives a detailed analysis of the concepts of “cyberspace” and “cybersecurity”. Remote banking is considered from the point of view of financial management. Attention is drawn to the factors of work in cyberspace that increase the levels of banking risks. The relationship of cyberattacks on bankingautomated systems and possible consequences for the bank is analyzed. Novelty.Given the wide spread of social engineering methods when committing fraudulent activities on the Internet the measures to increase the cyber literacy of population are needed. The method for assessing the risk of cyberattacks on RBS for use by risk department specialists and employees of internal control services is developed. As a result, considering innovative systems and technologies that await us in the future, the effectiveness of risk assessment for solving current challenges is increased. Results.Attempts are made to formulate the mathematical model of the probabilistic analysis of information security incidents to optimize the algorithm for responding to incidents. Calculations based on the proposed model made it possible to determine the duration of exploitation of vulnerability of RBS, when the probability of preventing an incident exceeds probability of its realization. The findings may be useful for scientific research on the risks of information security breach in RBS.

[1] Interstate council for standardization, metrology and certification (2016) GOST 34009-2016 Mezhgosudarstvennyy standart: Sredstva i sistemy upravleniya zheleznodorozhnym tyagovym podvizhnym sostavom. Trebovaniya k programmnomu obespecheniyu [GOST 34009-2016 Interstate standard: Control devices and systems for railway traction rolling stock. Software requirements], Standardinform, Moscow, Russia (in Russian).

[2] The official site of the Federation Council of the Federal Assembly of the Russian Federation (2014) Kontseptsiya strategii kiberbezopasnosti Rossiyskoy Federatsii [Concept of Cybersecurity Strategy of the Russian Federation]. URL: http://council.gov.ru/media/files/41d4b3dfbdb25cea8a73.pdf
(accessed: 14.07.2019) (in Russian).

[3] Federal Agency for Technical Regulation and Metrology (2014) GOST R 56205-2014 IEC/TS 62443-1-1:2009: Seti kommunikatsionnyye promyshlennyye. Zashchishchennost' (kiberbezopasnost') seti i sistemy. Chast' 1-1. Terminologiya, kontseptual'nyye polozheniya i modeli [GOST R 56205-2014 IEC/TS 62443-1-1:2009: Industrial communication networks. Security (cybersecurity) network and system. Part 1-1. Terminology, conceptual positions and models], Standardinform, Moscow, Russia (in Russian).

[4] Kasperskaya, Natalya I. et al. To the problem of assessing and ensuring the correctness of business processes. IT Security (Russia), [S.l.], v. 26, n. 3. P. 8–21, 2019. ISSN 2074-7136.
URL: https://bit.mephi.ru/index.php/bit/article/view/1213 (accessed:
11.09.2019).
DOI: http://dx.doi.org/10.26583/bit.2019.3.01 (in Russian).

[5] Yun Zhang, Qingxiong Weng and Nan Zhu (2018) The relationships between electronic banking adoption and its antecedents: A meta-analytic study of the role of national culture. International Journal of Information Management, vol. 40. P. 76–87. DOI: https://doi.org/10.1016/j.ijinfomgt.2018.01.015.

[6] Berdyugin A.A. (2018) Risk of cyber attacks impact on remote banking services. Proceedings of the Informatsionnaya bezopasnost' v bankovsko-finansovoy sfere [Information security in banking and financial industry], International youth scientific-practical conference within the framework of the V International Forum “How to get into the top five?”. Moscow, Russia, November 29, 2018. P. 149–154 (in Russian).

[7] Skinner C. (2018) Digital Human: The Fourth Revolution of Humanity Includes Everyone, Singapore: Marshall Cavendish International (Asia).

[8] Slavin B.B. (2019) Tsifrovyye platformy – novyy trend v korporativnoy avtomatizatsii [Digital platforms is new trend in corporate automation]. BIT. Biznes & Informatsionnyye tekhnologii = BIT. Business & Information Technology, no. 2 (85). P. 12–15 (in Russian).

[9] Revenkov P.V., Pimenov P.A. and Ozhered I.V. (2019) Protivodeystviye komp'yuternym atakam v usloviyakh primeneniya sistem elektronnogo bankinga: Uchebnoye posobiye [Countering Computer Attacks Using Electronic Banking Systems: A Training Manual], Moscow: Prometheus publisher (in Russian).

[10] Lyamin L.V. (2018) Elektronnyy banking i riski yego kliyentov [Electronic banking and the risks of its customers]. Banknoty stran mira = Banknotes of the World, no. 7, pp. 26–28 (in Russian).

[11] Revenkov P.V. (2018) Rasshireniye profiley bankovskikh riskov v usloviyakh raboty v kiberprostranstve [Extending the profile of bank risk under conditions of work in cyberspace]. Finansy i kredit = Finance and Credit, vol. 24, no. 11 (779). P. 2471–2485. DOI: 10.24891/fc.24.11.2471 (in Russian).

[12] Berdyugin, Alexander A. Development of algorithm for assessment risk of cyber attacks in electronic banking. IT Security (Russia), [S.l.], v. 26, n. 2. P. 86–94, 2019. ISSN 2074-7136.
URL: (accessed:
31.05.2019).
DOI: http://dx.doi.org/10.26583/bit.2019.2.06 (in Russian).

[13] Summanen K. (2019) IT-importozameshcheniye v Rossii [IT import substitution in Russia]. BIS Journal − Informatsionnaya bezopasnost' bankov (electronic journal), №2 (33).
URL: https://ib-bank.ru/bisjournal/post/888 (accessed 03 September 2019) (in Russian).

[14] Revenkov P.V. and Krupenko D.S. (2019) Otsenka riskov informatsionnoy bezopasnosti v usloviyakh primeneniya sistem mobil'nogo bankinga [Risk assessment of information security in the context of the use of mobile banking systems]. Voprosy kiberbezopasnosti = Cybersecurity issues, no. 2 (30). S. 21–28.
DOI: 10.21681 / 2311-3456-2019-2-21-28 (in Russian).

[15] Clearfield Chris and Tilchsik Andrásh (2018) Neuyazvimost'. Otchego sistemy dayut sboy i kak s etim borot'sya [Meltdown. Why our systems fail and we can do about]. Moscow: Azbuka-Attikus, KoLibri Publisher (in Russian).

[16] Avdoshin S.M. and Pesotskaya E.Yu. (2011) Informatizatsiya biznesa. Upravleniye riskami [Informatization of business. Management of risks], Moscow: DMK-Press (in Russian).

[17] Koz'minykh S.I. (2018) Modelirovaniye obespecheniya informatsionnoy bezopasnosti ob"yekta kreditno-finansovoy sfery [Modelling the Provision of Information Security of the Object of the Credit and Financial Sphere]. Finansy: teoriya i praktika = Finance: theory and practice, vol. 22, no. 5 (107). S. 105–121.
DOI: 10.26794/2587-5671-2018-22-5-105-121 (in Russian).

[18] Yarygina I.Z., Gisin V.B. (2019) Metodologicheskiye podkhody k
otsenke stoimosti bankovskikh aktivov kak metodu upravleniya finansovymi riskami [Evaluation of Bank Assets and Financial Risk Management: Methodological Approach]. Bankovskiye uslugi = Banking services, no. 2. P. 20–26.

[19] Turing A.M., Neumann J.v. and Yanovskaya S.A. (2018) Mozhet li mashina myslit'? Obshchaya i logicheskaya teoriya avtomatov. Per. s angl. 3-e izd. [Can the machine think? General and logical theory of automata. Trans. from Eng. 3rd ed.], Moscow: Lenand Publisher (in Russian).

[20] Barabanov, Alexander V.; Markov, Alexey S.; Tsirlov, Valentin L. Information security systematics of software supply chains. IT Security (Russia), [S.l.], v. 26, n. 3. P. 68–79, 2019. ISSN 2074-7136.
URL: https://bit.mephi.ru/index.php/bit/article/view/1218 (accessed: 11.09.2019).
DOI: http://dx.doi.org/10.26583/bit.2019.3.06 (in Russian).

[21] Dolganova O.I. and Deeva E.A. (2019) Gotovnost' kompanii k tsifrovym preobrazovaniyam: problemy i diagnostika [Company readiness for digital transformations: problems and diagnosis], Biznes-informatika = Business Informatics, vol. 13, no. 2. P. 59–72.
DOI: 10.17323/1998-0663.2019.2.59.72 (in Russian).

[22] Ross A.J. (2016) The Industries of the Future, New York: Simon & Schuster.