On assessing the sustainability of functioning of microparametric cyber risk insurance facilities

Objective. The article is devoted to the problem of assessing the durability of critical information infrastructure objects in favor of microparametric risk insurance. The feasibility of introducing parametric insurance as a cost-effective way to protect information against threats and the existence of sustainability problems is being supported. Method. The application of reliability theory methods in combination with random function theory allowed to consider the dynamics of stability of operation of the protection object during the period of the action of threats. Result. It was possible to estimate the minimum value of the rating object’s performance and the relevant time of occurrence, which in combination allowed for an assessment of the risk associated with the event. The novelty of the proposed approach is that for cyber risk assessment, a function of the object of assessment was performed, which was formed on the basis of the functions of individual elements of the evaluation object, taking into account its structure and available resources for maintaining functionality. The information security (IS) assessment task for different structures and the Parametric Micro-Insurance Solution Methodologies are described, which focus on the importance of each of their elements as part of the insurance object. Conclusion. he article’s content can be used to set the task of developing methods, models and means for providing IS risk insurance as well as supporting solutions for ensuring sustainability.

1. Sadovnichy V.A., Akaev A.A., Korotaev A.V., Malkov S.Yu. Modeling and forecasting of world dynamics. Scientific Council for the Fundamental Program. research Presidium of the Russian Academy of Sciences "Economics and Sociology of Knowledge". M.: ISPI RAS (Economics and Sociology of Knowledge), 2012;359. (In Russ)

2. Glazyev S.Yu. Economy and society/ S.Yu. Glazyev, A.V. Shchipkov. Moscow: Limited Liability Company “Prospekt”, 2022; 192. (In Russ)

3. Glazyev, S.Yu. Strategy for advanced development of Russia in the context of the global crisis / S.Yu. Glazyev. Moscow: Economics, 2010; 287. (In Russ)

4. Encyclopedia of financial risk management [V.E. Barbaumov et al.]; edited by A.A. Lobanov and A.V. Chugunov. 4th ed. Moscow: Alpina Business Books, 2009; 931. (In Russ)

5. R. Sobers, “98 must-know data breach statistics for 2021” Varonis, May 2021.

6. F. Perumannil, Sabir & Haneef, “Latest trends in cybersecurity after solarwind hacking attack,” Journal of Cyber Security and Mobility, 2021, 1, Jan.

7. O. Analytica, “Critical infrastructure sees rising cybersecurity risk” Emerald Expert Briefings, 2021.

8. F. Curti et al., “Cyber risk definition and classification for financial risk management” Federal Reserve Bank of Richmond, 2019.

9. Gartner, Inc., “Reviews for security threat intelligence products and services reviews and ratings” World-wide. In: Gartner peer insights. https://www.gartner.com/reviews/market/security-threat-intelligence-services,2019.

10. Coulson, T., Mason, M., & Nestler, V. Cyber capability planning and the need for an expanded cybersecurity workforce. Communications of the IIMA: 2018; 16(2), Article 2 DOI: https://doi.org/10.58729/1941-6687.1401. Retrieved March 6, 2023, from https://scholarworks.lib.csusb.edu/ciima/vol16/iss2/2/BitSight, “Global financial firm reduces the risk of third-party breach with bitsight security ratings,” BitSight Website: https http://info.bitsight.com/bitsightcase-study-global-financial-firm,2019.

11. Hoffmann, R., Napiórkowski, J., Protasowicki, T., & Stanik, J. Risk based approach in scope of cybersecurity threats and requirements. Procedia Manufacturing. 2020;44:655-662 https://doi.org/10.1016/j.promfg.2020.02.243.

12. GOST R 59516–2021. Information technology. Information security management. Information security risk insurance rules. Approved and introduced put into effect by Order of the Federal Agency for Technical Regulation and Metrology dated May 20, 2021 N 420-st. M .: Standartinform. 2021; 20. (In Russ)

13. Kosarev A.V. Insurance of information risks: abstract of diss. .. . candidate of economic sciences: 08.00.10 Financial Academy under the Government of the Russian Federation. Moscow, 2004; 23. (In Russ)

14. The Doctrine of Information Security of the Russian Federation, approved by the Decree of the President of the Russian Federation dated 05.12.2016; 646 // Consultant Plus: reference and legal system. (In Russ)

15. Federal Law "On Information, Information Technologies and Information Protection" dated 27.07.2006 N 149-FZ // SPS Consultant Plus: reference and legal system. (In Russ)

16. Voevodin V.A. Genesis of the concept of structural stability of the information infrastructure of an automated production process control system to the impact of targeted threats to information security. Bulletin of the Voronezh Institute of the Federal Penitentiary Service Rossii. 2023; 2:30–41. (In Russ)

17. Methodology for assessing information security threats. Methodological document of the FSTEC of Russia dated February 5, 2021 // Official website of the FSTEC of Russia [Electronic resource]. – URL: https://fstec.ru/component/attachments/download/2919 (date of access 08.04.2021). (In Russ)

18. Vasiliev V.I., Vulfin A.M., Kirillova A.D., Kuchkarova N.V. . Methodology for assessing current threats and vulnerabilities based on cognitive modeling and Text Mining technologies. Control, Communications and Security Systems. 202;3:110–134. DOI: 10.24412/2410-9916-2021-3-110-134. (In Russ)

19. Voevodin V.A. Mathematical model for assessing the stability of functioning of an element of the information infrastructure of an automated control system exposed to information security threats. "Information Technologies", 2024; 30( 1): 23–31. DOI: 10.17587/it.30.23-31.

20. Voevodin V.A., Krakhotin N.A. Methods for Estimating the Connectivity of an Undirected Bipolar Labeled Graph with taking into account the destructive impact of external threats on its peaks. Herald of the Dagestan State Technical University. Technical Sciences. 2024; 51(1):46-60. DOI:10.21822/2073-6185-2024-51-1-46-6046 (In Russ)

21. Voevodin V .A. Model for assessing the functional stability of information infrastructure elements under conditions of exposure to multiple computer attacks. Computer Science and Automation. 2023; 22( 3):. 691–715. https:// DOI 10.15622/ia.22.3.8. (In Russ)

22. Voevodin V.A., Vinogradov I.V., Volkov D.I. On the assessment of the stability of the functioning of an informatization object under computer attacks with an exponential law of distribution of time before the enemy's impact and restoration of operability. Herald of the Dagestan State Technical University. Technical sciences. 2022; 49(3): 39-51. DOI: 10.21822/2073-6185-2022-49-3-39-51. (In Russ)

23. Certificate of state registration of the computer program No. 2023683185 of the Russian Federation. Program for calculating the survivability function of a graph of a two-pole structure exposed to information security threats. Certificate of state registration of the database No. 2024614666 dated. 02/28/2024. (RU). Bulletin № 3 02/28/2024. Voevodin V.A., Krakhotin N.A. (In Russ)

24. Khokhlachev E.N. Organization and technologies of decision-making in managing the communications system and troops. Part 2. Decision-making in restoring communications networks. M.: VA RVSN, 2009; 241. (In Russ)