Безопасность информационных технологий (Jun 2019)
Development of algorithm for assessment risk of cyber attacks in electronic banking
Abstract
The main task of bank risk management is to streamline banking business processes. This subject arises from the need to study assessment of risk of cyberattacks impact on e-banking systems. The purpose of this paper is to formalize the algorithm for assessing risk of cyberattacks impact in organizations of credit and financial sphere. The problems solved in this work are aimed at improving the development of risk assessment for addressing of existing and potential challenges and considering the new systems and innovations that have already arrived in our lives as well as those are coming. The definition of risk of cyberattacks impact on e-banking systems is formulated. Attention is given to employ mathematical models for evaluating the effectiveness of information security management system (ISMS). Some methods of risk assessment are discussed, also considering the ever-increasing computational capabilities and cyberattacks accessibility. The paper analyzes the calculation of capital requirements reserved to cover losses in the course of the Bank's operations, proposed by the agreement of the Basel Committee on banking supervision (Basel II). The options of quantitative risk assessment by different experts are considered. It describes in detail the quantitative assessment of the effectiveness of cyber weapons, which depends on the circumstances aggravating the responsibility of the attacker. The purpose of risk assessment is to provide objective information necessary to make a decision on risk treatment. Conclusions are drawn about the excesses of the safety function, which reduce the quality of safety. Examples of rudimentary components of ISMS are given. The differences between the non-embossed plastic card "The Golden crown" and the cards of other payment systems are emphasized. In conclusion, it is said about the construction of the management structure. The results of the work can be used for more detailed studies of the risk of cyberattacks impact inherent in electronic banking.
Keywords
