=Paper=
{{Paper
|id=Vol-3309/short9
|storemode=property
|title=System for Determination of Legal Responsibility/Penalty for a Cybersecurity Breach
|pdfUrl=https://ceur-ws.org/Vol-3309/short9.pdf
|volume=Vol-3309
|authors=Tetiana Hovorushchenko,Alla Herts,Artem Boyarchuk,Olga Pavlova
|dblpUrl=https://dblp.org/rec/conf/ittap/HovorushchenkoH22
}}
==System for Determination of Legal Responsibility/Penalty for a Cybersecurity Breach==
https://ceur-ws.org/Vol-3309/short9.pdf
System for Determination of Legal Responsibility/Penalty for a
Cybersecurity Breach
Tetiana Hovorushchenkoa, Alla Hertsb, Artem Boyarchukc and Olga Pavlovaa
a
Khmelnytskyi National University, Institutska str., 11, Khmelnytskyi, 29016, Ukraine
b
Ivan Franko National University of Lviv, Universytetska str., 1, Lviv, 79000, Ukraine
c
Tallinna Tehhnikaülikool, Ehitajate tee 5, Tallinn, 12616, Estonia
Abstract
The conducted state-of-the-art on known solutions and decision support systems for
cybersecurity domain showed that none of the known solutions are intended for determination
of legal responsibility/penalty for a cybersecurity breach, although the need for such an
automated tool in cyber structures and cyber organizations is considerable. Therefore, it is
necessary to design and implement system for determination of legal responsibility/penalty for
a cybersecurity breach. The paper simulates the process of determination of legal
responsibility/penalty for a cybersecurity breach, which is the theoretical basis for developing
the system for determination of legal responsibility/penalty for a cybersecurity breach. The
authors have developed the system for determination of legal responsibility/penalty for a
cybersecurity breach, which forms a decision as to whether a person has committed a
cybersecurity breach(es). If the system establishes that a person has committed a cybersecurity
breach(es), the system forms a conclusion on legal responsibility/penalty for the committed
cybersecurity breach(es).
Keywords 1
Cybersecurity, cyber threat, cybersecurity breach, set of possible cybersecurity breaches,
responsibility/penalty for a cybersecurity breach.
1. Introduction
The peculiarity of digitalization of society is that the main type of activity is the collection,
accumulation, processing, production, storage, transfer and use of information. The main criteria for
the effectiveness of digitalization of society are: efficiency of information transfer and processing,
quality and quantity of available information, availability of information. So, to meet the requirements
of the time and information society, companies are forced to use a huge number of sources of
information in order to improve the results of their work [1-4].
The rapidly changing digital world requires the formation of a more balanced and effective
cybersecurity system that can flexibly adapt to changes in the security environment, guaranteeing the
safe functioning of cyberspace, foreseeing new opportunities for digitalization of all spheres of public
life.
Today, the amount of information is constantly growing, effective and safe information management
is becoming a critically important function, therefore the issue of information security is extremely
acute and relevant. Cyber weapons are currently weapons of mass destruction in terms of consequences
and effectiveness of use, so cybersecurity is currently a priority for many countries. The spread of cyber
threats to all spheres of life and the improvement of tools for their implementation necessitates a change
ITTAP’2022: 2nd International Workshop on Information Technologies: Theoretical and Applied Problems, November 22–24, 2022,
Ternopil, Ukraine
EMAIL: tat_yana@ukr.net (T. Hovorushchenko); agerc@ukr.net (A. Herts); a.boyarchuk@taltech.ee (A. Boyarchuk);
olya1607pavlova@gmail.com (O. Pavlova)
ORCID: 0000-0002-7942-1857 (T. Hovorushchenko); 0000-0002-3310-3159 (A. Herts); 0000-0001-7349-1371 (A. Boyarchuk), 0000-0003-
2905-0215 (O. Pavlova)
©️ 2022 Copyright for this paper by its authors.
Use permitted under Creative Commons License Attribution 4.0 International (CC BY 4.0).
CEUR Workshop Proceedings (CEUR-WS.org)
�in the strategy and tactics of combating them. The fastest possible detection of vulnerabilities and
cyberattacks, response and dissemination of information about them to minimize possible damage is
gaining importance.
The technical level of implementing cyber threats is increasing, new tools and mechanisms of
cyberattacks are constantly being improved and developed. No state today can be sure that its digital
infrastructure is fully protected and can withstand cyberattacks. Cyberattacks on digital resources of
critical infrastructure cause real threats to public safety, lead to human casualties, significant financial
losses, and significant reputational damage. The tendency to use cyberattacks as a tool for special
information operations, manipulation of public opinion, and influence on election processes is
increasing.
The specific weight of cyber threats is growing, and this trend will intensify in the next decade as
information technologies develop and converge with artificial intelligence technologies. The growth of
such influence on the functioning of both national and transnational management structures creates a
new security situation. The spheres of influence in cyberspace are being divided between the world's
power centers, and their desire to ensure the realization of their own geopolitical interests is increasing
due to such a division.
Today, when Russia's full-scale war against Ukraine is going on, Ukraine's cyber war with Russia
is going on in parallel, during which Ukraine has turned into a testing ground for Russian hackers.
Cyberspace, along with other physical spaces, is recognized as one of the theaters of war. According to
the State Service of Special Communications and Information Protection of Ukraine, in the first 4
months of the war, 796 cyberattacks were carried out on the digital infrastructure of Ukraine (179
cyberattacks on the digital resources of the government and local authorities, 104 cyberattacks on the
digital resources of the security and defense sector, 55 cyberattacks on digital resources of the financial
sector, 54 cyberattacks on digital resources of commercial organizations, 54 cyberattacks on digital
resources of the energy sector and 350 attacks on digital resources of other sectors). The most common
methods of cyberattacks were: collection of information by an attacker (242 cyberattacks), malicious
software code (192 cyberattacks), interference (92 cyberattacks), attempted interference (82
cyberattacks), accessibility violations (56 cyberattacks) [5].
So, at this moment, the actual task when using digital infrastructure is ensuring the cybersecurity,
which is one of the priorities in the national security system of Ukraine. Most of the countries of the
world apply complex measures to ensure cybersecurity – creation of structures responsible for ensuring
cybersecurity, development and improvement of normative legal acts in the field of cybersecurity [6].
In Ukraine, criminal and civil responsibility is provided for cybercrimes according to the Criminal
and Civil Codes of Ukraine, as well as according to the Law of Ukraine "On the Basic Principles of
Cybersecurity of Ukraine". In addition, on December 14, 2016, Ukraine signed the Agreement between
Ukraine and the European Police Office on operational and strategic cooperation in cybersecurity
domain. In the paper [7], the authors researched the legal and organizational principles of ensuring
cybersecurity in the modern conditions of the development of the information society, and also
developed a method and rules for forming a logical conclusion regarding legal responsibility in the field
of cybersecurity.
The system for determination of legal responsibility/penalty for a cybersecurity breach can
significantly increase the productivity of the cyber structures of Ukraine, which, based on the rules and
method proposed by the authors in [7], will determine the sanctions recommended for this or that
cybersecurity breach or a set of cybersecurity breaches. Designing such a system is the goal of this
study.
2. State-of-the-Art
Let’s conduct the state-of-the-art on known solutions and decision support systems for cybersecurity
domain.
Cybersecurity requirements are influenced by the range of stakeholders: board members and Chief
Information Security Officers (CISOs), managers, legal professionals. The paper [8] explores the effect
that different experience has on the quality of a team's cybersecurity decision-making.
� Assuring an organization's cybersecurity posture requires the active involvement of decision makers
at all levels, particularly strategic level decision makers. These leaders have the responsibility of
initiating security programs and are responsible for the security policy implementation. It is necessary
that such leaders being provided with the tools for strategic and security management responsibilities
[9].
Companies need to be cautious about confidence form consumers. The presence or absence of a
previous cybersecurity breach had a large impact on confidence to company, but a minimal impact on
intentions to be more secure [10].
International legal control of cyber operations emerges and develops through the optics of the law
of war. The paper [11] analyses three key dimensions of the relationship between the law of war and
general international law: systemic, conceptual, and teleological.
The study [12] employed Situational Crisis Communication Theory to address vulnerabilities and
capabilities when data breaches take effect at hospitality organizations.
The purpose of the study [13] is to examine and overcome the risks to take advantage of
opportunities through the Risky-Opportunity Analysis Method to increase the resilience of the system.
In [14] a structure for ensuring appropriate security, safety and privacy built into systems is
proposed. In this structure, enforcement can be achieved by incentives or penalties. Determining the
rules for optimization of the mix of penalties and incentives is a major goal of the paper [14].
The decision support system provides agility decisions for shortening the time a network is insecure
in the event of a cyberattack. In the paper [15] decision support system "Cyber Fighter Associate
(CyFiA)" is described for selecting the agility maneuvers with the purpose of containing and eliminating
a malicious infection in a mobile network.
In [16] the decision support system is represented aimed at suggesting to operators of critical
infrastructure the optimal configuration in terms of deployed security functions Ali ties. The decision
support system has an optimization framework on the basis of genetic algorithm for exploring the
solution space.
In the paper [17] the Information Security Maturity Model was proposed, that has four maturity level
– None, Initial, Basic and Capable. The model provides the guideline for better management of
information security and forms the best strategy for improving the overall information security state.
The information object cybersecurity operational management system is developed in [18] which is
based on the morphological approach. The developed system provides reducing the cost of development
of information security system and shortening the time for informing about information security
incidents.
The goal of [19] is the development of basis from which can be attack a realistic networking
environment where the intruder can bypass security measures thus exposing a vulnerability in the
environment.
In [20] the web-based multi-perspective decision support system is developed on the basis of the
multi-criteria decision framework with security and decision theory, which captures the complexity in
a multi-criteria security control selection decision problem.
In [21] the FUSE-IT project is developed intending to propose a new paradigm: the convergence of
monitoring on building and facilities, energy, cyber and physical security, and information technologies
for leveraging the critical sites activities and detection of threats.
The paper [22] provides the analysis of mathematical models for choosing the investment strategies
in cybersecurity systems of informatization objects in educational information systems. It is proposed
to use the models on the basis of game theory as a basic mathematical model for such cybersecurity
system.
In [23] a Nature-inspired Decision Support System for Secure Clustering (NIDSC), which classifies
each node as either legitimate or attacker, is proposed for overcoming the security issues with minimum
consumptions of resources and minimal computational overhead.
Authors of [24] developed a board game that simulates real-life environment and shows the
challenges of organizations’ decision-making processes driving cyber-security strategy.
In [25] software is developed intending for supporting the cyber risks and cyber threats analysis of
the information and communications technological infrastructure, and for support decision-making
about prevention measures.
� The conducted state-of-the-art on known solutions and decision support systems for cybersecurity
domain showed that none of the known solutions are intended for determination of legal
responsibility/penalty for a cybersecurity breach, although the need for such an automated tool in cyber
structures and cyber organizations is considerable. Therefore, it is necessary to design and implement
system for determination of legal responsibility/penalty for a cybersecurity breach.
3. Modeling of the Process of Determination of Legal Responsibility/Penalty
for a Cybersecurity Breach
Let CSB is the set of cybersecurity breaches committed by a person (such a set can consist of one
element or be empty).
In order to form a conclusion on the commitment of a cybersecurity breach and determining the
responsibility/penalty for it, it is necessary to check whether a person has committed cybersecurity
breaches, that is, whether there are elements in the set of cybersecurity breaches committed by a person,
therefore the criterion for the presence of a cybersecurity breach will be as follows:
if CSB = , then the person did not commit cybersecurity breaches;
if CSB ≠ , then the person has committed a cybersecurity breach(es). In this case, the legal
responsibility/penalty for the committed cybersecurity breach(es) should be determined
according to the rules for forming a logical conclusion regarding legal responsibility in the field
of cybersecurity, developed by the authors in [7].
Taking into account the rules for forming a logical conclusion regarding legal responsibility in the
field of cybersecurity developed by the authors in [7], the set of possible cybersecurity breaches that
involve legal responsibility/penalty has the following form:
PCSB { uai , ri , pcg , csd , cds, udi , ucdb, uci, vor , dmdm } , (1)
where uai – “unauthorized intervention in the operation of computers, their systems and networks,
which led to the loss, leakage, blocking, falsification of information”, ri – “repeat commission of the
breach”, pcg – “prior conspiracy of a group of persons”, csd – “causing significant damage (100 or
more times greater than the tax-free minimum)”, cds – “creation, distribution, sale of malicious tools
for unauthorized interference in the operation of computers, their systems and networks”, udi –
“unauthorized distribution of information with limited access (according to the current legislation),
which is stored in computers, their systems and networks”, ucdb – “unauthorized change, blocking,
destruction of information”, uci – “unauthorized copying, interception of information, which led to
information leakage”, vor – “violation of the rules of operation of computers, their systems and
networks or the rules of information protection”, dmdm – “deliberate mass distribution of messages that
led to the failure or termination of the operation of computers, their systems and networks”.
Taking into account the developed criterion for the presence of a cybersecurity breach and the set of
possible cybersecurity breaches that involve legal responsibility/penalty (equation (1)), let's perform
modeling of the process of determination of legal responsibility/penalty for a cybersecurity breach.
If CSB is the set of cybersecurity breaches committed by a person (such a set can consist of one
element or be empty), then:
CSB PCSB RCSB , (2)
where RCSB is the set of breaches committed by a person.
The general rule for making a decision on the determination of responsibility/penalty for a
cybersecurity breach is as follows:
If CSB
then " person didn' t commit cyber sec urity breaches" . (3)
else " person has committed cyber sec urity breach(es) and should be held legally responsible / punished"
The conducted modeling of the process of determination of legal responsibility/penalty for a
cybersecurity breach is the theoretical basis for developing the system for determination of legal
responsibility/penalty for a cybersecurity breach.
�4. System for Determination of Legal Responsibility/Penalty for a
Cybersecurity Breach
Taking into account the results of the analysis of the legal and organizational foundations of
cybersecurity provided by the authors in [7], as well as the modeling of the process of determination of
legal responsibility/penalty for a cybersecurity breach carried out in chapter 3 of this paper, let's develop
the system for determination of legal responsibility/penalty for a cybersecurity breach – Fig. 1.
Figure 1: Structure of the system for determination of legal responsibility/penalty for a cybersecurity
breach
� The main source of information is a set RCSB of breaches committed by a person. Breaches
committed by a person are analyzed by the system for the purpose of searching for cybersecurity
breaches (for the purpose of searching for the values of the elements of the set PCSB of possible
cybersecurity breaches). On the basis of this semantic analysis, a set CSB of cybersecurity breaches
committed by a person is formed (such a set can consist of one element or be empty), according to
equation (2) – if the value of an element of the set PCSB of possible cybersecurity breaches is found
among the values of the elements of the set RCSB of breaches committed by a person, then this value
is entered in the set CSB of cybersecurity breaches committed by the person.
All sets (RCSB, PCSB, CSB) are entered in the data section of the knowledge base. The rule section
of the knowledge base contains the rules for forming a logical conclusion regarding legal responsibility
in the field of cybersecurity developed by the authors in [7], as well as the general rule for making a
decision on the determination of responsibility/penalty for a cybersecurity breach (equation (3)).
Taking into account the presence/absence of elements in the set CSB of cybersecurity breaches
committed by the person, a decision is made whether the person has committed a cybersecurity
breach(es). If CSB = , then the person did not commit cybersecurity breaches. If CSB ≠ , then the
person has committed a cybersecurity breach(es). In this case, one should perform the analysis of the
rules for forming a logical conclusion regarding legal responsibility in the field of cybersecurity,
developed by the authors in [7], using the method of carrying out a search in width in the direct direction,
on the basis of which to determine the legal responsibility/penalty for the committed cybersecurity
breach(es).
So, the system for determination of legal responsibility/penalty for a cybersecurity breach is
developed, which forms a decision as to whether a person has committed a cybersecurity breach(es). If
the system establishes that a person has committed a cybersecurity breach(es), the system forms a
conclusion on legal responsibility/penalty for the committed cybersecurity breach(es).
5. Results & Discussion
Let's consider examples of the operation of the proposed system for determination of legal
responsibility/penalty for a cybersecurity breach.
For the first example, we have the following set of breaches committed by the Person1 RCSB1 =
{“unauthorized copying, interception of information, which led to information leakage”, “repeat
commission of the breach”, “breach of hunting rules”, “breach of traffic rules”}. Breaches committed
by a person are analyzed by the system for the purpose of searching for cybersecurity breaches (for the
purpose of searching for the values of the elements of the set PCSB of possible cybersecurity breaches).
On the basis of such semantic analysis, a set of cybersecurity breaches committed by a person is formed
– for the first example CSB1 = {“unauthorized copying, interception of information, which led to
information leakage”, “repeat commission of the breach”}.
Given the presence/absence of elements in the set CSB of cybersecurity breaches committed by the
person, a decision is made whether the person has committed a cybersecurity breach(es). Since CSB1
≠ , then the Person1 has committed a cybersecurity breach(es). In this case, the system, as a result of
the analysis of the rules for forming a logical conclusion regarding legal responsibility in the field of
cybersecurity, developed by the authors in [7], using the method of carrying out a search in width in the
direct direction, determined the legal responsibility/penalty for the committed cybersecurity breach(es)
– according to rule 10, Person1 should be punished with deprivation of liberty for a period of three to
six years with deprivation of the right to hold certain positions or engage in certain activities for a period
of up to three years.
For the second example, we have the following set of breaches committed by the Person2 RCSB2 =
{"violation of public order", "violation of curfew", "drinking alcoholic beverages on the playground"}.
Breaches committed by a person are analyzed by the system for the purpose of searching for
cybersecurity breaches (for the purpose of searching for the values of the elements of the set PCSB of
possible cybersecurity breaches). On the basis of such semantic analysis, a set of cybersecurity breaches
committed by a person is formed – for the second example CSB2 = .
� Given the presence/absence of elements in the set CSB of cybersecurity breaches committed by the
person, a decision is made whether the person has committed a cybersecurity breach(es). Since CSB2
= , then the Person2 did not commit cybersecurity breaches.
The considered examples of the operation of the proposed system for determination of legal
responsibility/penalty for a cybersecurity breach showed that the proposed system can significantly
increase productivity and facilitate the work of cyber structures of Ukraine by determining whether a
person has committed a cybersecurity breach, as well as determining the sanctions recommended by
the current legislation of Ukraine this or that cybersecurity breach(es), if the system has determined that
a cybersecurity breach(уі) has been committed.
6. Conclusions
At this moment, the actual task when using digital infrastructure is ensuring the cybersecurity, which
is one of the priorities in the national security system of Ukraine. The system for determination of legal
responsibility/penalty for a cybersecurity breach can significantly increase the productivity of the cyber
structures of Ukraine, which will determine the sanctions recommended for this or that cybersecurity
breach or a set of cybersecurity breaches.
The conducted state-of-the-art on known solutions and decision support systems for cybersecurity
domain showed that none of the known solutions are intended for determination of legal
responsibility/penalty for a cybersecurity breach, although the need for such an automated tool in cyber
structures and cyber organizations is considerable. Therefore, it is necessary to design and implement
system for determination of legal responsibility/penalty for a cybersecurity breach.
The paper simulates the process of determination of legal responsibility/penalty for a cybersecurity
breach, which is the theoretical basis for developing the system for determination of legal
responsibility/penalty for a cybersecurity breach.
The authors have developed the system for determination of legal responsibility/penalty for a
cybersecurity breach, which forms a decision as to whether a person has committed a cybersecurity
breach(es). If the system establishes that a person has committed a cybersecurity breach(es), the system
forms a conclusion on legal responsibility/penalty for the committed cybersecurity breach(es).
7. References
[1] T. Hovorushchenko, O. Pavlova, D. Medzatyi. Ontology-Based Intelligent Agent for
Determination of Sufficiency of Metric Information in the Software Requirements. Advances in
Intelligent Systems and Computing 1020 (2020) 447-460. doi: 10.1007/978-3-030-26474-1_32.
[2] T. Hovorushchenko, O. Pomorova. Ontological Approach to the Assessment of Information
Sufficiency for Software Quality Determination. CEUR-WS 1614 (2016) 332–348.
[3] O. Pomorova, T. Hovorushchenko. The Way to Detection of Software Emergent Properties, in
Proceedings of the 2015 IEEE 8-th International Conference on Intelligent Data Acquisition and
Advanced Computing Systems: Technology and Applications (IDAACS), 2015, vol. 2, p. 779-
784. doi: 10.1109/IDAACS.2015.7341409.
[4] T. Hovorushchenko, O. Pomorova. Information Technology of Evaluating the Sufficiency of
Information on Quality in the Software Requirements Specifications CEUR-WS 2104 (2018) 555-
570.
[5] How russian cyberattacks changed during the war, 2022. URL: https://www.ukrinform.ua/rubric-
technology/3518528-ak-zminilisa-rosijski-kiberataki-pid-cas-vijni.html.
[6] 33 Alarming Cybercrime Statistics You Should Know in 2019, 2019. URL:
https://www.thesslstore.com/blog/33-alarming-cybercrime-statistics-you-should-know/.
[7] T. Hovorushchenko, A. Herts, O. Pavlova. Method of Forming a Logical Conclusion about Legal
Responsibility in the Cybersecurity Domain. CEUR-WS 2732 (2020) 128-135.
[8] B. Shreeve, J. Hallett, M. Edwards, K. Ramokapane, R. Atkins, A. Rashid. The Best Laid Plans or
Lack Thereof: Security Decision-Making of Different Stakeholder Groups. IEEE Transactions on
Software Engineering 48 5 (2022) 1515-1528. doi: 10.1109/TSE.2020.3023735.
�[9] F. Garcia-Granados, H. Bahsi. Cybersecurity Knowledge Requirements for Strategic Level
Decision Makers, in: Proceedings of 15th International Conference on Cyber Warfare and Security
(ICCWS), Norfolk, 2020, pp. 559-568. doi: 10.34190/ICCWS.20.102.
[10] S. Curtis, J. Carre, D. Jones. Consumer security behaviors and trust following a data breach.
Managerial Auditing Journal 33 4 (2018) 425-435. doi: 10.1108/MAJ-11-2017-1692.
[11] K. Macak. From the Vanishing Point Back to the Core: The Impact of the Development of the
Cyber Law of War on General International Law, in: Proceedings of 9th International Conference
on Cyber Conflict - Defending the Core (CyCon), Tallinn, 2017, pp. 135-148. doi:
10.23919/CYCON.2017.8240333.
[12] H. Chen, T. Jai. Cyber alarm: Determining the impacts of hotel's data breach messages.
International Journal of Hospitality Management 82 (2019) 326-334. doi:
10.1016/j.ijhm.2018.10.002.
[13] A. Ardebili, E. Padoano, A. Longo, A. Ficarella. The Risky-Opportunity Analysis Method
(ROAM) to Support Risk-Based Decisions in a Case-Study of Critical Infrastructure Digitization.
Risks 10 3 (2022) No 48. doi: 10.3390/risks10030048.
[14] C. Axelrod. Enforcing Security, Safety and Privacy for the Internet of Things, in: Proceedings of
IEEE Long Island Systems, Applications and Technology Conference (LISAT), Long Island,
2015, pp. 1-6. doi: 10.1109/LISAT.2015.7160214.
[15] C. Huber, P. McDaniel, S. Brown, L. Marvel. Cyber Fighter Associate: A Decision Support System
for Cyber Agility, in: Proceedings of 50th Annual Conference on Information Science and Systems
(CISS), Princeton, 2016, pp. 198-203. doi: 10.1109/CISS.2016.7460501.
[16] A. Tortorelli, A. Fiaschetti, R. Germana, A. Giuseppi, V. Suraci, A. Andreani, F. Delli Priscoli. A
decision support tool for optimal configuration of critical infrastructures. International Journal of
Critical Infrastructures 18 2 (2022) 105-127. doi: 10.1504/IJCIS.2022.10033792.
[17] S. Yulianto, C. Lim, B. Soewito. Information Security Maturity Model a Best Practice Driven
Approach to PCI DSS Compliance, in: Proceedings of IEEE Region 10 Symposium (TENSYMP),
2016, Indonesia, pp. 65-70. doi: 10.1109/TENCONSpring.2016.7519379.
[18] V. Lakhno, A. Petrov, A. Petrov. Development of a Support System for Managing the Cyber
Security of Information and Communication Environment of Transport. Advances in Intelligent
Systems and Computing 656 (2018) 113-127. doi: 10.1007/978-3-319-67229-8_11.
[19] B. Sassani, R. Choque, B. Paul, F. Mehdipour. Commercial Security Scanning: Point-on-Sale
(POS) Vulnerability and Mitigation Techniques, in: Proceedings of IEEE 17th International
Conference on Dependable, Autonomy and Secure Computing / IEEE 17th International
Conference on Pervas Intelligence and Computing / IEEE 5th International Conference on Cloud
and Big Data Computing / IEEE 4th Cyber Science and Technology Congress
(DASC/PiCom/CBDCom/CyberSciTech), Fukuoka, 2019, pp. 493-498. doi:
10.1109/DASC/PiCom/CBDCom/CyberSciTech.2019.00099.
[20] O. El-Gayar, B. Fritz. A web-based multi-perspective decision support system for information
security planning. Decision Support Systems 50 1 (2020) 43-54. doi: 10.1016/j.dss.2010.07.001.
[21] H. Pouyllau, B. Istasse, S. Ahvar, N. Crespi, I. Praca, S. Garcia-Rodriguez, E. Mengusoglu. FUSE-
IT: Enhancing Critical Site Supervision with Cross-Domain Key Performance Indicators, in:
Proceedings of Global Information Infrastructure and Networking Symposium (GIIS), Porto, 2016,
pp. 1-6. doi: 10.1109/GIIS.2016.7814850.
[22] B. Akhmetov, V. Lakhno, A. Adranova, L. Kydyralina, L. Pliska. Bulletin of The National
Academy of Sciences of the Republic of Kazakhstan 1 (2020) 128-139. doi: 10.32014/2020.2518-
1467.16.
[23] S. Qureshi, S. Shandilya. Nature-inspired adaptive decision support system for secured clustering
in cyber networks. Multimedia Tools and Applications (2022). doi: 10.1007/s11042-022-13336-7.
[24] S. Zeijlemaker, E. Rouwette, G. Cunico, S. Armenia, M. Von Kutzschenbach. Decision-Makers'
Understanding of Cyber-Security's Systemic and Dynamic Complexity: Insights from a Board
Game for Bank Managers. Systems 10 2 (2022) No 49. doi: 10.3390/systems10020049.
[25] G. Roldan-Molina, M. Almache-Cueva, C. Silva-Rabadao, I. Yevseyeva, V. Basto-Fernandes. A
Decision Support System for Corporations Cybersecurity Management, in: Proceedings of 12th
Iberian Conference on Information Systems and Technologies (CISTI), Lisbon, 2017, pp. 1-6. doi:
10.23919/CISTI.2017.7975826.
�