Method for managing IT incidents in critical information infrastructure facilities ⋆ Sergiy Gnatyuk1,†, Viktoria Sydorenko1,†, Artem Polozhentsev1,*,† and Volodymyr Sokolov2,† 1 National Aviation University, 1 Liubomyra Huzara ave., 03058 Kyiv, Ukraine 2 Borys Grinchenko Kyiv Metropolitan University, 18/2 Bulvarno-Kudryavska str., 04053 Kyiv, Ukraine Abstract Protecting Critical Information Infrastructure (CII) is essential in today’s digitized world, where the growing number of cyber threats poses significant risks to national security, the economy, and public safety. CII includes vital sectors such as energy, transport, finance, and healthcare. Disruptions to these systems can have serious consequences, requiring effective identification, assessment, and management of IT threats. Despite the importance of IT security to CII, existing methods for managing IT threats remain underdeveloped. This paper presents a novel method for IT incident management in CII, combining the STRIDE model and TODIM multi-criteria decision-making. The method is designed to identify, assess, and prioritize threats, taking into account the criticality of CII objects at different levels. Through experimental validation, this method demonstrates its ability to improve CII security by providing a systematic approach to prioritizing and managing IT threats. This study provides a practical solution for improving CII protection against evolving cyber risks. Keywords critical infrastructure, critical information infrastructure facilities, cybersecurity, incident management, STRIDE, TODIM 1 1. Introduction and public welfare. To effectively protect CII, it is necessary to properly identify, assess and manage IT threats, Protecting critical infrastructure facilities is one of the most especially in the context of limited defense resources. This important tasks for organizations and governments in highlights the important scientific task of developing and today’s digitized world. The growing number of cyber implementing an effective method for managing IT threats associated with the development of information incidents in CII facilities (CIIF). technologies has increased the need to implement reliable Despite the importance of ensuring the IT security of security measures. Critical Information Infrastructure (CII) CII, there is currently a lack of scientific research on the includes systems and networks that are vital to the development and implementation of IT threat management functioning of society in the areas of energy, transport, methodologies, both internationally and domestically finance, communications, and healthcare [1, 2]. (Fig. 1) [2]. However, during the analysis, the authors The failure or compromise of such components can have examined threat management approaches in various areas serious consequences for national security, the economy of CII. Figure 1: The process of IT Incident Management CPITS-II 2024: Workshop on Cybersecurity Providing in Information 0000-0003-4992-0564 (S. Gnatyuk); and Telecommunication Systems II, October 26, 2024, Kyiv, Ukraine 0000-0002-5910-0837 (V. Sydorenko); ∗ Corresponding author. 0000-0003-0139-0752 (A. Polozhentsev); † These authors contributed equally. 0000-0002-9349-7946 (V. Sokolov) s.gnatyuk@nau.edu.ua (S. Gnatyuk); © 2024 Copyright for this paper by its authors. Use permitted under Creative Commons License Attribution 4.0 International (CC BY 4.0). v.sydorenko@ukr.net (V. Sydorenko); artem.polozhentsev@nau.edu.ua (A. Polozhentsev); v.sokolov@kubg.edu.ua (V. Sokolov) CEUR Workshop ceur-ws.org ISSN 1613-0073 326 Proceedings 2. Literature review 3. Analysis of international In studies [4–6], the authors developed an algorithm for methodologies for IT threat assessing cybersecurity threats to Learning Management modeling Systems (LMS). By combining the STRIDE model with the TODIM multi-criteria decision support method and Since the preliminary analysis of existing studies on the providing fuzzy sets, they evaluated LMS platforms, namely identification, assessment, and management of IT threats Moodle, Atutor, and Ilias. The study involved three cyber did not allow the identification of a formalized approach, the security experts who assessed security using linguistic authors decided to develop their method for the variables, demonstrating the effectiveness of the algorithm management of IT threats for CIIF. in detecting and ranking cyber threats in LMS This requires conducting additional analysis of the environments. This study is particularly relevant for effectiveness of international practices and threat modeling cybersecurity professionals responsible for the security of methodologies according to the following criteria Ease of educational technologies and provides a methodology that Use (EU)—an assessment of the ease of use of the method in can be used to strengthen the security of LMSs. practice, Comprehensiveness (CM)—the extent to which the In article [7], the authors explore the application of the method covers all aspects of IT threat management, STRIDE model for assessing cybersecurity threats in the Integration with other systems (IS)—the extent to which the critical infrastructure transportation industry. The article method allows integration with other security and highlights how the integration of STRIDE with the Hazard management systems, CI focus (CI)—if the method takes Analysis and Risk Assessment (HARA) method, called the into account the specifics of the ICS, Objectivity (OB)—the SAHARA approach, provides a comprehensive framework extent to which the method reduces subjectivity in the for assessing security risks in the early stages of decision-making process, Time to Use (ET)—the time development. This combined approach enables security required to apply the method. threats to be identified and categorized, ensuring that The STRIDE threat classification methodology [12] is a appropriate countermeasures are implemented to protect popular security threat analysis tool developed by automotive systems from advanced cyber-attacks, thereby Microsoft. The acronym stands for Spoofing, Tampering, supporting consistent and secure product development Repudiation, Information disclosure, Denial of service, and throughout the lifecycle. Elevation of privilege. This methodology helps identify The study [8] addresses the issues of improving security vulnerabilities in information systems, allowing developers and privacy, as well as the vulnerability of 5G networks, and security professionals to take proactive measures to with a focus on CI protection. Despite advances over eliminate them. The benefits of STRIDE include its previous generations, 5G networks still have technical comprehensiveness in covering a wide range of threats, its security weaknesses that can be exploited. The paper uses clarity and structure with clearly defined threat categories, the STRIDE threat classification model to identify and and its ability to integrate with other security analyze eleven threat scenarios in the 5G ecosystem, methodologies and tools. However, in-depth knowledge of highlighting the importance of implementing robust IT security is required to use this methodology effectively. security measures to mitigate these risks. The National Institute of Standards and Technology’s The study [9] described that critical infrastructure and NIST SP 800-30 [13] standard provides a comprehensive industrial control systems are complex cyber-physical approach to identifying, assessing, and managing risk while systems. Ensuring the reliable operation of such systems taking into account the specifics of an organization’s requires comprehensive threat modeling during system processes and assets. The key benefits of NIST SP 800-30 are design and validation. Also, the following articles [10, 11] a comprehensive approach that covers all stages of risk present a comprehensive threat modeling methodology management, from threat identification to response strategy using STRIDE, a systematic approach to ensuring system development, and the recognition of the standard in many security at the component level. The methodology is applied organizations. However, implementation of this standard to a real-world testbed of a synchronous isolated system can require significant resources and time and can be based on a synchro phasor. The study identifies the types of difficult for small organizations due to limited resources. threats that can occur in each component of the system and The international standard ISO/IEC 27005 [14] provides how vulnerabilities in one component can compromise the guidance on information security risk management and security of the whole system. STRIDE has proven to be a provides a structured approach to identifying, assessing, simple and effective threat modeling methodology that and managing risks. The advantages of ISO/IEC 27005 are simplifies the task for security analysts. its consistency with other ISO standards, which allows risk It has been found that there is currently no implemented management to be integrated into an organization’s overall method that would allow effective management of IT management system and its structured approach. threats for CII. Therefore, the development of such a method Disadvantages include the resources required to implement is extremely necessary to ensure a more reliable protection the standard and its complexity for small organizations, against potential IT threats and to increase the level of which may find it difficult to implement. security of Critical Information Systems (CIS). Thus, the The OCTAVE (Operationally Critical Threat, Asset, and purpose of this paper is to develop and experimentally study Vulnerability Evaluation) methodology [15, 16] is designed a method for managing IT threats for CII. to assess and manage information security risks by focusing on an organization’s critical assets. It allows you to identify and protect the organization’s most important assets and 327 perform a self-assessment using internal resources. overall business objectives of the organization, and a However, OCTAVE requires significant involvement of comprehensive approach that covers all aspects of IT staff at all levels of the organization and can be difficult to management. However, implementing a framework can be coordinate in large organizations. resource-intensive, and small organizations may face The Control Objectives for Information and Related difficulties due to insufficient resources for full Technologies (COBIT) framework [17] is an IT governance implementation. framework that includes risk management aspects and Table 1 compares approaches to prioritize IT threats ensures the integration of IT with business objectives. The according to the following criteria: EU is ease of use, CM is benefits of COBIT include integration with business complexity, IS is integration with other systems, CI is focus processes, which helps to align IT management with the on CI, OB is objectivity, and ET is time to application. Table 1 IT Threat prioritization approaches EU CM IS CI OB ET STRIDE + + + - + + NIST SP 800-30 - + - + - - ISO/IEC 27005 - + + - - + OCTAVE - + - - + + COBIT - + - + - + Based on the analysis of these criteria, the STRIDE approach TODIM [21] is a multicriteria decision analysis method is a highly effective and comprehensive approach to based on the prospect theory of Daniel Kahneman and identifying IT threats. Its clear structure, ability to integrate Amos Tversky. The method uses the principles of utility with other methods, and emphasis on different types of theory to model the preferences of a decision-maker under threats make it an ideal tool for improving the security of conditions of uncertainty and associated risks. The main information systems. STRIDE enables organizations not steps of the method include identifying criteria and only to identify threats, but also to assess their criticality, alternatives, evaluating alternatives for each criterion, develop appropriate protection methods, and ensure a assigning weights to the criteria, calculating the dominance comprehensive approach to risk management. of each alternative over the others based on the weights, using a prospective value function to account for risk 4. Analysis of decision-making attitudes, summing the prospective values to obtain a utility score, and selecting the alternative with the highest utility methods score. The method incorporates risk and uncertainty and is To prioritize IT threats, it is necessary to consider decision- intuitive, but requires complex calculations and subjective making methodologies—approaches that help to analyze judgement of weights. complex problems and select the best course of action, The Technique of Options Selection and Review taking into account various possible alternatives. These (TOPSIS) [22] determines the optimal alternative by methods include a range of techniques and tools to help selecting the alternative closest to the ideal point. The evaluate different parameters and weight criteria to arrive method takes into account the distances to the ideal (best) at an objective, balanced decision [18]. and anti-ideal (worst) solutions. TOPSIS is easy to The Analytic Hierarchical Process (AHP) [19], implement and clearly identifies the best alternative, but it developed by Thomas Saaty in the 1980s, helps to break is sensitive to the relative values of the criteria and can be down a decision problem into a hierarchy of smaller influenced by incorrect scaling. components, including objectives, criteria, sub-criteria, and Table 2 shows a comparison of the decision methods alternatives. By using mathematical principles to evaluate that can be used to assess IT threats. The analysis is based the importance of criteria and select the best option [20], on the following criteria CI—CI applicability, FL—flexibility, AHP is intuitive and able to combine quantitative and SC—scalability, CR—risk and uncertainty consideration, qualitative criteria. However, the method can be subject to EU—ease of use. subjectivity in weighting and requires a significant amount of time and data for analysis. Table 2 Analysis of multi-criteria decision-making methods CI FL SC CR EU AHP + + + - + TODIM + + + + + TOPSIS - - + - + Based on the analysis of these criteria, the TODIM approach an important aspect of CII, and demonstrates a high degree is the most suitable for use in the area of CII. The method of flexibility in considering different criteria. effectively takes into account risk and uncertainty, which is 328 5. Method for managing IT incidents where vkj is the evaluation of criterion k by expert j, n is the number of experts. in critical information Next, at this stage, a vector of weighting coefficients infrastructure facilities should be created and calculated by normalizing the average geometric scores: The method developed by the authors consists of 7 stages, W  (W1 ,W2 ,,Wn )T (5) each of which is described in more detail below. Step 1: Identification of IT threats to CII. where Wi is the weighting factor for each criterion i. The identification of IT threats is an important stage in W the process of managing IT threats to CII. The purpose of W jr  n j (6) this stage is to identify potential threats that could affect the Wr r 1 normal operation of critical information systems. At this where Wj is the geometric mean for criterion j, Wr is the sum stage you can select threats according to various of geometric means for all criteria. international approaches such as STRIDE, NIST SP 800-30, Step 5. Perform pairwise comparisons of alternative ISO/IEC 27005, OCTAVE, or COBIT, depending on the threats to CII. characteristics of the CII. The set of potential IT threats is In a pairwise comparison, the dominance of each threat called the Ui set: over the others is determined using a prospective value Ui  {U1 ,U 2 ,,U n } (1) function that takes into account the weights of the criteria where Ui is a set of identified potential IT threats, and the ratings of the alternatives for each criterion. U1 ,U 2 ,,U n are potential IT threats.  U i , k U j , k  Dom(U i ,U j , k )  k   , (7) Step 2: Define criteria for evaluating IT threats to CII.  1  a  U , k   j  For each threat Ui and each criterion k, let’s introduce a where Ui and Uj are the threats to be compared; k is the set of evaluation criteria K: criterion by which the comparison is made; Wk is the weight K  {k1, k2 ,, km} (2) of the criterion; vUi,k and vUj,k are the threat ratings by the where K is a set of criteria against which IT threats are criterion; α is a parameter reflecting the attitude toward assessed, k1 , k2 ,, km —are specific assessment criteria. risk. Each potential threat Ui should be assessed against Consideration of CI Categories criteria K to determine its impact and priority. According to the Law of Ukraine “On Critical Step 3. Collect and normalize data on IT threats to CII. Infrastructure” [23], in particular, Article 10 “Categorization At this step, it is necessary to collect, assess, and of CI”, CI are divided into categories depending on their normalize data on IT threats to CII. This process ensures an importance and potential impact on the security of the state objective and balanced approach to threat assessment. Each or region. The introduction of the criticality variable C threat Ui is evaluated according to the defined criteria K. For allows the integration of these categories as additional example, experts may evaluate the likelihood of a threat criteria into the multicriteria analysis according to the occurring, the potential damage, the complexity of developed method, which increases the accuracy of the implementation, etc. Each evaluation criterion k has a assessment of the potential impact of threats on different corresponding weight. Each evaluation criterion k has a levels of criticality. corresponding weighting factor wk, where the sum of all The criticality variable C takes values from 1 to 4, coefficients is 1: reflecting the level of criticality of the infrastructure object: K Category I (C=1): Critical facilities of national importance.   1, k (3) Disruption of their functioning can cause a national crisis. k 1 Category II (C=2): Critical facilities whose disruption could where K is the total number of criteria, wk is the weighting cause a regional crisis. Category III (C=3): Critical facilities factor for criterion k. whose disruption could cause a local crisis. Category IV Step 4. Determine the weight of the CII IT threat criteria. (C=4): Essential facilities whose disruption could cause a Determining the weighting factors for each IT threat local crisis. assessment criterion is an important step that allows you to Step 6. Obtain an integrative assessment of alternative IT consider the relative importance of different aspects of the threats to CII. threat. This helps to ensure objectivity and balance in the IT At this stage, it is necessary to calculate the value of the threat assessment process. Each criterion is rated on a pre- future value to obtain a utility score for each threat. determined scale. In their paper, the authors suggest using K a scale of 1 to 5, with 5 being the highest probability, Score(U i )   Dom(U i ,U j , k ) (8) j  i k 1 damage, or complexity and 1 being the lowest. This scale is intuitive and easy to use, which simplifies the assessment where Score(Ui) is the integrative utility score for threat a, process for experts. For each criterion, we calculate the Ui and Uj are the threats being compared, k is the criterion average of the geometric scores provided by the experts as by which the comparison is made, and Dom(Ui, Uj,k) is the follows: prospective value function for determining the dominance n of each threat over the others. k  ( k j )1/ n (4) Step 7. Prioritize and make decisions about IT threats to j 1 CII. 329 At this step, it is necessary to prioritize the identified IT gain administrator privileges in health threats and make appropriate decisions on actions to management systems and abuse those privileges. eliminate or minimize them. This should be done by calculating the relative importance of each threat and Step 2: Define Criteria for Assessing IT Threats to CII ranking them based on the estimates obtained. This stage involves a detailed definition of the criteria Score(U i ) for assessing each IT threat to CII. The evaluation criteria p (U i )  n are key parameters that allow a comprehensive analysis of (9)  Score(U i ) i 1 threats and prioritization for further management. For each IT threat Ui and each criterion k, it is proposed to apply the where p(Ui ) is the relative importance of each potential IT following parameters according to (1, 2): threat, and Score(Ui) is an integrative assessment of the utility for threat a.  Threat Probability (TP): An estimate of the Next, the IT threats should be ranked from highest to likelihood that a specific IT threat will occur. This lowest. Threats with the highest scores are the most critical allows you to determine how often the threat can and require priority response. Based on the results of the be expected to occur. threat ranking, decisions are made on the necessary  Potential damage from the threat (P): An estimate measures to eliminate or minimize each threat. Measures of the potential damage that could be caused to CII may be technical, organizational, or procedural. if the threat is realized. Both financial loss and potential impact on the security and operation of 6. Experimental Study of the Method the system are considered.  Threat complexity (C): An assessment of the of IT Incident Management in CII technical difficulty of implementing the threat by Let’s apply this method to the CII sector “Digital attackers. This includes an analysis of the Technologies”, namely the sub-sector “Electronic knowledge, tools and resources required to carry Communications”, according to [24–26]. out the attack. Step 1: Identification of IT threats to CII According to the STRIDE methodology, and analyzed Properly defining the criteria allows for a deeper and studies [10–12, 27], the following IT threats were identified more comprehensive threat analysis, increasing the to improve the IT security of CII: effectiveness of risk management and CII protection. The optimal number of criteria for assessing IT threats to CII  Spoofing. The threat of interfering with the system depends on the complexity of the problem and the data by using false data or identity to gain unauthorized available. According to [14, 28], the use of 3–7 criteria is access. For example, a hacker could use forged standard practice to ensure a comprehensive analysis. This certificates to gain access to an energy company’s allows different aspects of threats and risks to be considered network. and provides a balanced approach to CII protection  Tampering. Making unauthorized changes to data decision-making. or system configurations. This can include Step 3. Collect and normalize IT threat data for CII changing logical control commands to OCI, which This stage involves a detailed process of collecting, can lead to physical failures. assessing, and normalizing IT threat data for CII. An  Repudiation. The inability to trace or prove that a important part of this phase is to determine the weighting user’s actions were performed. For example, the factors for each assessment criterion, which will allow for lack of audit logs can allow attackers to deny that an objective and balanced approach to threat assessment. malicious actions were taken on a water The weighting factors for assessing IT threats to CII management network. should be determined based on their relative importance.  Information disclosure. Unauthorized access to The likelihood of a threat occurring was given a high sensitive information. For example, leakage of coefficient because it has a significant impact on the risk of classified information from government databases the threat being realized. The potential damage from the can have serious national security implications. threat has the highest coefficient because the potential  Denial of Service (DoS). Attacks are designed to losses from the threat are critical to the functioning of the prevent the normal operation of a system, CII. The complexity of the threat realization received a particularly by overloading resources. For lower coefficient due to its relatively lower importance example, a DoS attack on transportation compared to other criteria, but it is still important for infrastructure management systems could bring assessing the technical aspects of protection [29]. all traffic to a halt. By the previous steps, each evaluation criterion k has a corresponding weighting factor wk, where the sum of all  Elevation of Privilege. A threat that allows an coefficients is 1 according to (3), as shown in Table 3 below: attacker to gain greater privileges than they have and use them to gain inappropriate access to systems or data. For example, an attacker could 330 Table 3 Table of IT threat assessment criteria Criterion, k Description Weighting index, wk TP The likelihood that the threat may materialize 0.4 P Potential losses or damage that may be caused if the threat is 0.5 realized C complexity of the technical implementation of the threat 0.1 Step 4. Determine the weight of the CII IT threat criteria. values of α reduce the impact of the risk, while A rating scale from 1 to 5 is used to further define the high values increase its significance. criteria, with 1 being the lowest level (low probability,  Pairwise comparison of threats: Each threat is minimal damage, low complexity) and 5 being the highest compared to the others across all criteria. For each level (high probability, maximum damage, high pair of threats, a dominance value is calculated complexity). These scores are then used to compare threats using the formula above. in pairs to determine their relative importance and  Overall Dominance Calculation: After all threat criticality to CII. Based on these criteria, an integrative pairs are compared for each criterion, a total assessment and prioritization of threats is performed, which dominance value is calculated for each threat. This is the basis for management decisions on security and value is used to rank and prioritize threats. protection measures [30]. Therefore, according to (4, 5, 6), we will apply the above Thus, this phase provides a detailed and objective scale to evaluate the alternatives according to the specified analysis of the threats, providing a reliable basis for criteria. Below is a table of alternatives evaluated by criteria management decisions regarding CII protection. (Table 4). Step 6. Obtain an integrative assessment of alternative IT threats to CII. Table 4 To automate this process and increase the accuracy of Criteria-based alternatives evaluation the calculations, the developed IT Threat Management Threat TP P C Methodology software application is used at this stage. This Spoofing 2 4 3 application integrates all the data, pairwise comparisons, Tampering 3 5 2 and weighting factors to calculate the final utility scores. Repudiation 1 3 4 According to (8), we summarize the prospective values to Information disclosure 4 5 2 obtain a utility score for each threat. Using the developed IT 1 threat management software, the following result was Denial of Service 5 5 3 obtained (Fig. 2). Elevation of Privilege 2 4 The values are then used to compare threats in pairs to determine their relative importance and criticality to the CII. This comparison helps determine which threats are the most serious and require priority protection measures. An integrative assessment and prioritization of threats based on the results is then performed, providing the basis for management decisions on security and protection measures for the CII. Figure 2: Result of using IT threat management software Step 5. Perform pairwise comparisons of alternative Step 7. Prioritize and make decisions about IT threats to CII. threats to CII. According to (9) and based on the analysis performed by According to (7), in this step, the method of pairwise the developed method, the threats were ranked according to comparisons is used to determine the dominance of each their total dominance. Let us present the prioritization of threat over the others. This method allows the relative threats, where threats with higher values of total dominance importance and criticality of each threat to be assessed by should be addressed as the most critical (Table 5): comparing them according to certain criteria. The application of the prospective value function takes into Table 5 account the weights of the criteria and the scores of the IT threat priorities for the CII sub-sector “Electronic alternatives for each criterion. communications” Threat Dom level Priority  Data Entry: After all threats have been evaluated The highest Spoofing 9.145 according to the criteria defined in the previous High Tampering 5.789 step, the data is entered into specially developed Repudiation 2.406 Average software to perform the calculations. Information Medium  Determine the α parameter: The α parameter is set disclosure –1.004 to account for risk attitudes. The value of α can Denial of Low –1.564 take on any value depending on the specific Service situation but is usually between 0 and 1. Low Elevation of Low –2.338 Privilege 331 Fig. 3 shows the results of the IT threat assessment for the 7. Conclusions CII sub-sector “electronic communications”, according to Table 5. In conclusion, this paper has analyzed the existing methods of IT threat management at CIIF. It was found that the problem of IT threat management at CIIF has not been sufficiently studied, and the existing methods do not provide a complete solution to the problems of IT threat assessment for such facilities. Therefore, the authors have developed a new method for managing IT threats at CIIF by synthesizing the multi-criteria decision-making method TODIM and the threat model STRIDE, which allows them to effectively identify, assess, and prioritize threats, taking into account their probability, potential damage, and complexity of implementation. The developed method consists of the following stages: identification of threats, determination of Figure 3: Results of the IT threat assessment evaluation criteria, data normalization, determination of Thus, according to the results obtained with the help of the criteria weights, pairwise comparison of alternative threats, special software developed, the following recommendations obtaining an integrative evaluation, prioritization, and have been made about IT threats [31]: decision-making, and provides an effective approach to improving the level of CII security.  Denial of Service (DoS): The most critical threat An experimental study of the developed method, that needs to be addressed as a matter of priority conducted for the CII sub-sector “electronic is to reduce the risk of denial of service, which can communications”, showed that the method effectively lead to significant disruptions in CI operations. It contributes to the management of IT threats by prioritizing is recommended to implement resilient systems these threats. This ensures a high level of CII security and against DoS attacks using load balancing and allows the optimization of security measures to respond network-level protection techniques. effectively to potential IT threats.  Repudiation: Requires improved logging and In addition, thanks to the special software developed, it auditing systems to ensure accountability and was found that for the CII sub-sector “electronic transparency of operations. Reliable mechanisms communications”, the threat of denial of service has the for logging and retaining user activity logs should highest level of criticality. This indicates the need for be implemented, as well as regular audits to detect priority action to neutralize it. In general, the prioritization and prevent attempts to deny activity. of IT threats in the process of ensuring the protection of CII  Spoofing: It is necessary to strengthen can ensure the effective allocation of resources and the authentication procedures and improve application of the necessary measures to prevent potential identification and verification systems to prevent attacks. unauthorized access. The use of multi-factor Further research will aim to optimize the method, in authentication and advanced user verification particular by: methods is recommended.  Determine normalized coefficients for selected  Information disclosure: Data protection threat criteria. mechanisms should be strengthened, especially for sensitive information, to prevent unauthorized  Extend the recommendations for IT incident disclosure. Data encryption should be management according to the results obtained. implemented both in transit and at rest, as well as  Improving the method to allow the assessment of monitoring and leak detection systems. combined threats.  Tampering: Protection should be provided against unauthorized interference with data, although this References threat is not as critical as the others. Data integrity [1] O. Mykhaylova, et al., Mobile Application as a Critical controls should be used and systems should be Infrastructure Cyberattack Surface, in: Workshop on implemented to detect changes to data [32]. Cybersecurity Providing in Information and  Elevation of privilege: Although this is a serious Telecommunication Systems II, CPITS-II, vol. 3550 threat, it has the lowest dominance score and can be (2023) 29–43. addressed after more pressing issues. To prevent [2] A. Zahynei, et al., Method for Calculating the Residual privilege escalation, it is necessary to implement the Resource of Fog Node Elements of Distributed principle of least privilege, regularly review access Information Systems of Critical Infrastructure rights, and use tools to detect and block attempts to Facilities, in: Workshop on Cybersecurity Providing in elevate user privileges. Information and Telecommunication Systems, CPITS, vol. 3654 (2024) 432–439. [3] ITIL Incident Management: The Complete Guide URL: https://www.motadata.com/blog/itil-incident- management/ 332 [4] T. Lechachenko, et al., Cybersecurity Assessments [19] T. L. Saaty, Decision Making with the Analytic based on Combining TODIM Method and STRIDE Hierarchy Process, Int. J. Services Sci. 1(1) (2008) 83. Model for Learning Management Systems, in: doi: 10.1504/ijssci.2008.017590. Computer Information Technologies in Industry, vol. [20] H. Taherdoost, Decision Making using the Analytic 3468 (2023) 250–256. Hierarchy Process (AHP); A Step by Step Approach, [5] T. Lechachenko, et al., Cybersecurity Aspects of Smart Int. J. Econom. Manag. Syst. (2017). Manufacturing Transition to Industry 5.0 Model, in: [21] B. Llamazares, An Analysis of the Generalized TODIM Information Technologies: Theoretical and Applied Method, European J. Operational Res. 269(3) (2018) Problems, vol. 3628 (2023). 1041–1049. doi: 10.1016/j.ejor.2018.02.054. [6] J. Wang, G. Wei, M. Lu, TODIM Method for Multiple [22] G. H. Tzeng, J. J. Huang, Multiple Attribute Decision Attribute Group Decision Making under 2-Tuple Making: Methods and Applications, CRC press (2011). Linguistic Neutrosophic Environment, Symmetry, [23] Law of Ukraine on Critical Infrastructure, Verkhovna 10(10) (2018) 486. doi: 10.3390/sym10100486 Rada of Ukraine. URL: https://zakon.rada.gov.ua/laws [7] G. Macher, et al., Threat and Risk Assessment /show/ Methodologies in the Automotive Domain, Procedia [24] Cabinet of Ministers of Ukraine, Certain Issues of Comput. Sci. 83 (2016) 1288–1294. doi: Critical Infrastructure Objects: Resolution No. 1109 10.1016/j.procs.2016.04.268. dated October 9, 2020. URL: https://zakon.rada.gov. [8] G. Holtrup, et al., Modeling 5G Threat Scenarios for ua/laws/ Critical Infrastructure Protection, in: 15th [25] M. Al Hadidi, et al., Adaptive Regulation of Radiated International Conference on Cyber Conflict: Meeting Power Radio Transmitting Devices in Modern Cellular Reality (2023) 161–180. doi: 10.23919/CyCon58705. Network Depending on Climatic Conditions, 2023.10. Contemporary Engineering Sciences, 9(10) (2016) [9] R. Khan, et al., STRIDE-based Threat Modeling for 473–485. Cyber-Physical Systems, IEEE PES Innovative Smart [26] M. Zaliskyi, et al., Statistical Data Processing During Grid Technologies Conference Europe (ISGT-Europe) Wind Generators Operation, International Journal of (2017) 1–6. doi: 10.1109/ISGTEurope.2017.8260283. Electrical and Electronic Engineering and [10] M. Abomhara, M. Gerdes, G. M. Koien, A STRIDE- Telecommunications, 8(1) (2019) 33–38. based Threat Model for Telehealth Systems, NISK [27] O. Solomentsev, et al., Sequential Procedure of (2015). Changepoint Analysis during Operational Data [11] A. Shostack, Experiences Threat Modeling at Processing, IEEE Workshop on Microwave Theory Microsoft, in: Modeling Security, vol. 413 (2024). and Techniques in Wireless Communications, MTTW [12] Microsoft Corporation, “SDL Process Introduction”, (2020) 168–171. URL: http://msdn.microsoft.com/en-us/library/cc3074 [28] X. Hu, et al., Statistical Techniques for Detecting 06.aspx Cyberattacks on Computer Networks based on an [13] R. Ross, Guide for Conducting Risk Assessments, Analysis of Abnormal Traffic Behavior, Int. J. Comput. Special Publication (NIST SP) 800-30 Rev 1, National Netw. Inf. Secur. 12(6) (2020) 1–13. Institute of Standards and Technology, Gaithersburg, [29] O. Solomentsev, et al., Data Processing Method for MD. Available at NIST (2012). Deterioration Detection during Radio Equipment [14] International Organization for Standardization, Operation, IEEE Microwave Theory and Techniques ISO/IEC 27005:2022 Information Security, in Wireless Communications, MTTW (2019) 1–4. Cybersecurity and Privacy Protection—Guidance on [30] Z. Hassan, et al., Detection of Distributed Denial of Managing Information Security Risks, ISO, Available Service Attacks Using Snort Rules in Cloud at ISO (2022). Computing & Remote Control Systems, in: IEEE 5th [15] R. A. Caralli, et al., Introducing OCTAVE Allegro: International Conference on Methods and Systems of Improving the Information Security Risk Assessment Navigation and Motion Control (2018) 119–122. Process. Carnegie Mellon University, Software [31] I. Ostroumov, N. Kuzmenko, Statistical Analysis and Engineering Institute. Available at SEI CMU (2007). Flight Route Extraction from Automatic Dependent [16] A. Shukla, E. A. Solbakken, R. Steen, On the Cyber- Surveillance-Broadcast Data, Integrated Emergency Preparedness in a Resilient Organization, Communications, Navigation and Surveillance in: 33rd European Safety and Reliability Conference Conference (2022). (2023). doi: 10.3850/981-973-0000-00-0. [32] Y. Averyanova, et al., UAS Cyber Security Hazards [17] ISACA, COBIT 2019 Framework: Governance and Analysis and Approach to Qualitative Assessment, Management Objectives. Information Systems Audit Lecture Notes in Networks and Systems, 290 (2021) and Control Association (ISACA), Available at ISACA 258–265. (2019). [18] V. Astapenya, et al., Conflict Model of Radio Engineering Systems under the Threat of Electronic Warfare, in: Workshop on Cybersecurity Providing in Information and Telecommunication Systems, CPITS, vol. 3654 (2024) 290–300. 333