МЕТОДИКА ОЦІНЮВАННЯ РИЗИКІВ ІНФОРМАЦІЙНОЇ БЕЗПЕКИ ФІНАНСОВОЇ УСТАНОВИ

VIRA TITOVA; YURII KLOTS; СЕРГІЙ KOLBA; DMYTRO SYROTENKO; KOSTIANTYN RYKUN

doi:10.31891/2219-9365-2025-84-14

Authors

VIRA TITOVA Khmelnytskyi National University https://orcid.org/0000-0001-8668-4834
YURII KLOTS Khmelnytskyi National University https://orcid.org/0000-0002-3914-0989
СЕРГІЙ KOLBA Khmelnytskyi National University https://orcid.org/0009-0004-9354-6025
DMYTRO SYROTENKO Khmelnytskyi National University https://orcid.org/0009-0004-4054-0498
KOSTIANTYN RYKUN Khmelnytskyi National University https://orcid.org/0009-0001-5177-0297

DOI:

https://doi.org/10.31891/2219-9365-2025-84-14

Keywords:

risk assessment, CRAMM, RiskWatch, qualitative analysis, quantitative analysis, confidentiality, integrity, availability

Abstract

The relevance of this study lies in the necessity to devote special attention to information security risks within financial institutions. This necessity arises from the high value of information assets in such organizations. Their significance increases due to the presence of clients’ personal data, as unauthorized access to such data could potentially enable illicit access to financial resources.

Therefore, the information used in the operations of financial institutions requires enhanced protection to preserve its key properties: confidentiality, integrity, and availability. However, to date, there is no standardized methodology for information security risk analysis and assessment that would be mandatory for all financial institutions. The existing and widely applied methodologies are largely generic, designed for organizations across various economic sectors, and fail to take into account the unique characteristics and specific operational contexts of each institution. Thus, there is a clear need to develop a specific methodology for the analysis and assessment of information security risks in the financial sector, grounded in existing international standards.

This article addresses the issue of information security risk analysis, with particular attention to risks within financial organizations. This topic warrants special consideration, as such institutions primarily operate with clients’ personal data, possession of which may potentially provide access to financial resources. Moreover, every financial institution is obliged to ensure the protection of stored client data and to maintain banking confidentiality. At present, there is no standardized methodology for the analysis and assessment of information security risks specifically designed for financial organizations. Therefore, this study proposes a dedicated methodology for analyzing and assessing information security risks in such institutions, developed on the basis of existing standards and approaches to building information protection systems within enterprises.

METHODOLOGY FOR ASSESSING INFORMATION SECURITY RISKS IN A FINANCIAL INSTITUTION

Authors

DOI:

Keywords:

Abstract

Downloads

Published

How to Cite

Issue

Section

License

Language

Information