01879nas a2200217 4500000000100000000000100001008004100002260001200043653002500055653002200080653003200102653002800134100001900162700002000181700002300201700002500224245011200249300001100361490000700372520128200379 2020 d c12/202010aexpected loss levels10aexpert assessment10ainformation system security10amulti-criteria approach1 aOlha Izmailova1 aHanna Krasovska1 aKateryna Krasovska1 aVolodymyr Zaslavskyi00aAssessing the Variety of Expected Losses upon the Materialisation of Threats to Banking Information Systems a89-1180 v453 a
The article addresses the problem of estimating the expected losses of a bank when information security threats to functioning computer systems materialize. A scenario approach to solving the problem is developed based on multi-criteria decision-making methods, taking into account quantitative and qualitative indicators and expert assessment, and applying the analytic hierarchy process for comprehensive assessment of expected losses in probabilistic terms. That allows to take into account different levels of the hierarchy of criteria and the weight of their impact on the calculated results. The process of estimating the probability of materialization of various threats under accepted standards and situational conditions, the actions of the attacker and the consequences on the bank's functioning is formalized. Expert assessments are grouped with control over the sufficiency of the degree of logic and dispersion of opinions of each expert, compliance with the established requirements for the degree of consistency of opinions of the group of experts, assessment and formalized consideration of the degree of their competence. The process of assessing expected losses is presented as a daily business process of the functioning of the bank's security system.