-
Katya Emilova Kirilova
BUILDING A CONCEPT FOR CYBER SECURITY OF AN EDUCATIONAL ORGANIZATION IN BULGARIA
Abstract:
Background: The topic of cyber security of organizations is becoming more relevant for modern societies. In that area, both scientific research and practical applications of various platforms, technologies, and tools for guaranteeing security levels have undergone serious development in recent years. The research objective is based on a study of leading literature sources and the accumulated experience in the subject area to propose and approve an adequate model for ensuring cyber security of an educational institution. Methods: Different organizations adopt different approaches and apply different methods to create systemic conditions for ensuring cyber security. The methods used in the research are based on the specifics of the business processes that take place in the organizations. Based on them, the specifics of educational organizations are highlighted, which determine the creation of a relevant concept of cyber security with appropriate technological measures. Results: The concept proposed in the present study is based both on the current legal framework of the European Union and the Republic of Bulgaria, as well as on good practices and approaches in the subject area. The concept has been implemented and the presented results prove its usefulness for the educational organization. The period to which the empirical part of the study refers is 2022-2023. Conclusions: The main results of the study are in the direction of achieved monitoring of the external perimeter of the organization, implemented monitoring of user behaviour, risk management of information assets, and increased cyber security of the organization.
-
Serghei Ohrimenco, Dinara Orlova, Valeriu Cernei
CYBER THREATS MODELING: AN EMPIRICAL STUDY
Abstract:
The immediacy of this study is determined by the need to fight back against the modern cyber threats that arise in the process of building a digital economy. The issues of countering various cyber threats in the activities of small and medium enterprises, firms stand to be a serious problem. Its relevance is constantly increasing. This is due to a number of objective reasons, the main of which are the following.
Firstly, the globalization of economic processes, which leads to a situation where the technical, software and information component of the Information System (IS) is the same in relation to all countries developed in terms of information.
Secondly, a significant change in the landscape of the IS threats themselves. It should be noted that the changes affected both quantitative and qualitative characteristics.
Malware, Network Scanning, Man in the Middle, Phishing, DNS Spoofing, Trojan Horses. These are just a few examples of cyber threats carried out against small and mid-sized businesses and government information systems every day.
The current condition of the information security system of governmental and commercial structures does not provide efficient resolving of up-to-date cybersecurity problems and creation of confident interaction between the critical infrastructure objects.
It should be assumed that there is a need to update the theoretical and methodological base and practical developments that can protect the rights and legitimate interests of the individual, business and the state from modern security threats and increase the level of security of our economy.
The article logically combines the study of the modern landscape of cybersecurity threats, the construction of an empirical model of security threats (with the allocation of a monetization block), the demonstration of the results of processing statistical data characterizing the distribution of the frequency of occurrence of specific threats.
The paper aims to build an empirical model of cyber threats based on a study of huge number of relevant literature sources and statistical data.
-
Rosen Ivanov Kirilov
DEVELOPMENT OF A METHODOLOGY FOR
THE IMPLEMENTATION OF SECURE WEB APPLICATIONS IN BUSINESS ORGANIZATIONS
Abstract:
Background: Web application development is a difficult and complex task. The complexity is mostly expressed in the multitude of tasks that must be performed in the development life cycle. In today's environment, it is important that web applications prove their security and resilience in a changing cyber environment. For these reasons, web applications should meet a number of requirements in the process of their technological implementation, which is explored in the article. Methods: The methods used are related to a literature survey on the cyber security requirements of web applications and the characteristics of their life cycle. On this basis, basic key issues of vulnerability testing of developed systems in business organizations have also been studied. Results: As a result of the development of the methodology its main components have been tested in the development of web applications. The achieved application protection levels as a result of the implemented measures have been reported and analyzed. On this basis, some possibilities for improvement of the proposed methodological components are outlined. Conclusions: As a result of the studies and analyses basic conclusions have been drawn about the possibilities for developing and implementing secure web applications in business organizations.
