Ruslan HRYSHCHUK, Serhii YEVSEIEV, Alexander SHMATKO
CONSTRUCTION METHODOLOGY OF INFORMATION SECURITY SYSTEM OF BANKING INFORMATION IN AUTOMATED BANKING SYSTEMS
The monograph presents modern methodology of building information security systems of banking information systems. The methodology is based on a new concept of building a threat model, constructed on synergistic principles. As a result, for the first time a three-tier security model of strategic management of banking information technologies has being built for the automated banking system. This system takes into account threats of cybersecurity, information security and threats for the security of banking information at the same time.
Special attention should be given to the methods proposed in the monograph to ensure the confidentiality, integrity and authenticity of information in banking information systems. In contrast to the known ones, the proposed methods are built on hybrid cryptographic structures with redundant codes. Principles of the methods are mathematical models of hybrid cryptocodic constructions with using asymmetric crypto-modified McEliece and Niederreiter codes and modified geometric codes.
The book is full of applied examples that confirm the validity of the developed methods and the adequacy of the proposed models.
In this way a comprehensive solution has been proposed from a systemic position on the base of a synergistic approach, to ensure the information security of banking information systems. The proposed methodology opens up the new methods to building security systems for the critical information infrastructures of the state and business which is new in terms of security and a rational in terms of money spent
The results are proposed to be used at planning measures to ensure the information security of automated banking systems for minimization of risks from new threats to the security of banking information.
The monograph will be useful for researchers and applicants for scientific degrees, and can also be used by students during training to raise awareness of information and cybersecurity issues of modern information technologies.