Next Article in Journal
Design and Development of Technical Solution for NFC-Based Self-Management Therapy in Actual Oncology Treatment
Previous Article in Journal
Data-Decoupled Scattering Imaging Method Based on Autocorrelation Enhancement
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:

Cyber Security Risk Modeling in Distributed Information Systems

Department of Cybersecurity and Information Protection, Taras Shevchenko National University of Kyiv, 01-601 Kyiv, Ukraine
Department of Intelligent Technologies, Taras Shevchenko National University of Kyiv, 01-601 Kyiv, Ukraine
Department of Automation and Robotic Systems, National University of Life and Environmental Sciences of Ukraine, 03-041 Kyiv, Ukraine
Department of Mechanics and Agroecosystems Engineering, Polissia National University, 10-008 Zhytomyr, Ukraine
Department of Production Engineering, Logistics and Applied Computer Science, University of Agriculture in Krakow, 30-149 Krakow, Poland
National Academy of Applied Sciences in Przemyśl, 37-700 Przemysl, Poland
Department of Energy Saving Tehnologies and Energy Menagement, Educational and Scientific Institute of Energy, Higher Educational Institution “Podillia State University”, 32-316 Kamianets-Podilskyi, Ukraine
Department of Agronomy, Modern Technologies and Informatics, International University of Applied Sciences in Lomza, 18-402 Lomza, Poland
Authors to whom correspondence should be addressed.
Appl. Sci. 2023, 13(4), 2393;
Submission received: 11 January 2023 / Revised: 4 February 2023 / Accepted: 8 February 2023 / Published: 13 February 2023


This paper deals with problems of the development and security of distributed information systems. It explores the challenges of risk modeling in such systems and suggests a risk-modeling approach that is responsive to the requirements of complex, distributed, and large-scale systems. This article provides aggregate information on various risk assessment methodologies; such as quantitative, qualitative, and hybrid methods; a comparison of their advantages and disadvantages; as well as an analysis of the possibility of application in distributed information systems. It also presents research on a comprehensive, dynamic, and multilevel approach to cyber risk assessment and modeling in distributed information systems based on security metrics and techniques for their calculation, which provides sufficient accuracy and reliability of risk assessment and demonstrates an ability to solve problems of intelligent classification and risk assessment modeling for large arrays of distributed data. The paper considers the main issues and recommendations for using risk assessment techniques based on the suggested approach.

1. Introduction

Information security management has an increasingly important place in the operation of almost any organization that uses modern technologies for collecting, storing, and processing information [1]. This process is based on the periodic analysis of information risks, which allows for the identification of security threats and information system vulnerabilities and the implementation of appropriate measures to neutralize them. As a result, the state of information security in the organization is constantly monitored for new threats and vulnerabilities [2].
The information security (IS) risk management process should be continuous considering the external and internal circumstances of assessing the identified IS risks [3]. Classical approaches for assessing IS risks are based on statistical and expert assessment methods that do not fully provide the required accuracy and reliability for obtaining results, especially when used in complex multicomponent systems [4,5]. Due to the limitations of a quantitative approach to assessing IS risks, as a rule, a qualitative approach is applied based on ranking threats and associated IS risks according to their threat level [6,7]. Risk assessment allows us to identify possible threats and vulnerabilities, and accordingly determine the potential impact.
This study aims to explore the opportunities of using intelligent models for the assessment of IS risks. The paper proposes a complex method of IS risk assessment based on the analysis of metadata and metrics that characterize the distributed information system. The approach proposed in this paper is based on decision tree models [8] and solves the problem of intelligent events classification and modeling the assessment of IS risks for large data sets [9]. This allows for a comprehensive assessment of IS risks in any sized infrastructure or information assets without being tied to a specific information platform, network equipment, or software and hardware.

2. Literature Review and Problem Statement

2.1. Research Background

Every business is regularly exposed to the risk of unexpected, unpredictable information security events that can cause financial losses and significant damage to a company’s infrastructure or reputation. The risk management process reduces both the likelihood of potential security incidents and their impact on existing business processes. Effective risk management is aimed at optimizing the company’s success (including financial success) by minimizing threats [10,11,12,13].
According to the Deloitte research “Cyber risk reporting in the UK 2016”, 87% of companies consider cybersecurity risks a key factor in strategic business process planning (Figure 1). At the same time, the main areas today are the risks associated with cybercrime and information security threats (over 72% of respondents consider them a priority), data theft (33%), protection of confidential information (59%), and failure of IT infrastructure elements (71%) [14].
Literature review in this area has shown that risk assessment is one of the most difficult and urgent tasks in the process of information security management. There are no generally accepted approaches and methods for risk assessment [15,16,17,18]. Also, the risk assessment procedure is a time-consuming task. Performing the analysis manually, using office tools, is almost impossible due to the large amount of information for processing and the high probability of obtaining weak results.
Modern risk management techniques are based on the use of the probability of threats, damage, and vulnerabilities. However, in most cases, information security experts conduct the assessment in the form of verbal formulations and then associate them with numerical values, using their own experience. This method of obtaining risk assessments significantly limits the possibilities of the methodology in general, as risk factors (threat, vulnerability, and damage) are analyzed using heuristic methods, resulting in different data if the examination was conducted by different experts. Therefore, confidence in the expert’s assessment may be debatable [19].
On the other hand, most risk analysis methods today focus on calculating only technical vulnerabilities, which does not allow for adequately assessing the economic aspects of the impact (Figure 2) [20]. Marsh and Microsoft’s 2022 Global Cyber Risk study is currently underway [21].
Another problem that risk experts may face is the complexity and large infrastructures of modern organizations and the widespread implementation of distributed information systems. Even for a medium-sized company, the number of assets can reach tens of thousands. And this in turn creates problems associated with the analysis of information resources of the organization and data aggregation from different sources in conditions of data allocation and general functional distribution. Moreover, information systems have a distributed architecture consisting of a large number of components. Collection and analysis of metadata and metrics about their work significantly complicate the process of risk analysis. Modern techniques are slow and do not provide the desired result. The evaluation process takes a long time, which is accompanied by a rapid loss of relevance [22].
Research in the field of risk management was carried out by Ukrainian and Polish researchers A. Trihuba, T. Hutsol, M. Kubon et al. [23,24]. The study [23] concerns stakeholder risk management in integrated projects of the European Green Deal. The article substantiates the need to develop tools (models, methods, and algorithms) for quantitative risk assessment of each type of project (e.g., agricultural waste and their components and justification of risk response).
The article [24] is devoted to planning and risk analysis in projects for the procurement of agricultural raw materials for the production of environmentally friendly fuel.
Australian researchers [25] have proven that business improvement and the efficiency of project processes in various areas can be achieved by managing risks, costs, uncertainty, and requirements in the early stages of a project.
These studies have become important achievements that can be used as tools for managing technologically integrated projects, including modeling cybersecurity risks in distributed information systems for various applications.
Despite wide distribution and popularity, the state of development of this topic in world science remains quite low. Classical approaches to evaluation, which are covered in the relevant literature, do not provide the desired effect in the analysis of large data sets and are more conceptual in nature. At the same time, almost no attention is paid to modern techniques based on the application of the neural network approach and intelligent models of risk assessment. Today, more and more companies are resorting to implementing an approach to information security management using intelligent models combined with expert assessment methods, which demonstrates excellent results in the context of rapidly changing IT threats.

2.2. Distributed Information Systems Overview

According to Andrew S. Tanenbaum, there is no generally accepted and strict definition of a distributed system [26,27,28] The key parameter defining a distributed system is the separation of its functions among several computers. With this approach, distributed IS are geographically spread systems consisting of interacting computers and terminals connected by data transmission channels. A distributed system is much larger and more powerful than typical centralized systems due to the combined capabilities of distributed components. Examples of distributed systems include computer networks, distributed databases, real-time process control systems, and distributed information processing systems.
Key characteristics of distributed systems are as follows.
  • Resource sharing
  • Openness
  • Transparency
  • Concurrency
  • Scalability
  • High performance
  • Reliability
  • Fault Tolerance
At the same time, distributed systems have some disadvantages and weaknesses.
  • Increased system response time
  • Difficulty controlling remote elements
  • Difficulty to develop, debug and use
  • Additional efforts to ensure information security
Such systems are characterized by functioning under random factors, negative influences of various natures, active interaction with the external environment, and costly consequences of possible violations or errors in work. The organization of cybersecurity risk assessment in distributed systems involves solving a set of problems related to functional distribution and hierarchy, a high degree of parallelization of resources, and an almost complete absence of centralized management. Thus, the scientific and applied task of studying cybersecurity risk assessment models in DIS is relevant today and requires in-depth research.
Examples of practical implementation of distributed information systems in agriculture, energy, and financial sectors are described in many studies by Ukrainian researchers, e.g., N. Kiktev, V. Osypenko, V. Kraevsky et al. [29,30,31,32]. In [29], software was developed for a distributed information system for diagnosing the quality of electricity consumers using cloud technologies. The synchrophasor technology (ST) used is usually the use of input from the synchrophasor PMU for monitoring. Energy facilities are vulnerable to various cyber attacks, moreover, they often represent critical infrastructure. According to statistics, in just one month of 2021 in Ukraine, 19% of industrial systems were subjected to various types of attacks. Threats were primarily associated with network attacks and attacks on user workstations. In 2016, a successful attack was carried out on the Severnaya substation, then the entire control system went out of order and most of Kyiv was de-energized [33]. The most dangerous are attacks on nuclear facilities, including nuclear power plants. In 2009, the Stuxnet worm got into the network of one of the Iranian nuclear plants through a flash memory and modified the control software so that the calibrating program failed and the centrifuge went into resonance and went out of order, thus sabotaging the entire nuclear program [33].
Distributed intelligent information systems include multi-agent robotic systems described in studies by Russian [34,35,36], Ukrainian [37,38], and Malay [39] researchers. Robotic systems have their own information security risks. Nearly 50 vulnerabilities have been discovered in the code of industrial robots and cobots. These vulnerabilities can be used to harm employees or for espionage. The units can be controlled remotely by changing the configuration, for example, especially in the case of an installed camera and microphone. At the same time, industrial espionage and changing security settings are possible, allowing cobots to leave restricted areas and turn off sensors that might be turned off when it comes into contact with people.
Most modern technologies are connected via the Internet and can be controlled via phone. Therefore, they are easy to hack. It is believed that any device and software that is connected to the Internet is considered vulnerable to hacking.

2.3. Risk Assessment Process in Distributed Information Systems

Nowadays, any organization under the adopted information security policy must regularly assess the risks and threats to the data for which it is responsible.
According to the analysis, entrepreneurs can classify their systems (servers, endpoints, applications, etc.) according to the category of risk of potential security incidents. The risk assessment process involves an iterative approach and includes three main groups of activities—the collection of data and policies, risk assessment based on their analysis, and the stage of decision support (Figure 3) [40,41,42].
The main stages of risk analysis and management are as follows:
  • defining the boundaries of the system and risk assessment methodology;
  • identification and evaluation of information resources of the system;
  • identification of threats and assessment of the probabilities of their implementation;
  • risk identification and choice of remedies;
  • and remedies applying and residual risk assessment.
The main purpose of risk management is to maintain the risks at an acceptable level for the organization. Many companies prefer to finance the prevention measures while neglecting risk assessment, processing, response planning, and other aspects of risk management.
The analysis of IS risks allows us to determine the necessary and sufficient set of information security tools, choose the appropariate methodology and organizational mechanisms to reduce IS risks, and, as a result, allows us to ensure the process of building the most effective information security management system (ISMS) [43].

2.4. Core Standards and Guidelines

Nowadays, each progressive country is developing several standards in the field of IS risk analysis and assessment.
These are primarily international and national standards for risk management—ISO/IEC 31000, COSO II, FERMA, KING II, information security assessment and management—ISO/IEC 27001, ISO/IEC 27005: 2018, ISO/IEC 17799, BS7799, NIST 800-30, BSI-Standard 200-3, ISO/IEC 15408, and auditing standards that reflect information security issues—COBIT, SAS 55/78, SAC, etc.
However, most standards are conceptual and provide recommendations without a clear explanation of how to implement security measures, which encourages companies to develop their methods and approaches to assessing IS risks (Figure 4) [44,45,46,47,48,49]. This is caused by the fact that the existing approaches and methods are general, based on statistical evaluation, and do not provide the desired result.
After reviewing modern approaches to risk assessment and management and analyzing the existing regulatory framework, we can conclude that the problem of analysis and assessment of information risks in distributed systems as an important part of the information security management system, serves as the main mechanism for security incident prevention and plays an important role in justifying decisions not only of a strategic nature but also at the stage of short-term planning.

2.5. Main Approaches to Risk Assessment

There are two main approaches to risk analysis—qualitative and quantitative [50,51,52].
  • Quantitative risk analysis is a numeric estimate of the overall effect of risk on the project objectives, such as cost and schedule.
  • Qualitative risk analysis prioritizes the identified project risks using a pre-defined rating scale and involves identifying threats and the potential impacts if they do.
The most attractive, at first glance, is a quantitative approach that allows comparing the security of different systems using numerical scale and mathematical representation of found values, but its implementation is complicated for a few reasons and limitations [53,54]
In this regard, a qualitative approach is currently used for risk analysis. It provides a simple ranking of threats and associated risks according to their severity. Probability data is not required and only estimated potential loss is used. Most qualitative risk analysis methodologies use several elements: vulnerabilities, threats, and controls. This is the most widely used approach to risk analysis in distributed systems nowadays [55]
The article [56] presents a systematic review of mapping (SMR) tools that automate the cybersecurity risk assessment step based on research published between 2012 and 2020. The paper provides an update on the automation of the risk assessment phase. In addition, variables are identified that are taken into account by models of international organizations: ISO, NIST, OWASP, etc. The model helps to assess risks, regardless of the size of the organization, and takes into account the opinions and improvements provided by cybersecurity experts. However, this paper does not present the other risk management steps (risk treatment, monitoring, and analysis) that will be needed to develop new cybersecurity risk management models.
The article [57] considers the cyber risks of a critical transport infrastructure implemented using IoT technology, which can become a target for many threats due to its cyber-physical nature. The new approach uses decision scales and importance indices to help stakeholders assess the level of vulnerability, the source of the threat, and the physical impact. Monte Carlo simulation results have shown that IoT-enabled transport infrastructure is prone to cyber-physical attacks when a threat source can physically access IoT devices, resulting in high levels.
In the article [58], the authors present a generic configurable SCADA system dependency model that captures complex dependencies within a system and facilitates targeted risk assessment. The model was developed by collecting and analyzing dependencies in the SCADA system from 36 experts in the field. The authors demonstrated how dependency modeling can be used for risk assessment using the example of a SCADA system for water distribution. However, there is no comparison of SCADA DM with other emerging target models of the SCADA system.

2.6. Disadvantages of Classical Approaches

Classical approaches based on statistical or expert assessment methods do not provide sufficient accuracy and reliability in risk assessment.
The disadvantages of classical approaches are as follows:
  • insufficient accuracy and reliability of the assessment;
  • difficulty in assessing damage to intangible assets (reputation, the confidentiality of information, ideas, business plans, staff health, etc.);
  • depreciation of the results of long-term quantitative risk assessment due to constant modification and reconfiguration of the automated system;
  • difficulty in assessing indirect losses;
  • and lack of reliable statistics in the rapidly changing IT world.
Moreover, if, for example, 20 years ago the problem of collecting and aggregating system metrics and metadata about information assets was acute due to the imperfection of existing methods and the lack of necessary logging mechanisms, today, with the growing popularity of SIEM systems, we face the problem of analyzing large distributed data sets promptly and actively responding to potential threats on information security. It is necessary to make operational decisions in conditions of rapidly changing technology and the emergence of new threats [59].
Risk assessment and prediction of potential threats in these conditions require a dynamic multifactor analysis of the system’s distributed metadata in real-time using an intelligent models approach.

3. The Aim and Objectives of the Study

Thanks to the methods of information theory it is possible to form and calculate fairly accurate parameters that reflect the degree of security of any object or system. However, a comprehensive assessment of the degree of protection often has to use expert methods to assess those parameters that cannot be calculated using a theoretical and informational approach. The necessary conditions for the use of intelligent models are uncertain due to the lack of information on the complexity of the system, as well as little available, quality information about the system [60].
This research aims to increase the efficiency of cybersecurity risk assessment in DIS by developing a methodology for determining the risk of critical information security incidents based on a dynamic multifactor analysis of distributed information system metadata using intelligent assessment models. To achieve this goal, the following research objectives are set:
  • Analysis of existing methods and approaches to risk assessment and identification of their advantages and disadvantages.
  • Analysis of the possibility of applying different methods of intelligent assessment for tasks related to determining the risk of critical information security incidents in distributed information systems.
  • Simulation modeling of the process of calculating the level of IS risk based on the dynamic, multifactor analysis of distributed metadata and metrics of the information system.
  • Creation of a scalable risk assessment methodology for any information assets without reference to a specific platform, network equipment, or software, which will conduct a comprehensive risk assessment for the infrastructure of any size, regardless of the number of information assets.
  • Development of an analytical software module that provides a dynamic, comprehensive, and easily scalable approach to the evaluation of multifactor data of the information system and can be integrated into appropriate information security monitoring systems.
To achieve this, the authors used simulation methods for calculating the level of IS risk using intelligent assessment models, Decision Tree algorithm, and Scikit Learn library toolkit, and research of information system metadata and methods of their intelligent analysis.

4. Materials and Methods

Solving the problems of information security that exist in modern systems is not limited to a technological approach [61,62,63]. This process requires the creation of a structured assessment methodology for the implementation of preventive measures that will be effective in reducing risks regardless of the environment of the studied object [64,65,66].

4.1. Requirements for the Evaluation Method

The proposed method of risk analysis should provide a comprehensive approach to assessment based on a multifactor study of all distributed indicators and parameters that could potentially affect the security of the information system. It should include the analysis of metadata and system metrics of various kinds coming from all available data log sources and provide a dynamic calculation of the level of risk in real time for each network asset [61].
The developed method should solve the following tasks:
  • Provide a scalable solution for comprehensive risk assessment of infrastructure of any size, regardless of the number of network assets.
  • Conduct a dynamic, multifactorial, and holistic analysis of distributed metadata and metrics of the information system, which will solve the problem of incomplete information about the components of risk and the studied system in general.
  • Ensure unification and standardization of the analysis process for the valuation of any network information assets without reference to a specific platform, network equipment, or software.
  • Maintain the relevance of the analysis results by reducing the duration of the evaluation process.
  • Solve the problem of data aggregation from different sources.
  • Rely on intellectual evaluation for continuous improvement of results, rapid adaptation, and identification of new risk vectors.

4.2. Criteria for Risk Criticality

The following criteria for risk criticality can be identified.
Low-risk level
  • The system processes and/or stores public data that is shared.
  • The system is easily restored and reproduced.
  • The system provides a non-critical information service.
Moderate-risk level
  • The system processes and/or stores non-public data or data with limited access.
  • The system is internally trusted by other network systems.
  • The system provides a normal or important information service.
High-risk level
  • The system processes and/or stores confidential information.
  • The system provides a critical information service or information service of a comprehensive nature.

4.3. Choosing the Method of Intellectual Evaluation

A comparative analysis of cyber risk assessment methods is given in [67]. The authors tested the same data set with different methods using different classifiers (naive bayes, logistic, multilevel perceptron, SMO, Ibk, AB, OneR, PART, J48, and random forest). The results obtained in this work show that tree-based machine learning methods may be suitable for the task of thread-based intrusion detection, showing better classification speeds than other more complex algorithms, and requiring less execution time (allowing several hundred thousand threads/s for processing). In this regard, the Decision Tree method was chosen to solve our problem and assess security risks.
Decision trees are a decision support tool widely used in data mining, mathematical statistics, and machine learning. This is a complex algorithm suitable for regression and classification problems. It is considered to be one of the most useful machine learning algorithms of supervised learning, as it can be used to solve a variety of problems. It is easy to understand, fast (because it uses only one function per node to share data), and unlike other machine learning algorithms, works effectively with nonlinear data, which is ideal for the multifactor analysis of distributed metadata (Figure 5).
Also, decision trees can process both numerical and categorical data and do not require pre-processing. The algorithm allows for assessing the reliability of the model and easily explaining the result using simple boolean logic, as well as easily visualizing the results. But one of the most important advantages is the ability to work with a large amount of information without special training procedures, which is perfect for analyzing metrics of distributed systems.

4.4. Development of Assessment Methodology

To make the right and balanced decision, information system risks must be correctly identified and assessed in terms of the damage they can cause and the probability of their occurrence. The loss analysis determines the degree of risk impact on the company’s IT assets and the business processes they support. The assessment may be based on the identification and analysis of vulnerabilities inherent in IT assets and threats that can be implemented through the exploitation of these vulnerabilities. Thus, risk assessment includes the identification of assets, vulnerabilities, threats, their probabilities, and consequences.
The developed assessment methodology is presented as a diagram in Figure 6.
A threat and vulnerability assessment must be performed for each network asset.
Threat identification (Figure 6, block 1) is a process of finding all the factors that can damage the assets of the organization. Threats can be accidental or intentional in nature and have a natural or human origin. After identifying the source of the threat and the objects to which it applies, it is necessary to assess its probability on a quantitative or qualitative scale (high, medium, or low probability) [68,69,70,71].
Within the proposed approach threat assessment is performed using the Classification Decision Tree algorithm (Figure 6, block A) and correlated to the global knowledge base of adversary tactics, techniques, and procedures—MITRE ATT&CK Matrix (Figure 6, block B).
T = f 1 ( x 1 , x 2 , x n ) ,
where x i —distributed metadata and metrics of the information system, i = 1, and n—Suspected Threat Number.
Identification of vulnerabilities (Figure 6, block 3) includes the identification of weaknesses in the protection system that can be used by the source of threat to damage assets. Vulnerabilities can be both technical (hardware, software, system configuration, communication equipment, physical environment, etc.) and organizational (management; personnel, business processes, and procedures). The vulnerability itself does not cause harm, as it requires a threat that can exploit it. The result of this step should be a list of vulnerabilities with an assessment of the ease of use of each vulnerability on a quantitative or qualitative scale.
The “Vulnerabilities” metric is used to assess vulnerabilities within the proposed approach. It shows the number of vulnerabilities found for a given network asset. The information is retrieved from the QRadar Vulnerability Manager (Figure 6, block E) and generated based on the results of the OpenVAS scanner (Open Vulnerability Assessment System).
V = f 2 ( x v ) ,
where x v —“Vulnerabilities” metric.
Asset identification (Figure 6, block 2) is a process related to the inventory of all resources of the organization, the determination of the value of these assets, and the assessment of their impact. At this step, the assets are classified by priority in terms of their importance for the company’s business objectives and the cost of recovery.
At the stage of asset valuation, it is necessary to normalize the structure of the network and select the most important segments with a greater weight coefficient (where the level of potential losses (Figure 6, block D) during threat implementation is higher). The main parameter that allows assessing the criticality of the asset for the infrastructure is the metric “Type”,
A = f 3 ( i = 1 7 a i ) ,
a 1 —criticality;
a 2 —sensitivity;
a 3 —fault tolerance;
a 4 —reproducibility;
a 5 —quantity;
a 6 —quality;
a 7 —economic value
Primary importance for companies has such assets as servers, POS terminals, and other critical infrastructure listed in Table 1.
At this stage, it is necessary to develop a scale measuring the importance of information resources (Figure 6, block C), which will take into account the weighting factor that reflects the potential loss in the case of a threat implementation for a particular information asset.
The calculation must be performed for each network asset. It should be noted that when assessing the resulting level of risk, the scales for different assets will differ [ [63,72,73]. This step involves the construction of risk matrices for each type of resource, according to which the assessment of risk level will take place (Figure 7).
When all input parameters are collected and analyzed, an assessment of the resulting risk score R is performed. It is calculated as a function of the input parameters and is the sum of the expected adverse effects that may occur provided that the threat will be realized due to the exploitation of the existing asset vulnerability:
R = F ( T , V , A ) ,
R —risk level;
T —threat assessment;
V —vulnerability assessment;
A —asset valuation.

4.5. Model Input

The input data of the model is a set of distributed metadata and metrics of information systems from IBM QRadar SIEM and additional monitoring resources (Table 2):
QRadar API-Reference Set;
QRadar API-Reference Map;
QRadar API-Reference Table;
QRadar API-Reference Map of Sets;
QRadar API-Vulnerability Manager;
QRadar API-Network hierarchy;
QRadar API-User Behavior Analytics (UBA);
QRadar API-Searches;
QRadar API-Offences;
QRadar API-Log Sources;
Active Directory-QRadar Reference Table with LDAP exported content (using the «Reference Data Import—LDAP» app);
McAfee ePolicy Orchestrator;
CMDB sync;
At this stage, the most important parameters that characterize each of the elements of a distributed system are identified and their relationship is analyzed.

4.6. Model Training

The practical implementation of the analytical module is based on the Scikit Learn library toolkit. The result of the simulation is the construction of a mathematical model that can predict the level of threats to a particular information asset based on various network metrics [74,75].
A dataset with 13,520 records was used to train the neural network component. The initial number of analyzed metrics is 235. Using principal component analysis, 67 informative parameters were identified. These are the predictors based on which the target attribute is calculated.
The initial dataset was divided into a data set for training (75% of the initial) and a data set for testing (25%). The piloting data is a numerical matrix of dimension m × (n + 1), in which the number of rows m corresponds to the size of the training sample, the first n columns—the value of the input variables of the model, and the last—the value of the output variable.
Although there are no formal recommendations for the number of rows of the test sample matrix, it is assumed that the quality of learning of the neural network and, consequently, the accuracy of the results obtained is proportional to the size of the training sample. As for the number of columns, in our case, for the analysis of the level of threats, it is 68 at the initial stage and changes dynamically depending on the number of categorical metrics, the number of which increases proportionally with an increasing volume of the training set.
A fragment of the test (or pilot) sample is shown in Table 3.
For some informative parameters, it is necessary to carry out post-processing and their presentation for model learning because the Scikit Learn toolkit for building neural networks cannot accept input of categorical (text) format and further process them. Most metrics are categorical, so at this stage they need vectorization.

4.7. Solution Adequacy Check

To confirm the adequacy of the proposed solution, we calculated the accuracy score of the neural network component and constructed the confusion matrix to visualize the performance and efficiency of the classification algorithm (Figure 8).
The confusion matrix, when classified into 3 classes (Low, Medium, and High) has a dimension of 3 × 3. The expected and actual results are the same in such cases: Low/Low—16 times, Medium/Medium—3 times, and High/High—1 time. False classification is observed in such cases: Low/Medium—4 times and Medium/High—1 time; other options are not observed in this example.
The model accuracy score is calculated based on the ratio of correct results to the total number: (16 + 3 + 1)/25 ∗ 100% = 80%.
It can be concluded that the model is well suited to describe real processes occurring in the system, as its accuracy is 80%.
It was found that the depth of the constructed decision tree is 6, and the number of possible end nodes is 11 (Figure 9).
After analyzing the graph, it is possible to estimate which metrics of the distributed system are the most informative and have the largest contribution to the indicator of threats level indicator and as a result the associated value of the level of risk. To conclude, the most important attributes for determining the resulting score are such metrics as the last login date, operating system type, and last scan or mapping date.

5. Results

This paper contains a structured comprehensive overview of existing approaches and modern methods of risk assessment, a description of the risk management process, as well as a review of international standards and methodologies in this field.
During the research, we developed a complex scalable method for determining the risk of critical information security incidents based on dynamic multifactorial analysis of distributed information system metadata and metrics. The proposed approach uses an intelligent assessment model based on the Decision Tree classification algorithm and provides a dynamic assessment methodology for any information assets without reference to a specific platform, network equipment, or software, which allows for conducting a comprehensive risk assessment for the infrastructure of any size, regardless of the number of information assets.
In the paper, we compare and analyze the strengths and weaknesses of existing risk assessment approaches and propose a new risk assessment model that sufficiently addresses all the characteristics of distributed information systems, which did not appear in the existing models. The developed solution provides a multifactorial and holistic analysis of distributed metadata and metrics from different log sources, which will solve the problem of incomplete information about the components of risk. Moreover, it relies on intellectual evaluation for continuous improvement of results, rapid adaptation, and identification of new risk vectors.
The proposed algorithm is simple in structure and easy to implement. It provides information security analysts with objective information to make informed decisions in the context of ensuring the security of distributed information systems.

6. Discussion of Results

The developed analytical software module can be integrated into the relevant information security systems and recommended for use in corporate networks for basic analysis of IS risks, as well as for assessing the effectiveness of the information protection system.
The scope of further research includes the improvement of the developed algorithm to improve the accuracy of forecasting, the use of Tree Pruning methods to eliminate the effect of overfitting and reduce the size and complexity of the constructed model, as well as the use of intelligent risk assessment models for the developed methodology.
To prepare for a potential attack, organizations must constantly assess their risk profile, make recommended corrections, and actively improve their defense system [76].
Conducting regular assessments allows us to identify cybersecurity risks on time and act to process, manage, and respond to identified threats [77].
However, this process is complicated by the functional distribution and complexity of distributed information systems. Risk assessment and prediction of potential threats in these conditions can be performed using dynamic multi-factor analysis of the system’s distributed metadata with an intelligent models approach.
Note that this study is one of the possible options for assessing cyber risks in information systems. In the literature of recent years, there are projects implemented using other methodologies for risk assessment—the Monte Carlo method [78], Bayesian networks [79] etc. Since the tasks being solved in those works are different, comparing their results to our work does not make sense. In subsequent works, we plan to carry out a risk assessment for one data set using various methods in information and control systems for various purposes [80,81,82] and analyze the result.

7. Conclusions

The theoretical result of the study is to prove the effectiveness of the Classification Decision Tree algorithm in the tasks of dynamic, multivariate analysis of distributed metadata systems using the evaluation of intelligent models. The practical result is the implementation of the developed assessment methodology in the form of a software module, achieving an integrated and multi-level approach to modeling cyber risks in distributed environments and having a number of significant benefits compared to classical approaches.
The result of the study include the following:
  • Existing methods and approaches to risk assessment are analyzed, and their advantages and disadvantages are identified.
  • The possibilities of using various methods of intellectual assessment for tasks related to determining the risk of critical information security incidents in distributed information systems are analyzed.
  • Simulation modeling of the process of calculating the level of IS risk based on a dynamic, multivariate analysis of distributed metadata and information system metrics was performed.
  • A scalable methodology for risk assessment of any information assets has been created without being tied to a specific platform, network equipment, or software, which will allow for a comprehensive risk assessment for the infrastructure of any size, regardless of the number of information assets.
  • An analytical software module has been developed that provides a dynamic, comprehensive, and easily scalable approach to assessing the multi-factor data of an information system and can be integrated into relevant information security monitoring systems
The effectiveness of the proposed solution is 80%, which demonstrates a high level of accuracy of the model in the tasks of intelligent evaluation and classification. In addition, it takes into account a wide range of metrics (67 informative parameters for a dataset with 13,520 records), which allows us to fully assess the state of security of information assets in view of ensuring the main properties of information (confidentiality, integrity, and availability), has correlation to MITRE ATT&CK and CVE, and has full compliance with core standards and guidelines in the field of IS risk analysis and assessment (ISO/IEC 27001, ISO/IEC 27005: 2018, NIST 800-30, etc.).
Despite the heterogeneous nature of the input data, the work results demonstrate excellent performance indicators and can be recommended for use in operating conditions in distributed systems, for learning and modeling purposes in further research, and also implemented in information protection systems of the corporate segment for basic risk evaluation and assessment.

Author Contributions

Conceptualization, D.P. and T.B.; Methodology, A.B. (Andrii Bigdan) and T.H.; Data curation, A.B. (Andrii Bigdan) and N.K.; Formal analysis, N.K. and H.H.; Resources, S.T. and O.G.; Software, D.P., M.K. and A.B. (Andrze Borusiewicz); Project administration, N.K.; Supervision, T.H. All authors have read and agreed to the published version of the manuscript.


Financed from the subsidy of the Ministry of Education and Science for the Hugo Kołłątaj Agricultural University in Kraków for the year 2023.

Institutional Review Board Statement

Not applicable.

Informed Consent Statement

Not applicable.


The National Centre for Research and Development as Programme Operator of the Programme ‘Applied Research’ implemented under the European Economic Area Financial Mechanism (EEA FM) 2014–2021 and the Norwegian Financial Mechanism (NMF) 2014–2021 announces Scheme: Support for Ukrainian Researchers under Bilateral Fund.

Conflicts of Interest

The authors declare no conflict of interest.


  1. Bhatti, B.M.; Mubarak, S.; Nagalingam, S. Information Security Risk Management in IT Outsourcing—A Quarter-century Systematic Literature Review. J. Glob. Inf. Technol. Manag. 2021, 24, 259–298. [Google Scholar] [CrossRef]
  2. Pan, L.; Tomlinson, A. A systematic review of information security risk assessment. Int. J. Saf. Secur. Eng. 2016, 6, 270–281. [Google Scholar] [CrossRef]
  3. Semin, V.G.; Shmakova, E.G.; Los, A.B. The information security risk management. In Proceedings of the 2017 International Conference “Quality Management, Transport and Information Security, Information Technologies” (IT&QM&IS), St. Petersburg, Russia, 24–30 September 2017; IEEE: Piscataway, NJ, USA, 2017. [Google Scholar] [CrossRef]
  4. Saluja, U.; Idris, N.B. Statistics Based Information Security Risk Management Methodology. IJCSNS Int. J. Comput. Sci. Netw. Secur. 2015, 15, 117–123. Available online: (accessed on 20 January 2023).
  5. Karabacak, B.; Sogukpinar, I. ISRAM: Information security risk analysis method. Comput. Secur. 2005, 24, 147–159. [Google Scholar] [CrossRef]
  6. Lv, J.-J.; Wang, Y.-Z. A Ranking Method for Information Security Risk Management Based on AHP and PROMETHEE. In Proceedings of the 2010 International Conference on Management and Service Science, Wuhan, China, 24–26 August 2010. [Google Scholar] [CrossRef]
  7. Tryhuba, A.; Hutsol, T.; Kuboń, M.; Tryhuba, I.; Komarnitskyi, S.; Tabor, S.; Kwaśniewski, D.; Mudryk, K.; Faichuk, O.; Hohol, T.; et al. Taxonomy and Stakeholder Risk Management in Integrated Projects of the European Green Deal. Energies 2022, 15, 2015. [Google Scholar] [CrossRef]
  8. Sahinoglu, M. Security Meter: A Practical Decision-Tree Model to Quantify Risk. IEEE Secur. Priv. 2005, 3, 18–24. [Google Scholar] [CrossRef]
  9. Data Risk Management. Available online: (accessed on 20 January 2023).
  10. Ahmed, A.; Kayis, B.; Amornsawadwatana, S. A review of techniques for risk management in projects. Benchmarking Int. J. 2007, 14, 22–36. [Google Scholar] [CrossRef]
  11. Elzamly, A.; Hussin, B. Managing Software Project Risks with Proposed Regression Model Techniques and Effect Size Technique. Int. Rev. Comput. Softw. 2011, 6, 250–263. [Google Scholar]
  12. Elzamly, A.; Hussin, B.; Salleh, N. Methodologies and techniques in software risk management approach for mitigating risks: A review. Asian J. Math. Comput. Res. 2015, 2, 184–198. [Google Scholar]
  13. Liu, J.Y.-C.; Chen, H.-G.; Chen, C.C.; Sheu, T.S. Relationships among interpersonal conflict, requirements uncertainty, and software project performance. Int. J. Proj. Manag. 2011, 29, 547–556. [Google Scholar] [CrossRef]
  14. Cyber Reporting Survey: Governance in Focus | Cyber Risk Reporting in the UK, Survey, Deloitte. 2016. Available online: (accessed on 20 January 2023).
  15. Elzamly, A.; Hussin, B. Quantitative and Intelligent Risk Models in Risk Management for Constructing Software Development Projects: A Review. Int. J. Softw. Eng. Its Appl. 2016, 10, 9–20. [Google Scholar] [CrossRef]
  16. Miler, J.; Górsk, J. Risk-driven Software Process Improvement—A Case Study. In Proceedings of the 11th European Software Process Improvement Conference EuroSPI’2004, Trondheim, Norway, 10–12 November 2004; pp. 1–7. [Google Scholar]
  17. Islam, S. Software Development Risk Management Model—A Goal Driven Approach. In Proceedings of the doctoral symposium for ESEC/FSE on Doctoral symposium, Amsterdam, The Netherlands, 25 August 2009; pp. 5–8. [Google Scholar]
  18. Dash, R.; Dash, R. Risk Assessment Techniques for Software Development. Eur. J. Sci. Res. 2010, 42, 629–636. [Google Scholar]
  19. Alberts, C.J.; Behrens, S.G.; Pethia, R.D.; Wilson, W.R. Operationally Critical Threat, Asset and Vulnerability Evaluation; Software Engineering Institute: Pittsburgh, PA, USA, 1999; 72p. [Google Scholar]
  20. 2019 Global Cyber Risk Perception Survey. 2019. Marsh, Microsoft. Available online: (accessed on 20 January 2023).
  21. 2022 Marsh and Microsoft Global Cyber Risk Survey. Available online: (accessed on 20 January 2023).
  22. Cebula, J.J.; Young, L.R. A Taxonomy of Operational Cyber Security Risks; Hanscom AFB: Hanscom AFB, MA. USA; Carnegie Mellon University: Pittsburgh, PA, USA, 2010; 47p. [Google Scholar]
  23. Tryhuba, A.; Hutsol, T.; Tryhuba, I.; Mudryk, K.; Kukharets, V.; Głowacki, S.; Dibrova, L.; Kozak, O.; Pavlenko-Didur, K. Assessment of the Condition of the Project Environment for the Implementation of Technologically Integrated Projects of the “European Green Deal” Using Maize Waste. Energies 2022, 15, 8220. [Google Scholar] [CrossRef]
  24. Tryhuba, A.; Komarnitskyi, S.; Tryhuba, I.; Hutsol, T.; Yermakov, S.; Muzychenko, A.; Muzychenko, T.; Horetska, I. Planning and risk analysis in projects of procurement of agricultural raw materials for the production of environmentally friendly fuel. Int. J. Renew. Energy Dev. 2022, 11, 569–580. [Google Scholar] [CrossRef]
  25. Ibrahim, M.N.; Thorpe, D.; Mahmood, M.N. Risk factors affecting the ability for earned value management to accurately assess the performance of infrastructure projects in Australia. Constr. Innov. 2019, 19, 550–569. [Google Scholar] [CrossRef]
  26. Tanenbaum, A.S.; van Steen, M. Distributed Systems. Principles and Paradigms, 2nd ed.; Pearson Prentice Hall: Upper Saddle River, NJ, USA, 2007; pp. 2–15. [Google Scholar]
  27. Dubois, E.; Heymans, P.; Mayer, N.; Matulevicius, R. A Systematic Approach to Define the Domain of Information System Security Risk Management. Intentional Perspectives on Information Systems Engineering; Springer: Berlin/Heidelberg, Germany, 2010. [Google Scholar] [CrossRef]
  28. Barham, P.; Dragovic, B.; Fraser, K.; Hand, S.; Harris, T.; Ho, A.; Neugebauer, R.; Pratt, I.; Warfield, A. Xen and the Art of Virtualization. In Proceedings of the 19th Symposium on Operating Systems Principles, Bolton Landing, NY, USA, 19–22 October 2003; ACM: New York, NY, USA, 2003; pp. 164–177. [Google Scholar]
  29. Kiktev, N.; Kutyrev, A.; Khort, D.; Kalivoshko, O. Web Application for an Information System for Diagnosing the Quality of Electricity Consumers Using Cloud Technologies. VIII International Scientific Conference “Information Technology and Implementation” (IT&I-2021). CEUR Workshop Proc. 2022, 3132, 176–185. Available online: (accessed on 20 January 2023).
  30. Kiktev, N.; Osypenko, V.; Kalivoshko, O.; Kutyrev, A. Information system for decision-making in the management of renewable energy sources in the microgrid system. CEUR Workshop Proc. 2021, 3018, 101–110. [Google Scholar]
  31. Kraevsky, V.; Kostenko, O.; Kalivoshko, O.; Kiktev, N.; Lyutyy, I. Financial Infrastructure of Telecommunication Space: Accounting Information Attributive of Syntalytical Submission. In Proceedings of the 2019 IEEE International Scientific-Practical Conference Problems of Infocommunications, Science and Technology (PIC S&T), Kyiv, Ukraine, 8–11 October 2019; pp. 873–876. [Google Scholar] [CrossRef]
  32. Kalivoshko, O.; Kraevsky, V.; Burdeha, K.; Lyutyy, I.; Kiktev, N. The Role of Innovation in Economic Growth: Information and Analytical Aspect. In Proceedings of the 2021 IEEE 8th International Conference on Problems of Infocommunications, Science and Technology (PIC S&T), Kharkiv, Ukraine, 5–7 October 2021; pp. 120–124. [Google Scholar] [CrossRef]
  33. Smirnova, E.V.; Smirnov, A.O.; Olshevskay, O.V. Features of information security in the electric power industry [Osobennosti informacionnoj bezopasnosti v jelektrojenergetike]. Refrig. Eng. Technol. 2016, 10, 39–44. (In Russian) [Google Scholar] [CrossRef]
  34. Korablev, V.A.; Mazurok, T.L. Information technology of behavioral models of multi-agent robotic systems [Informacionnaya tekhnologiya povedencheskih modelej mul’tiagentnyh robototekhnicheskih sistem]. In Information Technology and Automation—2019, Proceedings of the XII International Scientific and Practical Conference, Odessa, Ukraine, 17–18 October 2019; 2019; Volume 2, pp. 63–65. Available online: (accessed on 20 January 2023). (In Russian)
  35. Zikratova, I.A.; Zikratovab, T.V.; Lebedeva, I.S. Trust model for information security of multi-agent robotic systems with a decentralized management [Doveritel’naja model’ informacionnoj bezopasnosti mul’tiagentnyh robototehnicheskih sistem s decentralizovannym upravleniem]. Sci. Tech. J. Inf. Technol. Mech. Opt. 2014, 2, 47–52. Available online: (accessed on 20 January 2023). (In Russian).
  36. Vorotnikov, S.; Ermishin, K.; Nazarova, A.; Yuschenko, A. Multi-agent Robotic Systems in Collaborative Robotics. In ICR 2018: Interactive Collaborative Robotics; Lecture Notes in Computer Science; Ronzhin, A., Rigoll, G., Meshcheryakov, R., Eds.; Springer: Berlin/Heidelberg, Germany, 2018; Volume 11097. [Google Scholar] [CrossRef]
  37. Kiktev, N.; Didyk, A.; Antonevych, M. Simulation of Multi-Agent Architectures for Fruit and Berry Picking Robot in Active-HDL. In Proceedings of the 2020 IEEE International Conference on Problems of Infocommunications Science and Technology, PIC S and T, Kharkiv, Ukraine, 6–9 October 2020; IEEE: Piscataway, NJ, USA, 2021; pp. 635–640. [Google Scholar] [CrossRef]
  38. Kiktev, N.; Lendiel, T.; Vasilenkov, V.; Kapralyuk, O.; Hutsol, T.; Glowacki, S.; Kuboń, M.; Kowalczyk, Z. Automated Microclimate Regulation in Agricultural Facilities Using the Air Curtain System. Sensors 2021, 21, 8182. [Google Scholar] [CrossRef]
  39. Ismail, Z.; Sariff, N. A Survey and Analysis of Cooperative Multi-Agent Robot Systems: Challenges and Direction. In Applications of Mobile Robots; Hurtado, E., Ed.; IntechOpen: London, UK, 2018. [Google Scholar] [CrossRef]
  40. McCumber, J. Assessing and Managing Security Risk in IT Systems: A Structured Methodology; Auerbach Publications: New York, NY, USA, 2004; 288p. [Google Scholar]
  41. Hoodat, H.; Rashidi, H. Classification and Analysis of Risks in Software Engineering. Eng. Technol. 2009, 56, 446–452. [Google Scholar]
  42. Carr, V.; Tah, J. A fuzzy approach to construction project risk assessment and analysis: Construction project risk management system. Adv. Eng. Softw. 2001, 32, 847–857. [Google Scholar] [CrossRef]
  43. Henry, K. Risk management and analysis. In Information Security Management Handbook, 6th ed.; Auerbach Publications: Boca Raton, FL, USA, 2017; Volume 1, pp. 321–329. [Google Scholar]
  44. Turnaround and Transformation in Cybersecurity: Key Findings from The Global State of Information Security Survey. PricewaterhouseCoopers (PwC). 2016. Available online: (accessed on 20 January 2023).
  45. SSE Project Team. System Security Engineering Capability Maturity Model (SSE-CMM): Model Description Document, Version 3.0; Technical Report; SSE-CMM, 2003. Available online: (accessed on 20 January 2023).
  46. Department of Energy. Cybersecurity Capability Maturity Model (C2M2), Version 1.1; Technical report; Department of Homeland Security: Washington, DC, USA, 2014. [Google Scholar]
  47. White, G.B. The community cyber security maturity model. In Proceedings of the 2011 IEEE International Conference on Technologies for Homeland Security (HST), Waltham, MA, USA, 15–17 November 2011; pp. 173–178. [Google Scholar] [CrossRef]
  48. The Open Group. Open Information Security Management Maturity Model (O-ISM3); Technical report; Open Group: San Francisco, CA, USA, 2011. [Google Scholar]
  49. Grechko, V.; Babenko, T.; Myrutenko, L. Secure software developing recommendations. In Proceedings of the 2019 IEEE International Scientific-Practical Conference: Problems of Infocommunications Science and Technology, PIC S and T 2019—Proceedings, Kyiv, Ukraine, 8–11 October 2019; 45–50, p. 9061529. [Google Scholar] [CrossRef]
  50. Korchenko, O.; Kazmirchuk, S.; Akhmetov, B. Applied Information Security Risk Assessment Systems; Comprint: Kyiv, Ukraine, 2017; 435p. [Google Scholar]
  51. Zaslavskyi, V. System principles, mathematical models and methods to ensure high reliability of safety systems. Proc. SPIE 2017, 10418, 1041803. [Google Scholar]
  52. Denis, M.; Zena, C.; Hayajneh, T. Penetration testing: Concepts, attack methods, and defense strategies. In Proceedings of the 2016 IEEE Long Island Systems, Applications and Technology Conference (LISAT), Farmingdale, NY, USA, 29 April 2016; pp. 1–6. [Google Scholar] [CrossRef]
  53. Rot, A. IT Risk Assessment: Quantitative and Qualitative Approach. In Proceedings of the World Congress on Engineering and Computer Science, San Francisco, CA, USA, 22–24 October 2008; pp. 1073–1078. [Google Scholar]
  54. Norkin, V.I.; Gaivoronski, A.A.; Zaslavsky, V.A.; Knopov, P.S. Models of the Optimal Resource Allocation for the Critical Infrastructure Protection. Cybern. Syst. Anal. 2018, 54, 696–706. [Google Scholar] [CrossRef]
  55. Landoll, D. The Security Risk Assessment Handbook: A Complete Guide for Performing Security Risk Assessments; Auerbach Publications: Boca Raton, FL, USA, 2016; 504p. [Google Scholar]
  56. Xiao, G.; Xiao, Y.; Ni, A.; Zhang, C.; Zong, F. Exploring influence mechanism of bikesharing on the use of public transportation—A case of Shanghai. Transp. Lett. 2022, 1–9. [Google Scholar] [CrossRef]
  57. Sánchez-García, I.D.; Mejia, J.; San Feliu Gilabert, T. Cybersecurity Risk Assessment: A Systematic Mapping Review, Proposal, and Validation. Appl. Sci. 2023, 13, 395. [Google Scholar] [CrossRef]
  58. Ntafloukas, K.; McCrum, D.P.; Pasquale, L. A Cyber-Physical Risk Assessment Approach for Internet of Things Enabled Transportation Infrastructure. Appl. Sci. 2022, 12, 9241. [Google Scholar] [CrossRef]
  59. Williams, T.D. The Value of Threat Models in Enterprise Security Testing of Database Systems & Services: Technical Report; Royal Holloway: Egham, UK; University of London: London, UK, 2015; 165p. [Google Scholar]
  60. Hubbard, D.W.; Seiersen, R. How to Measure Anything in Cybersecurity Risk; Wiley: Hoboken, NJ, USA, 2016. [Google Scholar]
  61. Kravchenko, Y.; Vialkova, V. The problem of providing functional stability properties of information security systems. In Modern Problems of Radio Engineering, Telecommunications and Computer Science, Proceedings of the 13th International Conference on TCSET 2016, Lviv, Ukraine, 23–26 February 2016; IEEE: Piscataway, NJ, USA, 2016; Volume 7452105, pp. 526–530. [Google Scholar]
  62. Radivilova, T.; Kirichenko, L.; Alghawli, A.S.; Ageyev, D.; Mulesa, O.; Baranovskyi, O.; Ilkov, A.; Kulbachnyi, V.; Bondarenko, O. Statistical and Signature Analysis Methods of Intrusion Detection. In Information Security Technologies in the Decentralized Distributed Networks; Oliynykov, R., Kuznetsov, O., Lemeshko, O., Radivilova, T., Eds.; Lecture Notes on Data Engineering and Communications Technologies, 115; Springer: Cham, Switzerland, 2022. [Google Scholar] [CrossRef]
  63. Viktoriia, H.; Hnatienko, H.; Babenko, T. An intelligent model to assess information systems security level. In Proceedings of the 2021 Fifth World Conference on Smart Trends in Systems Security and Sustainability (WorldS4), London, UK, 29–30 July 2021; pp. 128–133. [Google Scholar] [CrossRef]
  64. Barabash, O.; Shevchenko, H.; Dakhno, N.; Kravchenko, Y.; Olga, L. Effectiveness of Targeting Informational Technology Application. In Proceedings of the 2020 IEEE 2nd International Conference on System Analysis and Intelligent Computing, SAIC 2020, Kyiv, Ukraine, 5–9 October 2022; Volume 9239154. [Google Scholar]
  65. Mulesa, O.; Snytyuk, V.; Myronyuk, I. Optimal alternative selection models in a multi-stage decision-making process. EUREKA: Phys. Eng. 2019, 6, 43–50. [Google Scholar] [CrossRef]
  66. Palko, D.; Hnatienko, H.; Babenko, T.; Bigdan, A. Determining key risks for modern distributed information systems. Proceedings of the II International Scientific Symposium “Intelligent Solutions” (IntSol-2021), Kyiv—Uzhhorod, Ukraine, September 28–30, 2021. CEUR Workshop Proc. 2021, 3018, 81–100. Available online: (accessed on 20 January 2023).
  67. Rodríguez, M.; Alesanco, Á.; Mehavilla, L.; García, J. Evaluation of Machine Learning Techniques for Traffic Flow-Based Intrusion Detection. Sensors 2022, 22, 9326. [Google Scholar] [CrossRef]
  68. Palko, D.; Vialkova, V.; Babenko, T. Intellectual Models for Cyber Security Risk Assessment. Processing, Transmission and Security of Information; Wydawnictwo Naukowe Akademii Techniczno-Humanistycznej w Bielsku-Białej: Bielsku-Biała, Poland, 2019; Volume 2, pp. 284–288. [Google Scholar]
  69. Żukiewicz, K.; Słowik, T.; Dudziak, A. Preventing Food Waste in the Food Retail Sector in the Light of the Current Legislation in Poland. Agric. Eng. 2022, 26, 187–199. [Google Scholar] [CrossRef]
  70. Palko, D.; Myrutenko, L.; Babenko, T.; Bigdan, A. Model of Information Security Critical Incident Risk Assessment. In Proceedings of the 2020 IEEE International Conference on Problems of Infocommunications Science and Technology, PIC S and T 2020, Kharkiv, Ukraine, 6–9 October 2020; IEEE: Piscatway, NJ, USA, 2021; pp. 157–161. [Google Scholar] [CrossRef]
  71. Hnatiienko, H.; Kiktev, N.; Babenko, T.; Desiatko, A.; Myrutenko, L. Prioritizing Cybersecurity Measures with Decision Support Methods Using Incomplete Data. CEUR Workshop Proc. 2021, 3241, 169–180. [Google Scholar]
  72. Babenko, T.; Hnatiienko, H.; Vialkova, V. Modeling of the integrated quality assessment system of the information security management system. 7th International Conference “Information Technology and Interactions”, IT and I 2020; Kyiv; Ukraine, 2–3 December 2020. CEUR Workshop Proc. 2021, 2845, 75–84. Available online: (accessed on 20 January 2023).
  73. Dolgikh, S.; Mulesa, O. Collaborative Human-AI Decision-Making Systems. CEUR Workshop Proc. 2021, 3106, 96–105. [Google Scholar]
  74. Voloshin, O.F.; Mashchenko, O.S.O. Models and Methods of Decision Making: Textbook. Textbook for Students of Higher Educational Institutions; Publishing and Printing Center “Kyiv University”: Kyiv, Ukraine, 2010; 336p. [Google Scholar]
  75. Sarker, I.H. Deep Cybersecurity: A Comprehensive Overview from Neural Network and Deep Learning Perspective. SN Comput. Sci. 2021, 2, 1–16. [Google Scholar] [CrossRef]
  76. AI Cybersecurity Challenges. Threat Landscape for Artificial Intelligence; ENISA: Attiki, Greece, 2020; ISBN 978-92-9204-462-6. [Google Scholar] [CrossRef]
  77. Vasile, E.; Croitoru, I. Integrated Risk Management System—Key Factor of the Management System of the Organization. In Risk Management; IntechOpen: London, UK, 2012. [Google Scholar] [CrossRef]
  78. Korneev, N.V.; Korneeva, J.V.; Yurkevichyus, S.P.; Bakhturin, G.I. An Approach to Risk Assessment and Threat Prediction for Complex Object Security Based on a Predicative Self-Configuring Neural System. Symmetry 2022, 14, 102. [Google Scholar] [CrossRef]
  79. Andrade, R.; Ortiz, I.; Cazares, M.; Navas, G.; Sánchez-Pazmiño, M.I. Defining Cyber Risk Scenarios to Evaluate IoT Systems. Games 2023, 14, 1. [Google Scholar] [CrossRef]
  80. Chen, X.; Wu, S.; Shi, C.; Huang, Y.; Yang, Y.; Ke, R.; Zhao, J. Sensing Data Supported Traffic Flow Prediction via Denoising Schemes and ANN: A Comparison. IEEE Sensors J. 2020, 20, 14317–14328. [Google Scholar] [CrossRef]
  81. Cherdantseva, Y.; Burnap, P.; Nadjm-Tehrani, S.; Jones, K. A Configurable Dependency Model of a SCADA System for Goal-Oriented Risk Assessment. Appl. Sci. 2022, 12, 4880. [Google Scholar] [CrossRef]
  82. Dudnyk, A.; Lysenko, V.; Zaets, M.; Komarchuk, D.; Lendiel, T.; Yakymenko, I. Intelligent Control System of Biotechnological Objects with Fuzzy Controller and Noise Filtration Unit. In Proceedings of the 2018 International Scientific-Practical Conference Problems of Infocommunications. Science and Technology (PIC S&T), Kharkiv, Ukraine, 9–12 October 2018; pp. 586–590. [Google Scholar] [CrossRef]
Figure 1. Types of cyber risks according to the annual Deloitte research “Cyber risk reporting in the UK 2016”.
Figure 1. Types of cyber risks according to the annual Deloitte research “Cyber risk reporting in the UK 2016”.
Applsci 13 02393 g001
Figure 2. Key factors measuring the level of cyber risks according to “The Marsh Microsoft 2019 Global Cyber Risk Perception Survey” (September 2019).
Figure 2. Key factors measuring the level of cyber risks according to “The Marsh Microsoft 2019 Global Cyber Risk Perception Survey” (September 2019).
Applsci 13 02393 g002
Figure 3. The basic risk assessment process.
Figure 3. The basic risk assessment process.
Applsci 13 02393 g003
Figure 4. Data from PwC’s “The Global State of Information Security® Survey 2016”.
Figure 4. Data from PwC’s “The Global State of Information Security® Survey 2016”.
Applsci 13 02393 g004
Figure 5. Decision Tree intelligent risk assessment.
Figure 5. Decision Tree intelligent risk assessment.
Applsci 13 02393 g005
Figure 6. Risk assessment methodology.
Figure 6. Risk assessment methodology.
Applsci 13 02393 g006
Figure 7. Risk level calculation matrices for assets of different criticality.
Figure 7. Risk level calculation matrices for assets of different criticality.
Applsci 13 02393 g007
Figure 8. Performing the solution adequacy check.
Figure 8. Performing the solution adequacy check.
Applsci 13 02393 g008
Figure 9. Results visualization of building a decision tree.
Figure 9. Results visualization of building a decision tree.
Applsci 13 02393 g009
Table 1. Assets types.
Table 1. Assets types.
Asset TypeExplanationThe Level of Criticality
EXTExternal serversHigh
PCWorkstations/personal computersLow
TCThin customersModerate
NETNetwork equipmentHigh
POSPayment terminalHigh
CASHCash registerHigh
SRCVirtual machineLow
Table 2. Example of distributed metadata and asset metrics.
Table 2. Example of distributed metadata and asset metrics.
Metrics NameDescriptionImpact on Final Risk ScoreExample of Value
TypeDevice typeHighPC/NB/TAB/SRV/SRD
Last scanDate-time of the last scan or mappingHigh20 April 2020 22:02
AV TypeType of antivirusHighMcAfee/WinDefender
Last logonDate-time of the last loginLow15 April 2020 19:40
OS TypeOperating system typeHighWindows Server 2008 R2 Enterprise
OS VersionOperating system versionModerate6.1
OS Build NumberOperating system build versionModerate7600
Blocked in ADLock status in Active DirectoryModerateYes/No
Last Asset UpdateLast update date of the assetLow8 November 2019 9:02
VulnerabilitiesNumber of found vulnerabilitiesHigh3
Critical VLANDoes the network belong to criticalHighYes/No
WirelessIs the network wirelessModerateYes/No
Last EventDate-time of the last event in QRadarHigh22 April 2020 16:22
Backup StatusIs the backup performedHighYes/No
Defender Last UpdateTime of last Windows Defender updateHigh23 April 2020 0:02
McAfee VersionMcAfee Agent versionModerate5.6.1.157
Table 3. Fragment of the training dataset.
Table 3. Fragment of the training dataset.
TypeOS TypeLast ScanVulnerabilitiesCritical VLANWirelessAV TypeEnvironmentBackup StatusThreats Level
PCWindows Pro17 February 2020 10:111YesYesMcAfeePre-
SRVWindows Server 2019 Std20 April 2020 20:43−1YesNoWindows DefenderProductionYesLow
SRVWindows Server 2012 R2 Std21 October 2019 15:393YesNoWindows DefenderProductionYesHigh
NBWindows 10 Enterprise14 April 2020 7:51−1NoNoMcAfeeTestingNo...Low
TABWindows 8.1 Pro20 April 2020 21:44−1NoYesWindows DefenderDevelopmentNoLow
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

MDPI and ACS Style

Palko, D.; Babenko, T.; Bigdan, A.; Kiktev, N.; Hutsol, T.; Kuboń, M.; Hnatiienko, H.; Tabor, S.; Gorbovy, O.; Borusiewicz, A. Cyber Security Risk Modeling in Distributed Information Systems. Appl. Sci. 2023, 13, 2393.

AMA Style

Palko D, Babenko T, Bigdan A, Kiktev N, Hutsol T, Kuboń M, Hnatiienko H, Tabor S, Gorbovy O, Borusiewicz A. Cyber Security Risk Modeling in Distributed Information Systems. Applied Sciences. 2023; 13(4):2393.

Chicago/Turabian Style

Palko, Dmytro, Tetiana Babenko, Andrii Bigdan, Nikolay Kiktev, Taras Hutsol, Maciej Kuboń, Hryhorii Hnatiienko, Sylwester Tabor, Oleg Gorbovy, and Andrzej Borusiewicz. 2023. "Cyber Security Risk Modeling in Distributed Information Systems" Applied Sciences 13, no. 4: 2393.

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop