Modeling the security of critical information infrastructure of the financial sector based on organizational structure and management data

Standards and approaches are considered in the field of ensuring the security of critical information infrastructure objects applied to banking system organizations. The aspects under study include the organizational structure and management, which affect the level of security in terms of the degree of personnel training, distribution of roles and powers, and the organization's readiness to recover from security incidents. Based on the internal audit methodology used in banking system organizations to maintain the security of information infrastructure objects at a sufficient level, a model is proposed, taking into account expert assessments of the indicators of the organizational structure and management. The directions for improving the method are shown. It is proposed to take into account the hierarchy of security requirements, use logical rules in expert assessment, on the basis of which an improved model is built. As a result, a hierarchy of private indicators is built based on their verbal formulations, data are modeled and an assessment of the level of information security is performed using the proposed approaches. The practical value of the work consists in the possibility of improving the internal audit activities of the banking system entities on its basis to ensure a sufficient level of security of critical information infrastructure objects.

1. Tokarev V.L., Sychugov A.A. Intelligent Support for Detecting Information Security Incidents. Modeling, Optimization and Information Technology. 2023;11(1). (In Russ.). https://doi.org/10.26102/2310-6018/2023.40.1.006

2. Miloserdov I.V., Malyshev V.A. Statistical Algorithm for Detecting Computer Security Threats. Modeling, Optimization and Information Technology. 2020;8(4). (In Russ.). https://doi.org/10.26102/2310-6018/2020.31.4.020

3. Chernov D.V. A Method for Quantifying the Danger of Implementing Threats to the Information Security of Objects of Critical Information Infrastructure by Potential Violators. Modeling, Optimization and Information Technology. 2025;13(2). (In Russ.). https://doi.org/10.26102/2310-6018/2025.49.2.013

4. Karpukhin A.I. Assessing the Security Level of Critical Infrastructure Facilities Using Machine Learning and Semantic Analysis of Text Descriptions of Threats and Vulnerabilities. Construction Economics. 2025;(6):479–482. (In Russ.).

5. Palchevsky E.V., Antonov V.V., Filimonov N.B., et al. Development of a Method for Training a Pulse Neural Network and its Application in a New Approach for Analyzing Network Traffic and Detecting DDos Attacks. [Preprint]. SSRN. URL: https://doi.org/10.2139/ssrn.5009235 [Accessed 16th June 2025].

6. Korchagin S.A., Rubtsov D.Yu., Bespalova N.V., Serdechny D.V. Development of Intelligent Models for Proactive Protection of Critical Infrastructure of the Financial Sector Using the Example of Information Support for Contract Systems. Modeling, Optimization and Information Technology. 2024;12(4). (In Russ.). https://doi.org/10.26102/2310-6018/2024.47.4.005

7. Deming E. The New Economics. Moscow: Alpina Publisher; 2022. 184 p. (In Russ.).

8. Sirotskiy A.A., Reznichenko S.A. A Formalized Model of an Organization Information Security Audit for Compliance with the Requirements of Standards. IT Security (Russia). 2021;28(3):103–117. (In Russ.). https://doi.org/10.26583/bit.2021.3.09

9. Kolychev V.D., Budanov N.A. Development of a Comprehensive Methodology for Assessing Information Security Risks in a Commercial Bank. IT Security (Russia). 2021;28(2):83–97. (In Russ.). https://doi.org/10.26583/bit.2021.2.08

10. Baksheev A.S., Livshitz I.I. Development of a Methodology for Monitoring the Level of Information Security of Critical Information Infrastructure Objects. Voprosy kiberbezopasnosti. 2023;(2):85–98. (In Russ.).