RADIOELECTRONIC AND COMPUTER SYSTEMS

This integrated approach aims to prevent suboptimal prioritization, ensure effective resource allocation, and expedite the recovery of information systems. Methodology: the proposed methodology establishes a hierarchical, multi-factor prioritization approach. It integrates the quantitative technical severity assessment provided by CVSS with Ukraine’s national criticality levels. This dual-layer scoring is further supplemented by a structured tie-breaking mechanism using additional attributes to achieve precise prioritization. A structured dataset was constructed, covering nationwide impact, economic consequences, information-related impacts, functional consequences, recovery capabilities, and system/network specifics. A prioritization methodology was developed, involving five key phases: incident registration, data verification, correlation and aggregation, criticality assessment, and tie-breaking. Dedicated software was implemented to simulate the algorithm within the CERT-UA environment, enabling real-time registration, evaluation, and visualization of prioritized incidents. The simulation tested the algorithm’s effectiveness in handling incident inflows and its potential to streamline response efforts. Conclusions: this study presents a robust and novel multi-factor methodology that overcomes the insufficient granularity of existing national criticality levels. Introducing a hierarchical tie-breaking mechanism, the approach provides CERT-UA with a clear, decisive, and efficient tool for incident prioritization. Simulation and pilot implementations confirm the algorithm’s practical value and immediate applicability within the existing operational environments, significantly enhancing the ability of national-level response teams to mitigate the negative impacts of cyber threats. The system’s simplicity and adaptability ensure its applicability within existing operational environments, while its tie-breaking mechanism minimizes the risk of suboptimal prioritization. Future research directions include integrating artificial intelligence and machine learning to enhance prioritization accuracy and adapting this methodology for diverse organizational contexts. This work lays a strong foundation for advancing cyber incident management, addressing the evolving nature of cybersecurity challenges.

cyber incident prioritization; criticality levels; cyberattacks; incident handling; CVSS; MCDA; simulation tests; emerging technologies; artificial intelligence; machine learning

Terranova Security, 2024. 130 Cyber Security Statistics: 2024 Trends and Data. Available at: https://www.terranovasecurity.com/blog/cyber-security-statistics (accessed 19 June 2025).

State Center for Cyber Defense of the State Service for Special Communications and Information Protection of Ukraine, 2023. Zvit pro robotu 2023 [Work Report 2023]. Available at: https://scpc.gov.ua/api/files/9c21855d-74da-45d1-90f9-5d4f6795996a (accessed 19 June 2025). (In Ukrainian).

Cremer, F., Sheehan, B., Fortmann, M., Kia, A. N., Mullins, M., Murphy, F., & Materne, S. Cyber Risk and Cybersecurity: A Systematic Review of Data Availability. The Geneva Papers on Risk and Insurance - Issues and Practice, 2022, vol. 47, pp. 698–736. DOI: 10.1057/s41288-022-00266-6.

Crotty, J., & Daniel, E. Cyber Threat: Its Origins and Consequence and the Use of Qualitative and Quantitative Methods in Cyber Risk Assessment. Applied Computing and Informatics, 2022. DOI: 10.1108/ACI-07-2022-0178.

Abdiraman, A., Goranin, N., Balevicius, S., Nurusheva, A., & Tumasonienė, I. Application of Multicriteria Methods for Improvement of Information Security Metrics. Sustainability, 2023, vol. 15, no. 10, article no. 8114. DOI: 10.3390/su15108114.

Jang, J., Jung, S., Ahn, M., Kim, D., Youn, J., & Shin, D. Research on Quantitative Prioritization Techniques for Selecting Optimal Security Measures. IEEE Access, 2024, vol. 12, pp. 103855–103867. DOI: 10.1109/ACCESS.2024.3433404.

Haji, S., Tan, Q., & Soler Costa, R. A Hybrid Model for Information Security Risk Assessment. International Journal of Advanced Trends in Computer Science and Engineering, 2019, vol. 8, no. 1.1, pp. 100–106. DOI: 10.30534/ijatcse/2019/1981.12019.

CISA, 2017. US-CERT Federal Incident Notification Guidelines. Available at: https://www.cisa.gov/sites/default/files/publications/Federal_Incident_Notification_Guidelines_2015.pdf (accessed 19 June 2025).

Adekoya, O. A., Atlam, H. F., & Lallie, H. S. Quantifying the Multidimensional Impact of Cyber Attacks in Digital Financial Services: A Systematic Literature Review. Sensors, 2025, vol. 25, iss. 14, article no. 4345. DOI: 10.3390/s25144345.

ISO/IEC 27035-1:2023. Information Technology — Information Security Incident Management. Part 1: Principles and Process. Available at: https://www.iso.org/standard/78973.html (accessed 19 June 2025).

NIST SP 800-61 Rev. 2 Computer Security Incident Handling Guide. Available at: https://csrc.nist.gov/pubs/sp/800/61/r2/final (accessed 19 June 2025).

ENISA. 2022. Interoperable EU Risk Management Framework: Methodology for Assessment of Interoperability Among Risk Management Frameworks and Methodologies, Updated Report. December 2022. Available at: https://www.enisa.europa.eu/sites/default/files/publications/ENISA Report-Interoperable EU Risk Management Framework_Updated.pdf (accessed 19 June 2025).

Kinyua, J., & Awuah, L. AI/ML in Security Orchestration, Automation and Response: Future Research Directions. Intelligent Automation & Soft Computing, 2021, vol. 28, no. 2, pp. 527–545. DOI: 10.32604/iasc.2021.016240.

Joseph, J. E., Aleke, N., & Onyeanisi, O. P. Intelligent Incident Response Systems Using Machine Learning. Mikailalsys Journal of Advanced Engineering International, 2025, vol 2, no. 1, pp. 33-54. DOI: 10.58578/MJAEI.v2i1.4540.

Peralta, A., Olivas, J. A., Navarro-Illana, P., & Alvarado, J. A Hybrid Mathematical Framework for Dynamic Incident Prioritization Using Fuzzy Q-Learning and Text Analytics. Mathematics, 2025, vol. 13, iss. 12, article no. 1941. DOI: 10.3390/math13121941.

Horalek, J. Business Impact Analysis of AMM Data: A Case Study. Applied System Innovations, 2023, vol. 6, no. 5, article no. 82. DOI: 10.3390/asi6050082.

Mukundhan, H. A Business-Integrated Approach to Incident Response. ISACA Journal, 2015, vol. 6, pp. 1–5. Available at: https://www.isaca.org/resources/isaca-journal/issues/2015/volume-6/a-business-integrated-approach-to-incident-response (accessed 19 June 2025).

European Parliament and Council, 2016. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). Available at: https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:02016R0679-20160504 (accessed 19 June 2025).

CISA, 2022. Traffic Light Protocol 2.0 User Guide (TLP 2.0) for Marking Confidential Information in Cyber Incident Reports. Available at: https://www.cisa.gov/sites/default/files/2023-02/tlp-2-0-user-guide_508c.pdf (accessed 19 June 2025).

FIRST, 2019. CVSS v3.1 Specification Document - Revision 1. Available at: https://www.first.org/cvss/v3-1/cvss-v31-specification_r1.pdf (accessed 19 June 2025).

Verkhovna Rada of Ukraine, 2017. Law of Ukraine No. 2163-VIII “On the Basic Principles of Ensuring the Cybersecurity of Ukraine”. Kyiv: Verkhovna Rada of Ukraine. Available at: https://zakon.rada.gov.ua/laws/show/2163-19 (accessed 19 June 2025). (In Ukrainian).

National Security and Defense Council of Ukraine, 2022. Implementation Plan of the Cybersecurity Strategy of Ukraine. Decision of the National Security and Defense Council of Ukraine dated 30 December 2021, enacted by the Presidential Decree No. 37/2022 of 1 February 2022. Kyiv: National Security and Defense Council of Ukraine. Available at: https://zakon.rada.gov.ua/laws/show/n0087525-21 (accessed 19 June 2025). (In Ukrainian).

State Service of Special Communications and Information Protection of Ukraine, 2023. Order No. 570 dated 3 July 2023 “On Approval of Methodological Recommendations for Cybersecurity Entities’ Response to Various Types of Cyber Incidents”. Available at: https://cip.gov.ua/ua/news/nakaz-administraciyi-derzhspeczv-yazku-vid-03-07-2023-570-pro-zatverdzhennya-metodichnikh-rekomendacii-shodo-reaguvannya-sub-yektami-zabezpechennya-kiberbezpeki-na-rizni-vidi-podii-u-kiberprostori (accessed 19 June 2025). (In Ukrainian).

ISO/IEC 27005:2022. Information security, cybersecurity and privacy protection — Guidance on managing information security risks. Available at: https://www.iso.org/standard/80585.html (accessed 19 June 2025).

Shevchenko, P. V., Jang, J., Malavasi, M., Peters, G. W., Sofronov, G., & Trück, S. The nature of losses from cyber-related events: risk categories and business sectors. Journal of Cybersecurity, 2023, vol. 9, no. 1. DOI: 10.1093/cybsec/tyac016.

von Skarczinski, B., Raschke, M., & Teuteberg, F. Modelling maximum cyber incident losses of German organisations: an empirical study and modified extreme value distribution approach. Geneva Papers on Risk and Insurance-Issues and Practice, 2023, vol. 48, iss. 2, pp. 463–501. DOI: 10.1057/s41288-023-00293-x.

Ovezgeldiev, A. O., Petrov, E. G., & Petrov, K. E. Syntez ta identyfikatsiya modeley bahatofaktornoho otsinyuvannya ta optymizatsiyi [Synthesis and Identification of Models of Multifactor Evaluation and Optimization]. Kyiv, Naukova dumka, 2002. 161 p. (In Ukrainian).

Kopytsia, O., & Burchenko, S. Cyber Security Incidents Prioritization Mechanism. 2024. Available at: https://csipm.online (accessed 19 June 2025).

Zhang, S., Cai, M., Zhang, M., Zhao, L., & de Carnavalet, X. d. C. The Flaw Within: Identifying CVSS Score Discrepancies in the NVD. 2023 IEEE International Conference on Cloud Computing Technology and Science (CloudCom), Naples, Italy, IEEE, 2023, pp. 185–192. DOI: 10.1109/CloudCom59040.2023.00039.

Krisper, M. Problems with Risk Matrices Using Ordinal Scales. ArXiv, 2021. DOI: 10.48550/arXiv.2103.05440.

Renners, L., Heine, F., Kleiner, C., & Rodosek, G. D. Concept and Practical Evaluation for Adaptive and Intelligible Prioritization for Network Security Incidents. International Journal on Cyber Situational Awareness, 2019, vol. 4, no. 1, pp. 99–127. DOI: 10.22619/IJCSA.2019.100127.

Vulpe, S.-N., Rughiniș, R., Țurcanu, D., & Rosner, D. AI and Cybersecurity: A Risk Society Perspective. Frontiers in Computer Science, 2024, vol. 6, article no. 1462250. DOI: 10.3389/fcomp.2024.1462250.