The aim of the work is to improve the quality of risk management of the bank by developing and implementing an information-analytical system (IAS) to provide analysis of information flows on the implementation of information security threats in the bank in order to assess the expected losses of the bank. The basis of the system is the scenario of expected losses estimation based on the expert assessment, in order to increase the efficiency of the scenario the multi-agent system is used.
To support the stable development and competitiveness of banks and financial institutions, it is necessary to constantly modernize the services provided to their customers. Implementation of innovative solutions, in turn, necessitates the need of improvement of risk management systems for protection of banking information systems (IS) and its customers. Thus, information security plays a strategic role in ensuring the efficiency and stable development of the bank. The risks and threats of information security of the bank are dynamic, they are constantly changing and improving, so successful counteraction to all threats is almost impossible in real conditions, in addition, too harsh measures can make the bank unattractive to customers, which in turn significantly affects its income and rating and can even lead to bankruptcy. Thus, today there is an objective contradiction between the strict requirements for information security of banks' IS, requirements for innovation and modernization of banking solutions and the lack of a holistic concept, system models, information technology and information-analytical systems (IAS) to ensure comprehensive loss assessment of implementation of threats to the information security of the bank in order to accept a certain level of risk. Development and implementation of such IAS allows to develop comprehensive and structured approach to solving the problems of information security of the bank and to optimize risk management.
To achieve the goal of the study in the work were conducted a systematic analysis of the bank's IS and features of their interaction; the bank's business processes using IS were formalized; potential threats and risks were identified, analyzed and classified; the existing models, methods and algorithms of analysis and detection of threats of the bank's IS, as well as risk management were analyzed; the scenario of solving the problem of estimation of expected losses at realization of threats of information security banks’ IS was developed; a multi-agent system had been developed to solve the problem of estimating expected losses, and its effectiveness had been investigated. In performing the tasks were used: methods and principles of systems analysis; models and methods of decision theory and multicriteria optimization, in particular, the analytic hierarchy process (AHP), the Delphi method, ranking, methods of multifactor evaluation and linear convolution of criteria to obtain a comprehensive forecast assessment of the characteristics of expected losses; reliability and risk theories; methods of building multi-agent systems for the design, development and implementation of an information system based on a logistics network of intelligent agents, in particular an object-oriented approach to the design of system architecture. It is important to note that the results of scientific research have gained practical application. The models, methods and algorithms developed in the process of research have practical applications not only in the banking sector, but also in other subject areas: energetics, evaluation of real estate, as evidenced by the relevant scientific articles on the topic of the dissertation.
The scientific novelty of the obtained results is the development of mathematical models and algorithms for estimating the expected losses in the implementation of threats in the banks’ IS to improve risk management, research from a systemic standpoint of the bank structure, principles of operation, classification and systematization of threats and risks.
