Kurii Y. Methodology for increasing the security of critical infrastructure through the cross-implementation of the cybersecurity standards

This dissertation solves an important scientific and practical task of increasing the level of protection of critical infrastructure objects from cyber threats by using the methodology of cross-implementation of cyber security audit standards. This methodology increases the level of information security and security of the CAI, and also reduces time and resources to achieve compliance with several cybersecurity audit standards at the same time. For the first time, a methodology for the cross-implementation of cyber security audit standards has been developed through the implementation of a developed table comparing security controls of leading standards. The developed methodology allows organizations and OKIs to unify the relationship between various cyber security audit standards, determine the degree of correlation of their information security management systems with the requirements of the specified standards, as well as assess the compliance of security controls necessary to meet the requirements of the additional security standard, which in turn increases complexity and the effectiveness of the OCI's protection against cyber threats. For the first time, a method was developed for assessing the ISO 27001 ISMS for compliance with the requirements of the ISO 27001 standard, which is based on the use of a checklist that contains a detailed list of checks to determine the status of compliance with security controls, as well as a list of evidence and documents necessary to achieve compliance. The developed method provides a systematic and unified approach to the assessment of the ISMS of the OKI, complete coverage of security controls, shortens the time for implementing the standard, and provides comprehensive and comprehensive protection of the OKI from cyber threats. For the first time, a method of comparing security controls of leading standards has been developed based on the establishment of compliance both between the security controls themselves and additional recommendations for the implementation of specific controls and requirements. The developed method increases the effectiveness of the protection of OKI due to the comprehensive coverage of security controls. For the first time, a methodology for creating information security policies of the OKI was developed based on the integration of a summary table with a comparison of security controls of the leading cyber security standards. This methodology increases the effectiveness of the protection of OCI against threats by automating and speeding up the process of creating information security policies with coverage of all the most important domains and security controls.