<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE article PUBLIC "-//NLM//DTD JATS (Z39.96) Journal Publishing DTD v1.3 20210610//EN" "JATS-journalpublishing1-3.dtd">
<article article-type="research-article" dtd-version="1.3" xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xml:lang="ru"><front><journal-meta><journal-id journal-id-type="publisher-id">finance</journal-id><journal-title-group><journal-title xml:lang="ru">Финансы: теория и практика/Finance: Theory and Practice</journal-title><trans-title-group xml:lang="en"><trans-title>Finance: Theory and Practice</trans-title></trans-title-group></journal-title-group><issn pub-type="ppub">2587-5671</issn><issn pub-type="epub">2587-7089</issn><publisher><publisher-name>Financial University under The Government of Russian Federation</publisher-name></publisher></journal-meta><article-meta><article-id pub-id-type="doi">10.26794/2587-5671-2020-24-6-51-60</article-id><article-id custom-type="elpub" pub-id-type="custom">finance-1091</article-id><article-categories><subj-group subj-group-type="heading"><subject>Research Article</subject></subj-group><subj-group subj-group-type="section-heading" xml:lang="ru"><subject>ЦИФРОВЫЕ ТЕХНОЛОГИИ</subject></subj-group><subj-group subj-group-type="section-heading" xml:lang="en"><subject>DIGITAl TECHNOlOGY</subject></subj-group></article-categories><title-group><article-title>Оценка риска воздействия кибератак в технологиях электронного банкинга (пример программной реализации)</article-title><trans-title-group xml:lang="en"><trans-title>Cyberattack Risk Assessment in Electronic banking Technologies (the Case of Software Implementation)</trans-title></trans-title-group></title-group><contrib-group><contrib contrib-type="author" corresp="yes"><contrib-id contrib-id-type="orcid">https://orcid.org/0000-0003-2301-1776</contrib-id><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Бердюгин</surname><given-names>А. А.</given-names></name><name name-style="western" xml:lang="en"><surname>Berdyugin</surname><given-names>A. A.</given-names></name></name-alternatives><bio xml:lang="ru"><p>Александр Александрович Бердюгин — преподаватель Департамента информационной безопасности.</p></bio><bio xml:lang="en"><p>Aleksandr A. Berdyugin — Lecturer, Department of Information Security.</p><p>Moscow</p></bio><email xlink:type="simple">a40546b@gmail.com</email><xref ref-type="aff" rid="aff-1"/></contrib><contrib contrib-type="author" corresp="yes"><contrib-id contrib-id-type="orcid">https://orcid.org/0000-0002-0354-0665</contrib-id><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Ревенков</surname><given-names>П. В.</given-names></name><name name-style="western" xml:lang="en"><surname>Revenkov</surname><given-names>P. V.</given-names></name></name-alternatives><bio xml:lang="ru"><p>Павел Владимирович Ревенков — доктор экономических наук, профессор Департамента информационной безопасности.</p></bio><bio xml:lang="en"><p>Pavel V. Revenkov — Dr. Sci (Econ.), Prof., Department of Information Security.</p><p>Moscow</p></bio><email xlink:type="simple">pavel.revenkov@mail.ru</email><xref ref-type="aff" rid="aff-1"/></contrib></contrib-group><aff-alternatives id="aff-1"><aff xml:lang="ru"><institution>Финансовый университет</institution><country>Россия</country></aff><aff xml:lang="en"><institution>Financial University</institution><country>Russian Federation</country></aff></aff-alternatives><pub-date pub-type="collection"><year>2020</year></pub-date><pub-date pub-type="epub"><day>11</day><month>12</month><year>2020</year></pub-date><volume>24</volume><issue>6</issue><fpage>51</fpage><lpage>60</lpage><permissions><copyright-statement>Copyright &amp;#x00A9; Бердюгин А.А., Ревенков П.В., 2020</copyright-statement><copyright-year>2020</copyright-year><copyright-holder xml:lang="ru">Бердюгин А.А., Ревенков П.В.</copyright-holder><copyright-holder xml:lang="en">Berdyugin A.A., Revenkov P.V.</copyright-holder><license xml:lang="ru" license-type="creative-commons-attribution" xlink:href="https://creativecommons.org/licenses/by/4.0/" xlink:type="simple"><license-p>Данная работа распространяется под лицензией Creative Commons Attribution 4.0.</license-p></license><license xml:lang="en" license-type="creative-commons-attribution" xlink:href="https://creativecommons.org/licenses/by/4.0/" xlink:type="simple"><license-p>This work is licensed under a Creative Commons Attribution 4.0 License.</license-p></license></permissions><self-uri xlink:href="https://financetp.fa.ru/jour/article/view/1091">https://financetp.fa.ru/jour/article/view/1091</self-uri><abstract><p>Авторы исследуют риски компьютерных атак на автоматизированные банковские системы. Актуальность исследования обусловлена необходимостью пересмотра подходов к оценке рисков, в основе которых лежат технические составляющие банковских бизнес-процессов и последствия кибератак, направленных на банковские автоматизированные системы в кредитных организациях. Цель исследования состоит в описании разработанных методов оценки киберриска в коммерческом банке и предложении одного из вариантов оценки рисков нарушения информационной безопасности в технологиях электронного банкинга. Методология статьи включает анализ отечественной и зарубежной литературы по теме исследования, теоретико-вероятностный метод расчета, компьютерное программирование и графическую интерпретацию информации. Проанализирован операционный риск коммерческого банка для разработки компонентов системы операционного риск-менеджмента в условиях развития технологий электронного банкинга. Разработана компьютерная программа для количественной оценки вероятности риска воздействия кибератак на технологии электронного банкинга (с использованием Borland Delphi). Формализована вероятностная модель определения наиболее уязвимого сегмента техник риск-менеджмента, используемых структурами по обеспечению информационной безопасности. Сделан вывод о возможности разработки программного комплекса на основании математической модели, позволяющей сократить количество проверок факторов риска в несколько раз. Результаты исследования могут быть применены для дальнейших практических разработок риск-подразделений кредитных организаций, использующих технологии электронного банкинга.</p></abstract><trans-abstract xml:lang="en"><p>The authors investigate the risks of computer attacks on automated banking systems. The relevance of the study is due to the need to revise the approaches to risk assessment based on the technical components of banking business processes and the consequences of cyber-attacks aimed at banking automated systems in credit institutions. The aim of the study is to describe the developed methods for assessing cyber risks in a commercial bank and provide an option for assessing the risks of information security violations in electronic banking technologies. The methodology of the article includes the analysis of domestic and foreign literature on the research topic, the theoretical and probabilistic method of calculation, computer programming and graphic interpretation of information. The authors analysed the operational risk of a commercial bank to develop components of the operational risk management system in the context of developing electronic banking technologies. They designed a computer program to quantify risk probabilities of cyberattacks on electronic banking technologies (by means of Borland Delphi). The work presents a formalised probabilistic model for determining the most vulnerable segment of risk management techniques used by information security structures. The conclusion is that it is possible to develop a software package based on a mathematical model that reduces the number of checks of risk factors by several times. The research results may be of further use for the development of risk divisions in credit institutions using electronic banking technologies.</p></trans-abstract><kwd-group xml:lang="ru"><kwd>риск воздействия кибератак</kwd><kwd>технологии электронного банкинга</kwd><kwd>информационная безопасность</kwd><kwd>оценка риска</kwd><kwd>вероятностная модель</kwd><kwd>компьютерная программа</kwd><kwd>типичные банковские риски</kwd></kwd-group><kwd-group xml:lang="en"><kwd>the risk of cyberattacks</kwd><kwd>electronic banking technologies</kwd><kwd>information security</kwd><kwd>risk assessment</kwd><kwd>probabilistic model</kwd><kwd>computer program</kwd><kwd>typical banking risks</kwd></kwd-group></article-meta></front><back><ref-list><title>References</title><ref id="cit1"><label>1</label><citation-alternatives><mixed-citation xml:lang="ru">King B. Bank 4.0: Banking everywhere, never at a bank. Singapore: John Wiley &amp; Sons Ltd; 2018. 352 p.</mixed-citation><mixed-citation xml:lang="en">King B. Bank 4.0: Banking everywhere, never at a Bank. Singapore: John Wiley &amp; Sons Ltd; 2018. 352 p.</mixed-citation></citation-alternatives></ref><ref id="cit2"><label>2</label><citation-alternatives><mixed-citation xml:lang="ru">Skinner C. Digital human: The fourth revolution of humanity includes everyone. Singapore: Marshall Cavendish International (Asia) Pte Ltd; 2018. 400 p.</mixed-citation><mixed-citation xml:lang="en">Skinner C. Digital human: The fourth revolution of humanity includes everyone. Singapore: Marshall Cavendish International (Asia) Pte Ltd; 2018. 400 p.</mixed-citation></citation-alternatives></ref><ref id="cit3"><label>3</label><citation-alternatives><mixed-citation xml:lang="ru">Ревенков П. В., Бердюгин А. А. Метод количественной оценки риска воздействия кибератак в условиях электронного банкинга. Банковское дело. 2020;7:32-37.</mixed-citation><mixed-citation xml:lang="en">Revenkov P. V., Berdyugin A. A. Method of quantifying the risk of cyberattacks in the context of electronic banking. Bankovskoye delo = Banking. 2020;7:32-37. (In Russ.).</mixed-citation></citation-alternatives></ref><ref id="cit4"><label>4</label><citation-alternatives><mixed-citation xml:lang="ru">Salihu A., Metin H., Hajrizi E., Ahmeti M. The effect of security and ease of use on reducing the problems/ deficiencies of Electronic Banking Services. IFAC-PapersOnLine. 2019;52(25):159-163. DOI: 10.1016/j.ifacol.2019.12.465</mixed-citation><mixed-citation xml:lang="en">Salihu A., Metin H., Hajrizi E., Ahmeti M. The effect of security and ease of use on reducing the problems/ deficiencies of Electronic Banking Services. IFAC-PapersOnLine. 2019;52(25):159-163. DOI: 10.1016/j.ifacol.2019.12.465</mixed-citation></citation-alternatives></ref><ref id="cit5"><label>5</label><citation-alternatives><mixed-citation xml:lang="ru">Kleijmeer R., Prenio J., Yong J. Varying shades of red: How red team testing frameworks can enhance the cyber resilience of financial institutions. Financial Stability Institute. FSI Insights on Policy Implementation. 2019;(21). URL: https://www.bis.org/fsi/publ/insights21.pdf (дата обращения: 20.05.2020).</mixed-citation><mixed-citation xml:lang="en">Kleijmeer R., Prenio J., Yong J. Varying shades of red: How red team testing frameworks can enhance the cyber resilience of financial institutions. Financial Stability Institute. FSI Insights on Policy Implementation. 2019;(21). URL: https://www.bis.org/fsi/publ/insights21.pdf (accessed on 20.05.2020).</mixed-citation></citation-alternatives></ref><ref id="cit6"><label>6</label><citation-alternatives><mixed-citation xml:lang="ru">Конявский В. А., Ревенков П. В. Фролов Д. Б. и др. Кибербезопасность в условиях электронного банкинга: практическое пособие. М.: Прометей; 2020. 520 с.</mixed-citation><mixed-citation xml:lang="en">Konyavskii V. A., Revenkov P. V., Frolov D. B. et al. Cybersecurity in the conditions of electronic banking: Practical guide. Moscow: Prometei; 2020. 520 p. (In Russ.).</mixed-citation></citation-alternatives></ref><ref id="cit7"><label>7</label><citation-alternatives><mixed-citation xml:lang="ru">Berdyugin A. A., Revenkov P. V. Approaches to measuring the risk of cyberattacks in remote banking services of Russia. IT Security. 2019;26(4):83-92. DOI: 10.26583/bit.2019.4.06</mixed-citation><mixed-citation xml:lang="en">Berdyugin A. A., Revenkov P. V. Approaches to measuring the risk of cyberattacks in remote banking services of Russia. IT Security. 2019;26(4):83-92. DOI: 10.26583/bit.2019.4.06</mixed-citation></citation-alternatives></ref><ref id="cit8"><label>8</label><citation-alternatives><mixed-citation xml:lang="ru">Скородумова О. Б., Скородумов Б. И., Матронина Л. Ф. Слагаемые качества обеспечения информационной безопасности. Национальная безопасность / nota bene. 2018;(2):1-9.</mixed-citation><mixed-citation xml:lang="en">Skorodumova O. B., Skorodumov B. I., Matronina L. F. Components of the quality of information security. Natsional’naya bezopasnost’/ nota bene = National Security / nota bene. 2018;(2):1-9. (In Russ.).</mixed-citation></citation-alternatives></ref><ref id="cit9"><label>9</label><citation-alternatives><mixed-citation xml:lang="ru">Васильева Е. В., Солянов К. С., Коневцева Т. Д. Адаптивное хранилище данных как технологический базис экосистемы банка. Финансы: теория и практика. 2020;24(3):132-146. DOI: 10.26794/2587-56712020-24-3-132-146</mixed-citation><mixed-citation xml:lang="en">Vasilieva E. V., Solyanov K. S., Konevtseva T. D. Adaptive data warehouse as the technological basis of the banking ecosystem. Finansy: teoriya i praktika = Finance: Theory and Practice. 2019;24(3):132-146. (In Russ.). DOI: 10.26794/2587-5671-2019-24-3-132-146</mixed-citation></citation-alternatives></ref><ref id="cit10"><label>10</label><citation-alternatives><mixed-citation xml:lang="ru">Фленов М. Е. Библия Delphi. СПб.: БХВ-Петербург; 2011. 688 с.</mixed-citation><mixed-citation xml:lang="en">Flenov M. E. The Delphi Bible. St. Petersburg: BHV-Petersburg; 2011. 688 p. (in Russ.).</mixed-citation></citation-alternatives></ref><ref id="cit11"><label>11</label><citation-alternatives><mixed-citation xml:lang="ru">Козьминых С. И. Применение компьютерного имитационного моделирования для подготовки персонала на объектах топливно-энергетического комплекса. Информационные ресурсы России. 2019;3(169):2-8.</mixed-citation><mixed-citation xml:lang="en">Kozminykh S. I. The use of computer simulation for staff training at the facilities of fuel and energy complex. Informatsionnye resursy Rossii = Information Resources of Russia. 2019;(3):2-8. (In Russ.).</mixed-citation></citation-alternatives></ref><ref id="cit12"><label>12</label><citation-alternatives><mixed-citation xml:lang="ru">Lee L. Cybercrime has evolved: It’s time cyber security did too. Computer Fraud &amp; Security. 2019;2019(6):8-11. DOI: 10.1016/S1361-3723(19)30063-6</mixed-citation><mixed-citation xml:lang="en">Lee L. Cybercrime has evolved: It’s time cyber security did too. Computer Fraud &amp; Security. 2019;2019(6):8-11. DOI: 10.1016/S1361-3723(19)30063-6</mixed-citation></citation-alternatives></ref><ref id="cit13"><label>13</label><citation-alternatives><mixed-citation xml:lang="ru">Гисин В. Б., Славин Б. Б. и др. Парадигмы цифровой экономики: технологии искусственного интеллекта в финансах и финтехе. М.: Когито-Центр; 2019. 326 с.</mixed-citation><mixed-citation xml:lang="en">Gisin V. B., Slavin B. B. et al. Paradigms of the digital economy: Artificial intelligence technologies in finance and fintech. Moscow: Cogito-Centre; 2019. 326 p. (In Russ.).</mixed-citation></citation-alternatives></ref><ref id="cit14"><label>14</label><citation-alternatives><mixed-citation xml:lang="ru">Nikkel B. Fintech forensics: Criminal investigation and digital evidence in financial technologies. Forensic Science International: Digital Investigation. 2020;33:200908. DOI: 10.1016/j.fsidi.2020.200908</mixed-citation><mixed-citation xml:lang="en">Nikkel B. Fintech forensics: Criminal investigation and digital evidence in financial technologies. Forensic Science International: Digital Investigation. 2020;33:200908. DOI: 10.1016/j.fsidi.2020.200908</mixed-citation></citation-alternatives></ref><ref id="cit15"><label>15</label><citation-alternatives><mixed-citation xml:lang="ru">Крылов Г. О. Совершенствование процессов принятия решений при обработке больших данных в росфинмониторинге. Современная математика и концепции инновационного математического образования. 2020;7(1):143-152.</mixed-citation><mixed-citation xml:lang="en">Krylov G. O. Improving decision-making processes when processing big data in the Federal Financial Monitoring Service. Modern mathematics and concepts of innovative mathematical education. 2020;7(1):143-152.</mixed-citation></citation-alternatives></ref></ref-list><fn-group><fn fn-type="conflict"><p>The authors declare that there are no conflicts of interest present.</p></fn></fn-group></back></article>
