CC BY
2508.00.10 - «Статистика»: / Н. О. Коронева; Кшвсь-кий нацюнальний ушверситет iменi Тараса Шев-ченка. - Кшв, 2008. - 22 с.
6. Корепанов Г. С. Статистичне оцiнювання швестицшно1 привабливостi репошв Украши: ав-тореф. дис. ... канд. ек. наук: спец. 08.00.10 - «Статистика»: / Г.С. Корепанов; Нацюнальна академiя статистики, облшу та аудиту. - Кшв, 2015. - 22 с.
7. Матвiенко П. В. Оцшка ™естицшно1 при-вабливостi регiонiв / П. В. Матвiенко // Економiка та держава. — 2006. — № 12. — С. 66-71.
8. Мармуль Л. О. Новi методичш тдходи до аналiзу швестицшно1 привабливостi репошв / Л. О. Мармуль, Т. А. Чернявська // Вкник економiчноl науки Украши. — 2005. — № 1. — С. 83-89.
9. Офщшний сайт Мшстерства економiч-ного розвитку та торгiвлi Украши. URL: http://www.me.gov.ua
10. Офiцiйний сайт Державно! служби статистики Украши URL: http://www.ukrstat.gov.ua/
11. Погорелова Т. В. Статистичш аспекти оцiнювання прямих iноземних iнвестицiй в Украшу / Т. В. Погорелова, Т. С. Корольова // Методолопя статистичного забезпечення розвитку регiону: мо-нографiя / за заг. ред. канд. економ. наук, професора А. З. Шдгорного. - Одеса: Атлант, 2012. - С. 72-92.
12. Сидор Г.В., Давидовська Г.1. 1нвестицшна привабливiсть репошв / Г.В. Сидор, Г.1. Давидовська // Сталий розвиток економши економжа. -2015. - № 2. - С. 184-189.
13. Туболець I. I. Чинники формування швес-тицшно1 привабливостi регiону / I. I. Туболець // 1н-вестицп: практика та досвiд. — 2008. — 20. — С. 9-11.
DEVELOPMENT OF RISK THEORY IN CYBERSPACE: MORPHOLOGICAL APPROACH TO THE
DEFINITION OF CONCEPTS
Chernyakov M.,
doctor of Economics Novosibirsk State Technical University Novosibirsk, Russia ORCID: 0000-0002-9837-4849 Tyukineeva M.,
Novosibirsk State Technical University Novosibirsk, Russia Akberov K., Associate Professor of Economics Novosibirsk State University of Economics and Management
Novosibirsk, Russia ORCID: 0000-0002-9046-417X Shelepov E.,
Siberian Institute of Management of the Russian Presidential Academy of National Economy and Public
Administration Novosibirsk, Russia Samyshkin A.
Siberian Institute of Management of the Russian Presidential Academy of National Economy and Public
Administration Novosibirsk, Russia
ABSTRACT
In the modern world, there is no precise definition of the term "cyberspace", but everyone understands that it is a space associated with various computer systems and technologies, as well as the risks and crimes associated with it. The purpose of this study is to implement the first stage in the field of cybersecurity - the development of a unified terminology of cyberspace and cybersecurity, harmonized with the existing terminology in the field of information security. The article offers a morphological approach to the consideration of the concept of cyberspace and cybersecurity.
Keywords: risk, cybersecurity, cyberspace, cyberattack, cybercrime.
Introduction. n the modern world, there is no precise definition of the term "cyberspace", but everyone understands that this is a space associated with various computer systems and technologies.
It is impossible to build an effective cybersecurity system without conducting a systematic analysis and
obtaining assessments of the application of certain measures. It seems appropriate to include the main areas of research in the field of cybersecurity [1, 3-6], the classification of which is shown in Figure 1.
Approaches to cyberspace research
development of a unified terminology of cyberspace and cybersecurity, harmonized with the existing terminology in the field of information security, development of a comprehensive system of indicators covering all aspects of the functioning of cyberspace and ensuring its protection from possible threats.
Cyberspace models
assessment of the degree of information security threats, risk analysis of the digital economy, assessment of the effectiveness of protection measures.
analysis of the topological structure and development of recommendations for its change, methods and specific algorithms for their implementation; new methods of cryptographic protection based not only on purely computational mechanisms for implementing durability, but also on taking advantage of a multi-connected communication architecture and a large number of decent users;
methods of information security based on social services for countering cyber attacks using special procedures for analyzing group behavior.
- methods of intelligent user identification;
- intelligent methods to prevent virus and other attacks;
- intelligent methods for detecting attacks and infiltrations;
- methods of situational analysis of the state of information security;
- new methods of cryptographic protection based on neural network technologies.
Figure 1-Cybersecurity Research Package
The purpose of this study is to implement the first stage in the field of cybersecurity - the development of a unified terminology of cyberspace and cybersecurity, harmonized with the existing terminology in the field of information security.
Methodology. The study uses morphological analysis as an effective way to solve system problems that require an original solution; it is based on classification, which allows you to systematize the material, make it visual and accessible. In this method, all possible elements of definitions are determined, on which the formulated term may depend, the possible values of these elements are listed and ranked, and then the process of generating alternatives to concepts begins by iterating through all possible combinations of these values. Morphological analysis is used to compile a list of definitions of all possible terms, expanding the conceptual framework of risks, threats and crimes in cyberspace.
Results and discussion. Dobrinskaya D. E. defines cyberspace as the space of functioning of information and communication technology products that
allow creating extremely complex systems of agent interactions in order to obtain information, exchange and manage it, as well as to carry out communications in the conditions of many different networks [10].
According to A. A. Danelyan, "cyberspace" is a combination of computers, mobile devices and users who interact with each other at a distance. The Internet, in turn, is used to connect these computers and mobile devices. Cyberspace is wider than the Internet, the Internet is in cyberspace. In modern conditions, cyberspace is becoming the main channel for the dissemination and storage of information [9].
Brett Williams talks about cyberspace as a man-made domain created when we connect all the computers, switches, routers, fiber-optic cables, wireless devices, satellites, and other components that allow us to move large amounts of data at very high speeds [8].
The U.S. Presidential National Security Directive defines cyberspace as an interdependent network of information technology infrastructures that includes the Internet, telecommunications networks, computer systems, and embedded processors and controllers in critical industries [13].
The US military defines cyberspace in different ways [2]:
- глобальная a global domain in the information environment consisting of an interdependent network of information technology infrastructures, including the Internet, telecommunications networks, computer systems, and embedded processors and controllers;
- an area characterized by the use of electronics and the electromagnetic spectrum for storing, modifying, and exchanging data through network systems and associated physical infrastructures;
- an operational domain whose distinctive and unique character is determined by the use of electronics and the electromagnetic spectrum to create, store, modify, exchange and use information through interconnected information and communication technology (ICT)-based systems and related infrastructures;
- an environment created by the fusion of cooperative networks of computers, information systems, and telecommunications infrastructures, commonly referred to as the Internet and the World Wide Web.
Morphological analysis has shown that the following terms are mentioned in the above-mentioned definitions: space-11 times, computer systems - 10, information and information - 7, Internet and networks-6, infrastructure and technologies-5 times, and the phrase-infrastructure of information technologies including Internet telecommunications networks-3 times.
From the above definitions of the term, we can say that "cyberspace" is the space of information technology infrastructures, including Internet telecommunications networks and computer systems that store large amounts of data.
To understand further terminology, it is necessary to understand what the term "cyberattack" is. On the Internet, this concept is defined in articles on the websites of software organizations, where, unfortunately, the authors of the articles are not listed. So, "cyberattack" is interpreted as:
- an attack that cybercriminals launch using one or more computer systems against other individual or multiple computers and networks [24]; malicious, a deliberate attempt by a person or organization to break into the information system of another person or organization. As a rule, by disrupting the victim's network, the hacker seeks to gain benefits [25];
- an attack initiated by a computer against a website, computer system, or individual computer (collectively referred to as a computer) that compromises the confidentiality, integrity, or availability of the computer or the information stored on it [26];
- when someone tries to shut down computers, steal sensitive data, or use a compromised computer system to launch other cyberattacks [21];
Abi Tjas Tunggal defines a cyberattack as an attempt to disable computers, steal data, or use a compromised computer system to launch additional attacks [18].
Dan Daniels, in his article, says that a cyberattack is basically any illegal or unauthorized attempt to break into computers or computer networks with the intent to
steal, destroy, share, or otherwise exploit existing digital assets [19].
Morphological analysis showed that the frequency of mention in the above-mentioned definitions of "cyber attack" includes the following terms: computer-17 times, attack-4, hacking, theft, destruction, use 3 times.
Thus, we can conclude that a cyberattack is an attack in cyberspace aimed at computer systems, with the aim of hacking them, stealing, destroying, using the data stored there, and creating additional attacks.
There are a large number of different cyber attacks, and every year there are only more of them, as the development of technological progress, of course, contributes to the activation of cybercriminals.
At the moment, there are a few definitions of the term "cybercrime", since this terminology appeared several decades ago and is considered relatively new, although the term itself is quite actively used by the media. Let's consider several interpretations of the term "cybercrime".
To date, only the legislation of the Republic of Kazakhstan contains a definition of information crime (cybercrime) - a type of criminal crime that implies criminally punishable acts committed using information technologies [8].
Karpova D. N. in her article considers cybercrime as an act of social deviation with the aim of causing economic, political, moral, ideological, cultural and other types of damage to an individual, organization or state through any technical means with Internet access [11].
Sakrutina E. A. and Kalashnikov A. O. say that cybersecurity can be defined as an activity, process, ability, capability, or state in which information and communication systems and the information contained therein are protected from damage, unauthorized use or modification, or exploitation [14].
Esteban Borges defines cybercrime as " a crime committed on the Internet, on local networks, or even against isolated computers." In his opinion, cybercrime also refers to any activity where a crime is committed using any computer system [17].
Kaspersky Academy gives two definitions of cybercrime:
1) actions organized by one or more attackers in order to attack the system in order to disrupt its operation or to gain financial benefits [2];
2) criminal activity, the purpose of which is the misuse of a computer, computer network or network device [2].
The University Module series: Cybercrime of the Doha Declaration: Promoting a Culture of Rule of Law defines the term as follows: Cybercrime is an act that violates the law, which is committed using information and communication technologies (ICTs) and either targets networks, systems, data, websites and/or technologies, or contributes to the commission of a crime [2]. In our opinion, this definition is the most complete, concise, accurate and conveys the essence of what "cy-bercrime"is.
Morphological analysis has shown that the following terms are mentioned in the above - mentioned definitions of "cybercrime": criminal and crimes - 17 times, data, networks and systems - 7, information and information-7, technologies-6, information and defini-tions-5 times.
Thus, it can be concluded that cybercrime is a cyberattack in cyberspace that violates the law, which is committed using information and communication technologies (ICTs) and either targets networks, systems, data, websites and/or technologies, or contributes to the commission of a crime.
Countering cybercrime is carried out by cybersecurity. Presidential Directive on National Security 54 / National Security Presidential Directive 23 (NSPD-54/HSPD-23) defines cybersecurity as the prevention of damage, protection and recovery of computers, electronic communication systems, electronic communication services, wired communications and electronic communications, including the information contained therein, to ensure its availability, integrity, authentication, confidentiality and non-repudiation of authorship [13].
Kuzmovich A.V. understands cybersecurity as a set of measures aimed at protecting computers, digital data and their transmission networks from unauthorized access, and other actions related to manipulation or theft, blocking, damage (distortion), destruction and destruction, both intentional and accidental [12].
Juliana De Groot defines cybersecurity as " a collection of technologies, processes, and methods designed to protect networks, devices, programs, and data from attacks, damage, or unauthorized access. Cyber-security can also be called information technology security" [23].
Abi Tjas Tunggal says that this is "the state or process of protecting and restoring computer systems, networks, devices, and programs from any type of cyberat-tack" [26].
Viswanath V. S. notes in his article that cyberse-curity is " a practice that protects systems, networks, equipment, and sensitive data from malicious cyberat-tacks. This is also commonly referred to as information technology (IT) security" [22].
Morphological analysis has shown that the following terms are used in the above definitions in terms of frequency: security-13 times, protection, systems, net-works-4, technologies, recovery, data, devices, pro-grams-3.
Thus, we can say that cybersecurity is a set of technologies aimed at preventing cyberattacks, protecting and restoring systems, networks, devices, programs and data from cybercrime.
As a result of the analysis, a conceptual framework was formulated, including the author's definitions given in Table 1, which characterize cyberspace as the sphere of committing economic crimes and countering them.
Table 1
The conceptual apparatus of cyberspace as a sphere of committing and countering economic crimes
The term Definition the
Cyberspace space of information technology infrastructures, including the Internet telecommunications networks and computer systems that store large amounts of data an
Cyber attack attack in cyberspace aimed at computer systems, with the aim of hacking them, stealing, destroying, using the data stored there, and creating additional attacks.
Cybercrime a cyberattack in cyberspace that violates the law, which is carried out using information and communication technologies (ICTs) and either targets networks, systems, data, websites and / or technologies, or contributes to the commission of a crime
Cybersecurity a set of technologies aimed at preventing cyber attacks, protecting and restoring systems, networks, devices, programs and data from cybercrime
Conclusion. The proposed author's definitions allow us to structure the conceptual apparatus into a system necessary for studying the possibility of countering economic crimes committed in the information and communication sphere of activity.
The article was prepared with the financial support of the Novosibirsk State Technical University (project C21-11).
References
1. Bezkorovayny M. M., Tatuzov A. L. Cybersecurity approaches to the definition of the concept // Cybersecurity issues.- №1 (2).- С. 22-27. URL: https://cyberleninka.ru/article/n/kiberbezopasnost-podhody-k-opredeleniyu-ponyatiya (дата обращения: 28.05.2021).
2. Briefly about cybercrime [Electronic resource]. URL: https://www.unodc.org/e4j/ru/cybercrime/module-1/key-issues/cybercrime-in-brief.html
3. Chernyakov M. K. Classification of risks of digital economy / M. K. Chernyakov, M. M. Chernyakova // Financial Economics. - 2018. - № 6. - P. 384-389.
4. Chernyakov M. K. Development of the theory of financial stability in the theory of risks / M. K. Chernyakov, S. M. Tereshchenkova, K. Ch. Akberov, I. Yu. Khramtsova // Annali d'Italia, 2021, 19(2). - P. 3-8
5. Chernyakov M. K. Innovative risks of digital economy / M. K. Chernyakov, M. M. Chernyakova / / National Priorities of Russia. - 2018. - № 4 (31). - P. 63-68.
6. Chernyakov M. K. Technological risks of the digital economy [Electronic resource] / M. K. Chernyakov, M. M. Chernyakova // Journal of Corporate Finance Research. - 2018. - Vol. 12, № 4. - C. 99109. - Mode of access: https://cfjournal.hse.ru/arti-cle/view/8132. - Title from screen - DOI: 10.17323/j.jcfr.2073-0438.12.4.2018.99-109.
7. Cyberattacks-definition, types, prevention [Electronic resource]. URL:
https://techarks.ru/security/vredonos/kiberataki-opredelenie-vidy-profilaktika/
8. Cyberspace: What is it, where is it and who cares? [Electronic resource]. URL: http://armed-forcesjournal.com/cyberspace-what-is-it-where-is-it-and-who-cares/
9. Danelyan A. A. "International legal regulation of cyberspace" [Electronic resource]. URL: https://cyberleninka.ru/article/n/mezhdunarodno-pravovoe-regulirovanie-kiberprostranstva
10. Dobrinskaya D. E. "Cyberspace: the territory of modern life" [Electronic resource]. URL: https://cyberleninka.ru/article/n/kiberprostranstvo-ter-ritoriya-sovremennoy-zhizni
11. Karpova D. N. "Cybercrime: a global problem and its solution" [Electronic resource]. URL: https://eli-brary.ru/item.asp?id=21838785#:~:text=Cyber-crime%20-%20this%20act%20social, means%20c%20davailable%20b%20Internet
12. Kuzmovich A.V. "Cybersecurity and its legal support in the XXI century" [Electronic resource]. URL: https ://izron. ru/articles/aktualnye-problemy-obshchestvennykh-nauk-v-rossii-i-za-rubezhom-sbornik-nauchnykh-trudov-po-itogam-m/sektsiya-9-politicheskie-instituty-protsessy-i-tekhnologii-spetsialnost-23-00-02/kiberbezopasnost-i-eye-pravovoe-obespechenie-v-xxi-veke/
13. National security Presidential di-recfive/NSPD-54 Homeland security Presidential di-rective/hspd-23 [Electronic resource]. URL: https://fas.org/irp/offdocs/nspd/nspd-54.pdf
14. Sakrutina E. A., Kalashnikov A. O. "Analysis of cybersecurity of a significant object of critical information infrastructure" [Electronic resource]. URL: https://mlsd2020.ipu.ru/proceedings/1445-1452.pdf
15. The Eurasian Group on Combating Money Laundering and Terrorist Financing: A draft typological study on Cybercrime and Money laundering [Electronic resource]. URL: (accessed on )
16. Tips for protecting against cybercriminals [Electronic resource]. URL: https://www.kaspersky.ru/resource-center/threats/what-is-cybercrime
17. Types of Cybercrime and How to Protect Yourself Against Them [Electronic resource]. URL: https://securitytrails.com/blog/types-of-cyber-crime
18. What is a Cyber Attack? [Electronic resource]. URL: https://www.upguard.com/blog/cyber-attack
19. What Is a Cyber Attack? How to Stay Safe from Cyber Threats [Electronic resource]. URL: https://blog.gigamon.com/2019/07/09/what-is-a-cyberattack-how-to-stay-safe-from-cyberthreats/
20. What is a cyberattack? [Electronic resource]. URL:
https://www.cisco.com/c/ru_ru/products/security/com mon-cyberattacks.html
21. What is Cyber Security? [Electronic resource]. URL: https://mindmaj ix.com/what-is-cyber-security
22. What is Cyber Security? [Electronic resource]. URL: https://mindmaj ix.com/what-is-cyber-security
23. What is Cyber Security? Definition, best practices and more [Electronic resource]. URL: https://dig-italguardian.com/blog/what-cyber-security
24. What is Cybersecurity [Electronic resource]. URL: https://www.eccu.edu/what-is-cybersecurity/
25. What is cybersecurity? [Electronic resource]. URL: https://www.kaspersky.ru/resource-center/defi-nitions/what-is-cyber-securityCyberspace [Electronic resource]. URL: https://itlaw.wikia.org/wiki/Cyber-space
26. Why is Cybersecurity Important? [Electronic resource]. URL: https://www.upguard.com/blog/cybersecurity-important
