ANALYSIS OF EXISTING METHODS, MODELS, SYSTEMS AND TOOLS USED TO ASSESS INFORMATION SECURITY IN THE CORPORATE ENVIRONMENT, TAKING INTO ACCOUNT SPECIFIC THREATS

DOI: 10.31673/2409-7292.2025.041201

Authors

  • В. П. Шульга, (Shulga V.P.) State University of Information and Communication Technologies, Kyiv
  • Є. В. Іванченко, (Ivanchenko Ye.V.) State University of Information and Communication Technologies, Kyiv
  • Т. В. Берестяна, (Berestyana T.V.) State University of Information and Communication Technologies, Kyiv
  • А. С. Роженко, (Rozhenko A.S.) State University of Information and Communication Technologies, Kyiv

DOI:

https://doi.org/10.31673/2409-7292.2025.041201

Abstract

The article provides a comprehensive review and systematic analysis of modern methods, models, systems and tools
used to assess the level of information security in a corporate environment. Both traditional and innovative approaches to
identifying and eliminating vulnerabilities are considered, with an emphasis on adaptability to the rapidly changing digital
landscape. Particular attention is paid to the study of specific threats inherent in various business sectors, in particular internal
insider threats, targeted cyberattacks, social engineering methods, supply chain attacks, etc. The paper analyzes the advantages
and limitations of existing solutions, and also proposes efficiency criteria for assessing the level of security of information
systems in corporate structures. Particular attention is paid to the integration of a security event monitoring system with
automated response tools, which allows significantly increasing the efficiency and accuracy of incidents. Also important are the
prospects for using artificial intelligence and machine learning to predict cyber threats and build dynamic risk models. Based
on the conducted research, practical recommendations were formulated for choosing the optimal approach to assessing
information security, taking into account the specifics of the IT infrastructure, the scale of the company, the industry and
available resources. The presented results can be used as a basis for developing cyber protection strategies in conditions of
increased threat to information assets.
Keywords: information security, corporate network, risk assessment, cyber threats, insider attacks, cloud technologies,
protection models, security monitoring, machine learning, information risk management.

References
1. Гальченко, А. В. Оцінка рівня інформаційної безпеки корпоративних мереж / А. В. Гальченко. – К. :
Наукова думка, 2020. 192 с.
2. FireMon. Network Security Assessment: A Guide. [Electronic resource] 2025. https://www.firemon.com /blog/
network-security-assessment-a-guide/.
3. Cybersecurity Threats. [Electronic resource]. https: // www.imperva.com /learn/ application-security/cybersecurity- threats/.
4. SISA. What is Cyber Risk Score? How does it help an organization? [Electronic resource] 2024. https://
www.sisainfosec.com /blogs/ what-is-cyber-risk-score-how-does-it-help-an-organization/.
5. Кузнєцов, О. М. Кібербезпека підприємств: теорія та практика / О. М. Кузнєцов. Харків : Видавництво
ХНЕУ, 2019. 210 с.
6. Classification of Security Threats in Information Systems. [Electronic resource]. https://www.sciencedirect.
com/science/article/pii/S1877050914006528.
7. Савчук, А. І. Захист інформаційних систем від кіберзагроз / А. І. Савчук. Львів : Видавничий центр
ЛНУ, 2021. 180 с.
8. IBM. What is the Common Vulnerability Scoring System (CVSS)? [Electronic resource]. https://www.ibm.
com/docs/en/qradar-on-cloud?topic=vulnerabilities-common-vulnerability-scoring-system-cvss.
9. National Vulnerability Database - CVSS v4.0 calculator. [Electronic resource]. https://nvd.nist.gov/vulnmetrics/cvss/v4-calculator.
10. TIC-UA. Комплексний підхід до оцінки ризиків інформаційної безпеки. [Electronic resource]. https://ticua.com/uk/statti/kompleksnyj-pidhid-do-kiberbezpeky-zasnovanyj-na-oczinczi-ryzykiv/.
11. Панченко, В. Ю. Моделі та методи оцінки інформаційної безпеки / В. Ю. Панченко, О. В. Коваленко.
Одеса : Астропринт, 2018. 250 с.
12. ISO-27001. [Electronic resource]. https://www.dqsglobal.com/uk-ua/sertifikujte/sertifikaciya-iso-27001
13. Мельниченко, О. П. Оцінка ризиків інформаційної безпеки: методологія та інструменти / О. П.
Мельниченко. Львів : Видавництво ЛНУ, 2017. 180 с.
14. IriusRisk. Threat Modeling Methodology: STRIDE. [Electronic resource]. https://www.iriusrisk.com/
resources-blog/threat-modeling-methodology-stride.
15. Microsoft Security. STRIDE chart. [Electronic resource]. https://www.microsoft.com/en-us/security/blog
/2007/09/11/stride-chart/.
16. Microsoft Build. The future is yours. [Electronic resource] 2025, May 19-22. https: // developer. microsoft.
com/en-us/.
17. IriusRisk. Threat Modeling Methodology: OCTAVE. [Electronic resource]. https://www.iriusrisk.com/
resources-blog/octave-threat-modeling-methodologies.
18. The NIST Cybersecurity Framework (CSF) 2.0. [Electronic resource] 2024, February 26. https://nvlpubs.nist.
gov/nistpubs/CSWP/NIST.CSWP.29.pdf.
19. nist-cybersecurity-framework-20. [Electronic resource]. https: // my-itspecialist.com / nist-csf-2.0-sixcybersecurity-functions.
20. What is security information and event management (SIEM)? [Electronic resource]. https:// www.ibm.com
/think/topics/siem.
21. Nessus vs. Qualys vs. OpenVAS. [Electronic resource] 2024, July 29. https://www.infosectrain.com/
blog/nessus-vs-qualys-vs-openvas/.
22. 25 Best Vulnerability Scanning Software Reviewed in 2025. [Electronic resource]. https://thectoclub.com/
tools/best-vulnerability-scanning-tools/.

Downloads

Published

2025-12-25

Issue

No. 4 (2025)

Section

Articles