Criticality assessment of critical information infrastructure objects: A category based methodology and ukrainian experience

Abstract

The paper outlines the basic principles and assumptions used to assess the criticality of critical infrastructure object (CIO) and critical information infrastructure objects (CIIO). Methods for assigning critical information infrastructure objects to the criticality levels are described. The sequence of carrying out the criticality assessment of CIOs is provided. The recommendations concerning evolving regulation in the field of critical information infrastructure objects protection are given. According to the results of the research, several drafts of the Ukrainian state-level normative documents were developed such as “Classification of critical information infrastructure objects by severity (criticality)” and “Criteria and procedure for assigning critical information infrastructure objects to one of the significance (criticality)”. The implementation of the developed documents is an important step in the construction of the Ukrainian state system of protection of critical information infrastructure.