The article studies the current state of cyber resilience issues in data cybersecurity management in financial organizations. The modern aspects of the multiple increase in the cyber activity of fraudsters in all spheres of the Russian economy, especially in the activities of financial organizations, have been established. It is determined that for data protection in this sector it is necessary to develop and implement the concept of cyber resilience, which includes not only methods of preventing attacks, but also preparation for them, along with a thorough and comprehensive analysis of the blunders made, as well as the restoration of the automated management system of the financial organization. Separately, it was found that in order to avoid negative consequences, it is advisable to focus on the development of a continuous cycle of cyber resilience, along with improving the holistic cybersecurity risk management system of the financial organization. The circumstance of contradictory interaction of IT quality management, cybersecurity management and business continuity management systems in many financial organizations on common processes of risk management, problems, incidents, training and awareness raising has been established, which leads to the problem of timely response to cross-block incidents that have a key impact on confidentiality, integrity and availability of information. It is proposed to use the developed concept of achieving cyber resilience as a target state of the organization in five steps, which is based on synchronization of actions and synergy of IT and IS experts in the development of a reliable IT infrastructure with a high level of security and fault tolerance of the cyber security management system of a financial organization.
financial sector, cyber-attacks, cyber incident, concept, cyber resilience, privacy, risk management, assessment.
1. Kiberustoychivost' — kompleksnyy podhod // Ekspert ONLINE. — URL: expertnw.com/ekspertnoe-mnenie/kiber-ustoychivost-kompleksnyy-podkhod/ (data obrascheniya: 27.02.2025).
2. Sadykova, L. M. Formirovanie tehnologii obespecheniya bezopasnosti bankovskoy deyatel'nosti v sovremennyh usloviyah / L. M. Sadykova, E. V. Korobeynikova // Azimut nauchnyh issledovaniy:
3. Fadeykina, N. V. Informacionnaya i ekonomicheskaya bezopasnost' kreditnoy organizacii kak faktory obespecheniya ee ustoychivogo razvitiya / N. V. Fadeykina, V. S. Zyryanov // Sibirskaya finansovaya
4. Halniyazova, D. S. Problemy obespecheniya kiberbezopasnosti pri osuschestvlenii bankovskoy deyatel'nosti / D. S. Halniyazova // Teoriya prava i mezhgosudarstvennyh otnosheniy. — 2022. — T. 1, № 5(25).
5. Yangul'baeva, L. Sh. Obespechenie ustoychivosti finansovogo kiberprostranstva / L. Sh. Yangul'baeva //Vestnik Chechenskogo gosudarstvennogo universiteta im. A.A. Kadyrova. — 2021. — № 2(42).
6. Kiberustoychivost' — chto eto takoe i kak ee dostich'? — URL: bosfera.ru/bo/kiberustoychivost-chto-eto-takoe-i-kak-ee-dostich (data obrascheniya: 02.08.2024).
7. Upravlenie bezopasnost'yu // PWC. — URL: www.pwc.com/kz/ru/services/risk-assurance-services/cybersecurity.html (data obrascheniya: 27.02.2025).
8. Servais, J. P. The International Organization of Securities Commissions (IOSCO) and the New International Financial Architecture: What Role for IOSCO in the Development and Implementation of Cross-Border
9. Cyber Resilience Self-Assessment Tool (CR-SAT) for SMEs / J. F. Carias, S. Arrizabalaga, L. Labaka, J. Hernantes// IEEE Access. — 2021. — Vol. 9. — P. 80741-80762. — DOIhttps://doi.org/10.1109/ACCESS.2021.3085530.
10. Bank Rossii publikuet rekomendacii IOSCO dlya sodeystviya v obespechenii kachestva vneshnego audita// Audit. — 2019. — № 2. — S. 27. — EDN YXUJYL.
11. Design Guidelines and a Prototype Implementation for Cyber-Resiliency in IT/OT Scenarios Based on Blockchain and Edge Computing / E. Balistri, F. Casellato, S. Collura [et al.] // IEEE Internet of Things Journal.
12. Mezhdunarodnyy standart ISO/IEC 27001:2013 (Informacionnye tehnologii — Metody obespecheniya bezopasnosti — Sistemy upravleniya informacionnoy bezopasnost'yu — Trebovaniya)
13. Mezhdunarodnyy standart ISO 22301:2012 (Social'naya bezopasnost' — Sistemy upravleniya nepreryvnost'yu biznesa — Trebovaniya) // Learn.
14. Karelova, O. L. SOC kak instrument povysheniya urovnya kiberbezopasnosti organizacii / O. L. Karelova, A. V. Drobyshev // Zhurnal vysokih gumanitarnyh tehnologiy. — 2023. — № 1(1). — S. 17-23.
15. Vorob'eva, D. E. Modeli ocenki kiberustoychivosti tranzakciy v SUBD / D. E. Vorob'eva, E. G. Vorob'ev // Zaschita informacii. Insayd. — 2022. — № 6(108). — S. 67-70. — EDN PFPUXA.
16. Resilience-oriented planning strategy for the cyber-physical ADN under malicious attacks / X. Jing, W. Qin,H. Yao [et al.] // Applied Energy. — 2024. — Vol. 353. — P. 122052.
17. Pyat' shagov k kiberustoychivosti. — URL: innostage-group.ru/press/media/pyat-shagov-k-kiberustoychivosti/ (data obrascheniya: 21.02.2025).
18. Balyabin, A. A. Model' ugroz bezopasnosti i kiberustoychivosti oblachnyh platform KII RF / A. A. Balyabin, S. A. Petrenko, A. D. Kostyukov // Zaschita informacii. Insayd. — 2024. — № 5(119).
