Article

Received 10.02.2026

Revised 21.02.2026

Accepted 26.03.2026

Published 07.04.2026

Retrieved from Iss. 119, 2026

Pages 383 -393

Dobrovolska, A., & Dereguz, I. (2026). SYSTEMATIZATION AND ASSESSMENT OF INFORMATION SECURITY RISKS IN LOGISTICS SERVICE SYSTEMS. Automobile Roads and Road Construction, 119(1), 383-393. https://doi.org/10.33744/0365-8171-2026-119-383-393

SYSTEMATIZATION AND ASSESSMENT OF INFORMATION SECURITY RISKS IN LOGISTICS SERVICE SYSTEMS

Anna Dobrovolska Igor Dereguz

The relevance of the study is due to the need to increase the effectiveness of information security risk management in logistics service systems by developing and practical implementation of a mechanism for their assessment and management, taking into account the cause-and-effect relationships between vulnerabilities and threats and the impact of their consequences on the functioning of transport systems. The purpose of the article is to systematize and improve approaches to assessing information security risks in transport logistics systems by developing and practical implementation of a risk management mechanism in transport service systems, which is based on establishing cause-and-effect relationships between vulnerabilities and threats, assessing the probability of their occurrence and the level of consequences, as well as forming justified response measures based on a matrix approach. The article considers theoretical and methodological aspects of assessing information security risks in logistics service systems, approaches to their systematization by levels of probability and consequences, as well as the features of establishing cause-and-effect relationships between vulnerabilities and threats. A mechanism for managing information security risks in logistics service systems is proposed, which is based on a categorical model of relationships between threats and vulnerabilities, involves the use of a matrix of consequences for assessing risks and developing justified measures to minimize them, and is also tested on the example of a transport enterprise. Based on the results of the assessment, the distribution of risks by significance levels is determined and response measures are developed. The effectiveness of the proposed approach is confirmed by the consistency of expert assessments and the improvement of the integral indicator of risk management effectiveness

risk management and assessment, risk management in logistics service systems, risk assessment process, systematization of the risk assessment process, information security risk management mechanism in transport service systems

1. Smerichevskyi, S., Mykhalchenko, O., Poberezhna, Z., Kryvovyazyuk, I. (2023). Devising a systematic approach to the implemen-tation of innovative technologies to provide the stability of transportation enterprises. Eastern-European Journal of Enterprise Technologies, 3 (13 (123)), 6–18. https://doi.org/10.15587/1729-4061.2023.279100

2. Floreale, G., Baraldi, P., Lu, X., Rossetti, P., Zio, E. (2024). Sensitivity analysis by differential importance measure for unsupervised fault diagnostics. Reliability Engineering & System Safety, 243, 109846. https://doi.org/10.1016/j.ress.2023.109846

3. Coit, D. W., Zio, E. (2019). The evolution of system reliability optimization. Reliability Engineering & System Safety, 192, 106259. https://doi.org/10.1016/j.ress.2018.09.008

4. Sultana, S., Salon, D., Kuby, M. (2021). Transportation sustainability in the urban context: a comprehensive review. Geographic Perspectives on Urban Sustainability, 13–42. https://doi.org/10.4324/9781003130185-2

5. Shahjee, D., Ware, N. (2022). Integrated Network and Security Operation Center: A Systematic Analysis. IEEE Access, 10, 27881–27898. https://doi.org/10.1109/access.2022.3157738

6. Dubois, D. (2010). Representation, Propagation, and Decision Issues in Risk Analysis Under Incomplete Probabilistic Information. Risk Analysis, 30 (3), 361–368. https://doi.org/10.1111/j.1539-6924.2010.01359.x

7. Fertis, A., Baes, M., Lthi, H.-J. (2012). Robust risk management. European Journal of Operational Research, 222 (3), 663–672. https://doi.org/10.1016/j.ejor.2012.03.036

8. Joshi, N. N., Lambert, J. H. (2011). Diversification of infrastructure projects for emergent and unknown non-systematic risks. Journal of Risk Research, 14 (6), 717–733. https://doi.org/10.1080/13669877.2011.553733.

9. Maselli, G., Macchiaroli, M. (2020). Tolerability and Acceptability of the Risk for Projects in the Civil Sector. Smart Innovation, Systems and Technologies, 686–695. https://doi.org/10.1007/978-3-030-48279-4_64

10. Reinert, J. M., Apostolakis, G. E. (2006). Including model uncertainty in risk-informed decision making. Annals of Nuclear Energy, 33 (4), 354–369. https://doi.org/10.1016/j.anucene.2005.11.010

11. Shapiro, A. (2013). On Kusuoka Representation of Law Invariant Risk Measures. Mathematics of Operations Research, 38 (1), 142–152. https://doi.org/10.1287/moor.1120.0563

12. Vanem, E. (2012). Ethics and fundamental principles of risk acceptance criteria. Safety Science, 50 (4), 958–967. https://doi.org/10.1016/j.ssci.2011.12.030

13. Zsidisin, G.A. (2003). A grounded definition of supply risk. Journal of Purchasing and Supply Management, 9 (5-6), 217–224. https://doi.org/10.1016/j.pursup.2003.07.002

14. Andersson, A., Hedstrm, K., Karlsson, F. (2022). Standardizing information security – a structurational analysis. Information & Management, 59 (3), 103623. https://doi.org/10.1016/j.im.2022.103623

15. The NIST Cybersecurity Framework 2.0 (2023). National Institute of Standards and Technology. https://doi.org/10.6028/nist.cswp.29.ipd

16. Kitsios, F., Chatzidimitriou, E., Kamariotou, M. (2022). Developing a Risk Analysis Strategy Framework for Impact Assessment in Information Security Management Systems: A Case Study in IT Consulting Industry. Sustainability, 14 (3), 1269. https://doi.org/10.3390/su14031269

17. Melnichenko, O., Ignatenko, O., Dmytrychenko, A., Dereguz, I. (2023). Logistics management of the system for providing transpor-tation services to the population: anti-crisis aspect. The National Transport University Bulletin, 1 (55). https://doi.org/10.33744/2308-6645-2023-1-55-200-210 [in Ukrainian]

18. Dobrovolska А., Dobrovolskiy О., Derehuz І. Development of a scientific-methodical approach to the systematization of the risk assessment process in logistics service systems // Multidisciplinární mezinárodní vědecký magazín “Věda a perspektivy” je registrován v České republice. Státní registrační číslo u Ministerstva kultury ČR: E 24142. № 9(52) 2025. str. 185-196. https://doi.org/10.52058/2695-1592-2025-9(52)-185-196

19. Khrutba, V., Kharchenko, A., Khrutba, Y., Kolbasin, M., Tsybulskyi, V., Silantieva, I., & Lysak, R. Applying a design mindset to develop a prototype of an electronic service for assessing the impact on the environment. Eastern-European Journal of Enterprise Technologies, 2022. Vol. 4. No. 2 (118), Р. 6-15. https://doi.org/10.15587/1729-4061.2022.262356

https://doi.org/10.33744/0365-8171-2026-119-383-393