Risk-based approach for protecting critical infrastructure facilities: specifics of application by law enforcement agencies
DOI:
https://doi.org/10.56294/saludcyt20251793Keywords:
critical infrastructure, law enforcement agencies, risk, risk-based approach, threatAbstract
Introduction: the purpose of this article is to examine the specifics of the use of risk-based approach by some law enforcement agencies of Ukraine, in particular, when protecting critical infrastructure, and to develop recommendations for improving this process.
Methods: the following methods were used in the course of the research: method of theoretical generalization; monographic; methods of induction and deduction; methods of structural, logical and semantic analysis; system and structural; dialectical.
Results: it is proved that the risk-based approach always deals with probable categories, calculations of possible impact and works to prevent the threat from materializing, minimize its impact or minimize the consequences. The authors offer their own vision of the model for applying a risk-based approach in protecting critical infrastructure facilities, which consists of the indicated stages. In their view, the very idea, main goal, and content of RBA in ensuring CI security presuppose its application in 3 interconnected spheres (the security sphere; counterintelligence and operational-search activities; pre-trial investigation system) of law enforcement activity to form a complete system.
Conclusions: the advantages of applying RBA in fighting the threats to critical infrastructure are highlighted.
References
1. FATF. FATF Recommendations; 2025. https://www.fatf-gafi.org/content/dam/fatf-gafi/recommendations/FATF%20Recommendations%202012.pdf.coredownload.inline.pdf
2. Federation of European Risk Management Associations. About us; 2025. https://ferma.eu/about-ferma/
3. Committee of Sponsing of the Treadway Commission. About us; 2025. https://www.coso.org/about-us
4. LLC "INTERSERT-UKRAINE". ISO 31000 series of standards. Risk management; 2025. https://intercert.com.ua/articles/regulatory-documents/311-iso-31000-risk-management
5. ISO. ISO 31000:2018 Risk management — Guidelines; 2018. https://zakon.isu.net.ua/sites/default/files/normdocs/dstu_iso_31000_2018.pdf
6. Mokhor V, Bogdanov O, Kruck O, Tsurkan V. An attempt to localize ISO Guide 73:2009 "Risk Management-Vocabulary". Ukrainian Scientific Journal of Information Security. 2012; 2 (18): 12-22. https://doi.org/10.18372/2225-5036.18.3421
7. Kulyk H. Standardization of risk management: public administration aspect. Theory and practice of public administration. 2012; 2 (37): 103 – 111.
8. Nekrasov V, Katamadze H. Risk-based approach (RBA) in the activities of law enforcement agencies. In: Realization of the philosophy of “intelligence-led policing” in the criminal analysis system of the National Police of Ukraine. Kyiv: “Vait”; 2024: 311 – 341. 10.36486/978-966-2310-66-5-25
9. Law of Ukraine of December 06, 2019 No. 361-IX “On Prevention and Counteraction to Legalization (Laundering) of Criminal Proceeds, Terrorist Financing and Financing of Proliferation of Weapons of Mass Destruction”. https://zakon.rada.gov.ua/laws/show/361-20#Text
10. Law of Ukraine of October 14, 2014 No. 1702-VII “On Prevention and Counteraction to Legalization (Laundering) of Proceeds of Crime, Financing of Terrorism and Financing of the Proliferation of Weapons of Mass Destruction” (expired). https://zakon.rada.gov.ua/laws/show/1702-18#Text
11. Resolution of the Board of the National Bank of Ukraine of May 19, 2020 No. 65 “Procedure for Banks to Conduct Financial Monitoring”. https://zakon.rada.gov.ua/laws/show/v0065500-20#Text
12. Law of Ukraine of June 21, 2018 No. 2473-VIII “On Currency and Currency Transactions”. https://zakon.rada.gov.ua/laws/show/2473-19#Text
13. Resolution of the Board of the National Bank of Ukraine of January 2, 2019 No. 8 “Regulation on the Procedure for Authorized Institutions to Analyze and Verify Documents (Information) on Currency Operations”. https://bank.gov.ua/ua/legislation/Resolution_02012019_8
14. FATF clarifies risk-based approach: case-by-case, not wholesale de-risking. FATF; 2024. https://www.fatf-gafi.org/en/publications/Fatfgeneral/Rba-and-de-risking.html
15. Law of Ukraine of January 28, 2021 No. 1150-IX “On the Economic Security Bureau of Ukraine”. https://zakon.rada.gov.ua/laws/show/1150-20#Text
16. Order of the Economic Security Bureau of Ukraine of January 02, 2023 No. 36 “On the approval of the Procedure for the application of a risk-oriented approach in the Bureau of Economic Security of Ukraine”. https://zakon.rada.gov.ua/laws/show/z0350-23#Text
17. Draft Law of Ukraine of October 26, 2020 No. 3196-d “On Amendments to the Law of Ukraine “On the Security Service of Ukraine” to Improve the Organizational and Legal Framework of the Security Service of Ukraine”. http://w1.c1.rada.gov.ua/pls/zweb2/webproc4_1?pf3511=70243
18. Racketeer Influenced and Corrupt Organizations Act (RICO). Wex Definitions Team; 2023. https://www.law.cornell.edu/wex/racketeer_influenced_and_corrupt_organizations_act_(rico)
19. Hwang Y-W, Lee I-Y, Kim H, Lee H, Kim D. Current Status and Security Trend of OSINT. Wireless Communications and Mobile Computing. 2022; 2022: 1–14. https://doi.org/10.1155/2022/1290129
20. Șandor A. An Intelligence Perspective on Privacy and Data Protection Risks in social media. International conference KNOWLEDGE-BASED ORGANIZATION. 2020; 26(1): 151–156. https://doi.org/10.2478/kbo-2020-0023.
Downloads
Published
Issue
Section
License
Copyright (c) 2025 Khoronovskyi Oleg, Drozd Oleksii , Shevchenko Tetiana, Semeniuk Oleksandr, Samorai Oleh (Author)
This work is licensed under a Creative Commons Attribution 4.0 International License.
The article is distributed under the Creative Commons Attribution 4.0 License. Unless otherwise stated, associated published material is distributed under the same licence.
