“Evaluating the threat to national information security”

An effective strategy for managing the national information security with capabilities to resist information threats significantly impacts its further development. This study aims to assess the level of threat to the information security of countries based on the integral index. It is proposed to use five indicators characterizing individual areas of information security and 37 world development indicators, selected from the World Bank database. Correlation analysis selected 12 out of 37 development indicators relevant to security indicators for which the correlation coefficient exceeded 0.5 or –0.5. The Harrington-Mencher function is proposed to determine the information security threat index. Nonlinear normalization was carried out to bring the initial data to a comparable measurement. Canonical analysis was performed to determine the indicator weights. The data from 159 countries were taken for 2018 to assess the index. The result was presented on the map showing countries’ distribution by the information security threat index, thus forming five groups. The group with a “very well” resistance to threats includes economically developed countries with a high level of information security. The “well” group was formed by new industrial and developing countries with economic potential sufficient to prevent information threats and combat their consequences. The information security level in developing countries, where the results of overcoming information threats will affect the economic sphere, is defined as “acceptable”. Countries with a low level of development and information security formed groups designated as “bad” and “very bad”, which indicates a high level of threats to their information security.


INTRODUCTION
No sphere of human activity is carried out without digital and computer technologies, caused by the critical growth of information that requires processing, analysis, and effective use. On the other hand, increased information flows generate the risk of using information for criminal purposes. At the national level, this can lead to information wars, cyber-terrorist operations to steal classified information, the disclosure of personal data of clients of companies, banks, etc. As a result, such actions can violate the balance of social attitudes in society, the balance of political forces, can lead to financial losses for large companies, change the attitude of international funds, organizations, and investors towards cooperation with such countries. As a result, there is a decrease in government administration efficiency, which leads to the inhibition of its development.
The issues related to information security are relevant not only for government agencies but also for business entities and the country's population. Accordingly, the consequences of information wars, cyber terrorism, massive hacker attacks, and other threats can affect the country as a whole and an individual or a company. The results of

LITERATURE REVIEW
Scientists from all over the world are researching information security issues. To analyze their scientific works, a bibliometric map was constructed based on papers from the Scopus database (Scopus, 2020) using the VOSviewer software product (VOSviewer, 2020). The map was constructed based on the clusters of keywords used in scientific publications and related to information security and economics ( Figure 1).

Figure 1. Bibliometric map constructed based on keywords from publications on the Scopus database
The map shows 7 clusters of publications ( Figure  1), each highlighted in a different color. The red cluster is formed by studies highlighting a wide range of general issues related to information security. They include those devoted to the development of economics, law, standardization, and the development of strategies in this area. Thus, Topa and Karyda (2019) provide guidance on developing standards to improve its information security management practices. Kosevich (2020) offers examples of information security strategies that consider the specifics of the country's development. Dincelli (2018) highlights the impact of cultural differences on information security and the development of an appropriate strategy to combat information threats. Negative consequences in the information environment and violation of the national political stability can cause external political conflicts (Kirilenko & Alexeyev, 2018). As part of the emergence of internal conflicts, the persecution of freedom of speech can pose a threat to the country's information security, which requires a review of legal aspects (Omirzhanov et al., 2017). Park (2019) also notes that legislation's ineffectiveness is one of the reasons for the violation of information security within the state by business entities.
The green cluster ( Figure 1) reflects research related to blockchain technology, artificial intelligence, cryptography, cloud technology, knowledge management, etc. This cluster explores the possibilities of various modern technologies for information protection in economics, finance, and management. Klyaus and Gatchin (2020) suggest using the mathematical model for information security controls optimization and evaluating the information security systems' effectiveness using the gradient method. Fuzzy logic method can be used to protect personal data (Dorosh, Voitsekhovska, & Balchenko, 2019). For more complex systems, Schmitz and Pape (2020) recommend using comprehensive approaches, one of which is a lightweight, domain-specific framework to support information security decision-making. One of the promising methods may be blockchain technology (Warkentin & Orgeron, 2020). Brožová, Šup, Rydval, Sadok, and Bednar (2016) apply the semantic network to develop a decision-making network and network process that considers qualitative and quantitative data.
The blue cluster ( Figure 1) concerns information security management, cybercrime, risk, and personal security research. It also covers works that highlight security issues for society and risk management issues related to cyber threat warnings. Within the framework of this cluster, the success factors of information security management of small and medium-sized enterprises are investigated, namely the compliance of information security management with the company's business activities, support of top management, security controls, and organizational awareness, with the emphasis on organizational awareness (Ključnikov, Mura, & Sklenár, 2019). Singh and Gupta (2019) also emphasize the importance of top management support, organizational information security culture, and proper monitoring system for information security management. As one of the effective information security management measures, Bekmuratov et al. (2020) proposed the concept of building an automated information security system at the enterprise.
The yellow cluster (Figure 1) reflects the research on information security management, policy, and investment. Publications of this cluster reveal the problems of information management and the development of appropriate measures. Thus, Frolova, Polyakova, Dudin, Rusakova, and Kucherenko (2018) highlight possible measures that ensure the management of the information security system at the micro and macro levels in the applied and legal aspect. The results of ineffective information security management at the national level can lead to a decrease in any state's investment attractiveness. As a result, this will negatively affect the development of the national economy, which is the subject of research by Cardholm (2015). Therefore, it is important to develop information security management programs, investment in which increases companies' value and creates a favorable investment climate in the country (Deane, Goldberg, Rakes, & Rees, 2019). Burke, Oseni, Jolfaei, and Gondal (2019) suggest using cybersecurity indices to measure it in the health care sector, Yunis and Koong (2015) -a comprehensive cybersecurity index that takes into account many factors. Jazri, Zakaria, and Chikohora (2018) focus on creating a cybersecurity improvement index. Popova, Korostelkina, Dedkova, and Korostelkin (2019) study the indicators of its development in the conditions of digitalization of the economy. In practice, to improve the efficiency of information security management in countries, several indicators are used that characterize certain areas of information security. They include the Global Cybersecurity Index, the National Cyber Security Index (e-Governance Academy Foundation, 2020), which allows assessing the priority areas needed to improve the national cybersecurity. These indicators are calculated according to different metrics and methods and show the country's rating among other states of the world. In contrast, the country may have radically different positions according to these indices, leading to difficulties in developing an information security strategy at the national level. It should be noted that the process of determining indicators related to information security does not take into account the aspect of the economic, social, and political development of the state. This is important for those cases when information security threats arise in the country, and knowledge of the development level will help develop a forecast of how the country will be able to quickly respond and recover after the information crisis.
The fifth cluster of publications (lilac) highlights the aspect of national security for the digital economy, i.e., reveals the issues of information protection and control in this area. Thus, Sonny (2011) examines the concept of national security in the context of its growing dependence on information technologies. Kshetri (2017) examines the imperatives of the US National Cyber Commission's Report on the Provision and Growth of the Digital Economy, which was developed in response to the rise in cyber threats.
The sixth and seventh clusters are small and reflect aspects of cyber threat detection systems, network security, data mining, and relate to e-commerce, i.e., they outline specific areas.
The analysis of research conducted by foreign scientists shows various approaches to the problem of information security. One can highlight the yellow cluster publications concerning the use of indexes in the framework of information security management strategies. However, the problem is that these indicators are used to evaluate certain areas of information security, such as cybersecuri-ty. Information security is a complex concept that covers security at the macro and micro levels, and also includes the legislative framework, agencies that ensure information security, software and hardware, security policy, and industry professionals. At the same time, its level is affected by the development of the country. Therefore, to assess the level of its threat, it is necessary to consider the complexity of this concept.

AIMS
This study aims to assess the level of threat to national information security based on the integral index, which considers the indicators of its development and information security.

Data collection
The integral index of the threat to the national information security is an indicator that summarizes, on the one hand, the characteristics inherent in the national information security system regarding its capabilities to prevent cyber threats, and, on the other hand, the characteristics that represent the development of the country. Therefore, it is important to consider both characteristics when calculating the index. That is why two groups of indicators were chosen. The first group was formed by indices used to assess individual areas of the national information security: Global Cybersecurity Index measures the level of cybersecurity for the member countries of the International Telecommunication Union; the National Cyber Security Index determines the level of readiness to counter cyber threats; ICT Development Index characterizes the level of development of information technologies in the country; the Networked Readiness Index measures the degree of a country's technological readiness to apply the latest information and communication technologies in various fields; Digital Development Level characterizes the level of digitalization of the country (e-Governance Academy Foundation, 2020). Each of these indicators is in-tegral and allows evaluating the state information security management system in terms of its software, technical, and information support.
Indicators from the World Bank database were studied to form the indicators of the second group (The World Bank, 2020). Applying the methods of scientific knowledge (analysis, synthesis and deduction) to the subject area, 37 indicators were selected that characterize the development of the country (see Appendix) and can affect information security. This enabled us to assume that there is a connection between the selected development indices and security indicators. To prove its presence or absence, a correlation analysis was carried out in the STATISTICA analytical package (StatSoft, 2020) for data from 159 countries up to 2018. The number of countries and the period is determined by the availability and completeness of data for each of the selected indicators in the World Bank and e-Governance Academy Foundation databases. The results of the correlation analysis are shown in Figure 2. Figure 2 shows the values of correlation coefficients for 37 selected indicators of the country's development in the context of five indices of information security. For further research, only relevant indicators should be selected for which the value of the correlation coefficient is approximately equal to or greater than 0.5 or -0.5, which will indicate a close relationship between the indicators. Thus, indicators 1, 2, 5, 8, 10, 11, 13, 14, 20, 26, 27, and 30 were selected according to this criterion and will be used to develop the integral index.

Research methodology
The calculation of the information security threat index includes the following stages.

Stage 1.
Normalization of the input data array for comparing different measured indicators. There are many normalization methods, but nonlinear normalization was chosen for the first stage, which more efficiently smoothes the data with dif-   4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29  The first type of the curve: S-shaped growth, symmetric curve:  The second type of the curve: S-shaped growth, asymmetric curve with rapid initial growth: y -any comparable pair within the same country within the same indicator.
The sixth type of the curve: S-shaped, falling, asymmetric curve with slow initial decline:    Table 1 are used.

RESULTS AND DISCUSSION
The proposed approach for determining the integral indicator of the threat to national information security was consistently implemented for the selected empirical data. Thus, at the first stage, applying formula (1), normalized data were obtained for indicators of development and security indicators after normalization using MS Excel. A fragment of the results is shown in Table 2.
In the second stage, the STATISTICA analytical package was used for a canonical analysis of the interdependence of security indicators and indicators of the country's development. The results are systematized in Table 3.
"Canonical R" column in Table 3 shows a strong relationship between security indicators and development factors, and for most factors (R ≥ 0.7), while the relationship is significant for "Life expectancy", "Mobile cellular subscriptions", and "Revenue, excluding grants" since 0.7 > R ≥ 0.5. Its statistical significance is confirmed by the high value of the Pearson test ("Chi-square" column), the significance level of which does not exceed  0.05 (p = 0.0000). The column "Total redundancy" presents the values of redundancy for indirect impact factors, which are explained by the variability of information security indicators. For example, the indicator "GDP per capita" by 52.21% is explained by changes in information security indicators, i.e., their variation leads to a change in GDP per capita by 52.21%. Since development factors influence the country's level of information security indirectly, the obtained values of variability will allow using them as weights of the impact of these indicators when calculating the integral indicator of information security.
At step 3.1, the statistical database indicators' normalized values were transformed into the dimensionless Harrington desirability scale using the formula (3). A fragment of the obtained data is shown in Table 4.
At step 3.2, for each component of the information security threat index, a graph is constructed, and the shape's analysis made it possible to determine the type of curve. As a result, 17 graphs were obtained, the dependencies on which were identified only by two types of curves. Thus, the second type of the curve is characteristic of the following indicators: GDP per capita; GNI per capita; Revenue, excluding grants; Networked Readiness Index; National Cyber Security Index. An example of the result obtained for the GDP per capital indicator is shown in Figure 3. For all other indicators, the first type of the curve was identified, an example of which for the Control of corruption: estimate indicator is shown in Figure 4. The choice of the type of curve allowed for a further transformation of the Harrington-Mencher function, which is used to determine the integrated index of information security threats.
Based on the preliminary step results, for indicators with the first type of the curve, formula 4 was chosen for calculation * , ij d and for indicators with a curve of the second type, formula 5 was chosen. The corresponding calculations were carried out in MS Excel, a fragment of which is shown in Table 5.
In the process of calculating the Harrington-Mencher transformations for a curve of the second type, it was necessary to determine , II ij d , II ij y (formula 5). For this purpose, the data were taken for a comparable country. The countries with the average value of the corresponding indicator were selected, as this reduced the gap between the countries with the highest and lowest indicators of development and security. Based on the transformations, the integral index of information security threat was calculated using formula 10, and a map of the distribution of countries by the index of information security threat was constructed ( Figure 5).
As a result, five groups of countries were obtained; the level of the country's development and information security are determined by their ability to counter threats to information security. Thus, 47 countries have a "very well" level of counteraction to threats: Western, Northern, and Southern Europe, the United States, Canada, Australia, Japan, New Zealand, Malaysia, Saudi Arabia, Israel, etc. ( Figure 5). This group was formed by countries that are mostly developed, have a strong economy, high scientific and technical potential, apply strategic approaches to information security management at the country level. They have the highest opportunities compared to other countries to counter cyber threats, information terrorism, which decreases the status of protecting national interests and personal interests. Therefore, they have great advantages over others in terms of response speed in the case of destabilization of the level of information security and have the resources to recover, which will not affect further development.
According to the results, 20 countries were assigned to the group with a qualitative rating of "well". It was formed by several new industrial countries -Brazil, China, the Philippines, South Africa, Thailand, Turkey, and several developing countries -Albania, Argentina, Armenia, Kazakhstan, the Russian Federation, etc. These countries have   Figure 5. Map of the distribution of countries according to the information security threat index sufficient economic potential, but their real information security indicators show deviations from the indicators of the "very well" group, especially for the National Cyber Security Index and ICT Development Index. Thus, the countries of this group need to change approaches to managing the country's information security system, improve cyber security standards, strengthen legal responsibility for cyber incidents, increase the level of protection of personal data of Internet and mobile users, and reform the institutions responsible for information security in the country.
The countries assigned to the "acceptable" group are 24 developing countries: Azerbaijan, Belarus, Moldova, Mongolia, Morocco, Peru, Tunisia, Ukraine, etc. This group is characterized by indicators of the country's development at the level of "well", but the level of information security is significantly lower than in the countries of the previous group. Therefore, in cases of situations associated with cyber terrorism, the countries of the "acceptable" group will be able to get out of the critical situation, but the consequences will significantly affect the social, economic, and political spheres. In contrast to the previous group, these countries should also develop a set of strategic measures that will contribute to the development of digital and computer technologies for information security. They can also include programs to improve the training level of cybersecurity specialists, make changes to security policies, legislative rules, introduce technologies to make decisions and prevent corruption in various areas, create plans for managing cyber crises, change approaches to protecting personal data, digital and computer services, etc. It is very important to create conditions associated with the organization of the listed activities and the ability to create long-term plans considering the latest achievements of the fourth industrial revolution to coordinate projects and startups in the IT field at the state level, and monitor their effectiveness.
The "bad" group includes 19 countries -Algeria, Barbados, Bolivia, Egypt, Guatemala, India, Iran, Uzbekistan, etc., the "very bad" group -49 countries: Afghanistan, Cameroon, Cambodia, Libya, Mozambique, Nicaragua, Nigeria, Sudan, Tajikistan, Turkmenistan, etc. The countries of these groups are characterized by low or very low indicators of the country's development and the level of organization of information security. Accordingly, the risk of the information security threat to these countries is critical or significantly critical, i.e., they are more vulnerable. Their available economic resources are not sufficient to overcome the consequences of the cyber crisis, information terrorism, or information war. On the other hand, the risk that they will become the targets of cyber-terrorists is low compared to the countries of the "very well", "well", and "acceptable" groups. It can be assumed that the increase in the level of social and economic development of such countries will significantly affect measures aimed at increasing level of the country's information security. That is why the task of their development should become one of the main strategies for improving the state of information security.
The results of assessing the threat to information security based on the index can be considered adequate since the resulting groups of countries enlist states that are the same in the development category, which was demonstrated during the analysis of the results. The groups do not have a combination of countries that are fundamentally opposite in terms of the degree of development and information security level.

CONCLUSION
The results of the study led to several conclusions. The proposed assessment of the level of threat to the national information security takes into account not only individual areas, such as the level of cybersecurity, development of information technologies, the degree of digitalization and informatization, but also the level of development. The index's calculations enabled to form five groups of countries and carry out their qualitative identification and visualization in the form of a map of countries distributed by groups. In most cases, the "very well" group was formed by economically powerful countries with a high level of information security. The level of their resistance to threats is the highest one, indicating the significant capabilities of these countries to overcome the consequences of information wars and threats. The "well" group includes new industrial countries and developing countries. Their level of resistance to threats suggests that these countries should improve their information security management strategy since there are some problems related to standardization, legal aspects, organization of information security institutions, etc. Developing countries with mediocre economic development indicators and the level of information security formed the "acceptable" group, which included Ukraine.
Their level of resistance to information security threats indicates that the consequences of information threats will affect the economic, social, and political spheres. Therefore, these countries should reform the management strategy and develop programs to attract investment in the development and application of modern software and technological solutions in the field of information security. Countries with low socioeconomic development and low security and least developed countries are identified as "bad" and "very bad". These countries should solve tasks to improve the development level, which will stimulate an increase in the efficiency of the information security system.
The results obtained can be used to further predict the country's capabilities to withstand information threats and quickly overcome their consequences. The index's value will contribute to the development of information security management strategies and can be taken into account when forming the country's development plans. In the future, the proposed assessment can be improved by clustering countries and taking these results into account when justifying the groups' qualitative characteristics.