Introduction. In the context of rapid development of information technologies and the increasing complexity of cyber threats, ensuring an adequate level of cybersecurity for departmental information and communication systems (ICS), especially in the defense sector, becomes critically important. The growing dependence on ICS necessitates systematic approaches to assessing their security level. Problem statement. Existing state and international standards such as ISO/IEC 27001 (DSTU), as well as NIST methodologies and maturity models like CMMC, define cybersecurity requirements but do not provide a sufficiently formalized, compact, and adaptable assessment framework for departmental structures. The absence of a unified approach complicates comparative analysis between organizational units and the formation of an aggregated departmental-level assessment. Purpose. The purpose of this study is to develop a method for assessing cybersecurity provision in departmental ICS, enabling quantitative evaluation of implemented security measures based on the Information Security Management System (ISMS) requirements of ISO/IEC 27001. Materials and methods. The study applies system analysis, expert evaluation methods, and generalization of international cybersecurity practices. The proposed method is based on evaluating three components: documentary support (availability and relevance of policies and procedures), depth of policy content (ISO/IEC 27001-based checklists), and technical implementation (availability and deployment of security controls). The assessment uses equally weighted coefficients and aggregates results at both unit and departmental levels. Results. The study proposes a unified method that enables standardized assessment of cybersecurity provision across organizational units, identification of weaknesses in organizational, procedural, and technical domains, and comparative analysis between units. A departmental-level assessment approach based on the minimum unit score is introduced, reflecting the “weakest link” principle. The method is compatible with security profile frameworks and can be integrated with automated compliance assessment tools such as SCAP/OpenSCAP. Conclusions. The proposed method improves objectivity, repeatability, and formalization of cybersecurity assessment processes in departmental ICS. Its application enhances cybersecurity management effectiveness, ensures alignment with international standards, and provides a foundation for further development of regulatory and methodological frameworks in the protection of state information systems.
O. Mazulevskyi (Fri,) studied this question.
Synapse has enriched 5 closely related papers on similar clinical questions. Consider them for comparative context: