Research based on tools investigation of security risk assessment according to the information systems resources
DOI:
https://doi.org/10.18372/2410-7840.19.11443Keywords:
information security, risk, risk assessment, analytic-synthetic tuple model, tools for information security risk assessment, threat, vulnerability, risk characteristicsAbstract
One of the main stages of integrated systems construction for protecting information resources is risk assessment. Often, specialists of the companies to increase the efficiency of information security pay attention to the choice of adequate tools of information security risks assessment that will meet the relevant requirements. Nowadays there is a wide range of such tools. For their rational choice, a variety of risk assessment tools have been investigated to determine the set of necessary comparative characteristics. According to the mentioned means, taking into account the known analytical-synthetic tuple model of risk characteristics, a tuple is formed, which makes it possible due to the certain parameters, to unify the process of comparative analysis of such means. This will enhance the effectiveness of the choice implementation to solve the corresponding tasks of information security.References
Корченко А.Г. Бистабильная интегрированная кортежная модель характеристик риска / А.Г. Корченко, С.В. Казмирчук, А.Ю. Гололобов, Ю.А. Дрейс // Защита информации – 2016. – Том 18 №4. – С. 314-323.
Model-Driven Risk Analysis. Chapter: A Guided Tour of the CORAS Method, Mass Soldal Lund, Bjørnar Solhaug, Ketil Stølen, 2011, SINTEF ICT, Oslo, Norway, pp 23-43.
Expression des Besoins et Identification des Objectifs de Sécurité EBIOS, Méthode de gestion des risques, ANSSI/ACE/BAC, Paris, Version du 25 janvier 2010, 95 р.
Quantitative Risk Assessment with ISAMM on ESA’s Operations Data System [Electronic resource] [Carlo Harpes, André Adelsbach, Stefano Zatti, Nestor Pec-cia] / Itrust consulting, 2017 – Access mode: World Wide Web. – URL: https://www.itrust.lu/ wp-con-tent/uploads/ 2007/ 09/publications_ TTC_ 2007_abstract_risk_assessment_with_ISAMM.pdf (19.01.2017).
IRAM2 Managing information risk is a business essential [Electronic resource] / Information Security Forum Limited, 2014 – Access mode: World Wide Web. – URL: https://www.securityforum.org/ up-loads/2015/03/ISF-IRAM2-ES.pdf (20.01.2017).
Practical Threat Analysis in-depth [Electronic resource] / PTA Technologies, 2013 – Access mode: World Wide Web. – URL: http://www.ptatechnolo-gies.com/default.htm (20.01.2017).
Корченко А.Г. Анализ и оценивание рисков информационной безопасности / А.Г. Корченко, А.Е. Архипов, С.В. Казмирчук // Монография. – К.: ООО «Лазурит-Полиграф», 2013. – 275 с.
Шевченко А. Метод оцінювання ризиків з урахуванням впливу механізмів захисту інформації на параметри безпроводових інформаційно-телекомунікаційних систем під час інформаційних операцій / А. Шевченко, О. Кокотов // Безпека информации – 2014. – Том 20 №1. – С. 7-11.
Downloads
Published
How to Cite
Issue
Section
License
The scientific journal adheres to the principles of Open Access and provides free, immediate, and permanent access to all published materials without financial, technical, or legal barriers for readers.
All articles are published in Open Access under the Creative Commons Attribution 4.0 International (CC BY 4.0) license.
Copyright
Authors who publish their works in the journal:
-
retain the copyright to their publications;
-
grant the journal the right of first publication of the article;
-
agree to the distribution of their materials under the CC BY 4.0 license;
-
have the right to reuse, archive, and distribute their works (including in institutional and subject repositories), provided that proper reference is made to the original publication in the journal.
