Abstract
The article proposes an approach to assessing the risks of information security of automated technological process control systems, state information systems, municipal information systems, personal data information systems and critical information infrastructure facilities based on the requirements of the legislation of the Russian Federation in the field of protection of these types of information systems, the draft of State Standard R ISO/IEC 27005, planned to be adopted in the near future, and standards for risk assessment within the framework of processes in the life cycle State Standards 59329-59357 published in 2021. These standards are based on State Standard R 57193-2016, which describes the life cycle processes of human-made systems. The problem of processing residual risk in relation to unacceptable risks was considered, after the analysis of which another principle of safety management was proposed. A methodology for assessing confidence in the risk management system was obtained, with the help of which it is necessary to build a risk management system at the objects of critical information infrastructure.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
