Abstract
The possibilities and limits of the application of the risk-oriented approach (ROA) to the construction and research of the organization's information security system (ISS) are considered. Introduced four verbal specifications of the attacker, describing various aspects of his behavior and training, the socio-psychological context of his actions, the target settings of these actions, affecting the choice of the attacker's strategy, methods and ways to implement information threats. Accordingly the introduced specifications formed reflexive risk models. These are mathematical models whose structure and pa-rameters reflect (latin. reflexus) the characteristics of the attacker contained in its specification. A study of reflex-ive models has been carried out, which in a number of cases has made it possible to determine the limits of in-vestment in the GIS, as well as limitations in the appli-cation of the RRP to the construction of the GIS.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
