Development of a mechanism for information security risk management of transport service provision systems

Abstract

The object of the study is the process of analysis, assessment, and management of information security risks in transport service provision systems. The problem of applying the information security risk management approach in the activities of transport business entities was investigated. As a result of the application of effective forms, methods, and means of information security risk management based on international standards, a risk management mechanism was developed. The risk assessment process of transport systems has been systematized. This allows business entities in the transport sector to determine ways to prevent and counter information threats and challenges in their activities, both when designing and operating systems for providing transport services. Verification of the devised methodical approach to information security risk management was carried out on an example of the taxi company «Taxifay N». Threats and challenges of the company’s information system were evaluated by an expert method. Based on the results of the analysis of expert risk assessment, it was found that the concordance coefficient (0.86) confirms the high level of agreement of experts’ opinions. As a result, the company’s information security risk management program was developed. The effectiveness of the program was assessed by the efficiency ratio, which was 0.64. This testifies to the effectiveness of the implemented program of measures to manage information security risks. The scope of application may be the activity of business entities that provide transport services to the population, aimed at data storage and processing. The prospect of this study is to expand the list of threats and categories of vulnerabilities depending on the characteristics of the economic activity of various enterprises