Abstract
Information security risk assessment is an important part of enterprises’ management practices that helps to identify, quantify, and prioritize risks against criteria for risk acceptance and objectives relevant to the organization. Risk management refers to a process that consists of identification, management, and elimination or reduction of the likelihood of events that can negatively affect the resources of the information system to reduce security risks that potentially have the ability to affect the information system, subject to an acceptable cost of protection means that contain a risk analysis, analysis of the “cost-effectiveness” parameter, and selection, construction, and testing of the security subsystem, as well as the study of all aspects of security.
Highlights
Security Risk Assessment.Over time, the complexity of information systems is increasing, and, the issues of information security are becoming increasingly important for any organization.In this context, particular attention is paid to the analysis and assessment of information security risks as a necessary component of an integrated approach to information security.Typical analysis of information security risks is performed during the information security audit of a system or the design stage
Risk management refers to a process that consists of identification, management, and elimination or reduction of the likelihood of events that can negatively affect the resources of the information system to reduce security risks that potentially have the ability to affect the information system, subject to an acceptable cost of protection means that contain a risk analysis, analysis of the “cost-effectiveness” parameter, and selection, construction, and testing of the security subsystem, as well as the study of all aspects of security
In order to solve the problem of information security risk assessment, many software packages have been created according to the developed methods, which are used by enterprises and auditors [22]
Summary
The complexity of information systems is increasing, and, the issues of information security are becoming increasingly important for any organization In this context, particular attention is paid to the analysis and assessment of information security risks as a necessary component of an integrated approach to information security. While relevant for specific audiences, such studies are either too extensive or too specific, not providing a summary for potential researchers and adopters in the area of information security risk assessment. This entry provides an analysis and comparison of existing methods of information security risk assessment, highlighting their common features, benefits, and shortcomings.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.