Abstract
The legal tools applied in the context of IT technology development failing to solve the problems facing society. On the other hand, the development of innovation is sometimes hindered. The intensity of the development of information systems and technologies requires highly flexible and adaptive approaches to cybersecurity. One of these approaches is IT risk assessment. There are currently many methodologies that can be used to effectively assess cyber threats. For institutions with multiple exposures, the correlation between different positions may not be correctly estimated. Measuring known risk is a common problem in risk assessment practice. In order to develop a simple IT risk assessment method, the article examines existing IT risk assessment methods, proposes IT risk assessment solutions and presents the results of practical application.
Highlights
Daugumos organizacijų situaciją apsunkina programinės įrangos, skirtos IT rizikai įvertinti ir valdyti, funkcionalumo apribojimai
Prieiga per internetą: https://nvlpubs.nist.gov/nistpubs/Legacy/SP/ nistspecialpublication800-30r1.pdf National Institute of Standards and Technology
Summary
ISO standartai apibūdina IT riziką kaip tam tikrą grėsmę organizacijai, pasinaudojant turto ar turto grupės pažeidžiamumu. – pagal NIST SP 800-30 rizika – tai tikimybė, kad tam tikras grėsmės šaltinis turi ypatingą galimą pažeidžiamumą, dėl kurio organizacijai daromas neigiamas poveikis (National Institute of Standards and Technology, 2012);. – pagal NIST FIPS 200 rizika yra poveikio lygis organizacinėms operacijoms (įskaitant misiją, funkcijas, įvaizdį ar reputaciją), organizacijos turtui ar asmenims, atsirandantis dėl grėsmės ar jos tikimybės informacinei sistemai (National Institute of Standards and Technology, 2014).
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
