Modeling the Process of Evaluation of Information Security Risks and its Methodology by the Application of Computer Systems

Abstract

The main aim of the article is to study modeling the process of evaluation of information security risks by the application of computer systems. Thus, information security risk assessment and analysis of existing methods of information security risk assessment had been also studied in the article. The term "risk of information security" (IS) applies to the damage that can attack the information technology systems. IS risk is a wide range of potential threats, especially includes data violations, control measures, financial costs, reputation damage, etc. cover issues such as. IS risks include the failure of hardware and software, human errors, spams, viruses and harmful attacks, as well as natural disasters such as fires, cyclones or floods. Security risk assessment determines, assesses and implements key security controls in applications. It also focuses on prevention of software security defects and vulnerabilities. Information security risk is the potential probability of using vulnerabilities of an asset or group of assets as a specific threat to damage the organization.