RESEARCH ON ISSUES OF INFORMATION SECURITY RISKS ASSESSMENT AND MANAGEMENT IN THE SECURITY AND DEFENSE SECTOR AND FORMATION OF SECURITY LEVEL INDICATORS

Volodymyr Tkach,Oleksandr Shemendiuk,Oleksiy Cherednychenko

doi:10.28925/2663-4023.2024.26.636

Volodymyr Tkach, Oleksandr Shemendiuk + Show 1 more

https://doi.org/10.28925/2663-4023.2024.26.636

Copy DOI

Export

Save

Cite

Abstract
Full-Text
Similar Papers

Abstract

Listen

It is known that the management of the security and defense sector includes various resources — information, personnel (staff), planning, training, conducting combat operations (operations), logistics and operational support. A well-known factor in increasing their viability is the effective use of information systems. In connection with the emergence of new threats that are constantly changing and circulating in information systems, a problem arose regarding the assessment and management of information security risks in the security and defense sector and the issue of forming indicators of the level of information security. The article proposes: the concept of RME, the feasibility of its implementation, the definition of information security risk, the calculation of the expected value of the result of risky activities and what needs to be determined when managing information security risks, the methodology for managing information security risks, methods for assessing risks, both qualitative and quantitative, and the procedure for determining the expected amount of damage (loss) to military information, engineering measures for information protection and measures for the level of qualification and reliability of personnel and their assessment. It should be noted that the above tasks can be achieved through the application of successful and effective risk management, clarification of the management bodies of the procedure for assessing information security, responsibilities for determining and applying the process of processing information security risks. It is assumed that the proposed studies on the assessment and management of information security risks, the formation of the level of information security, will allow determining the most appropriate approach to assessing the information protection system, which can be taken into account in practical work. The implementation of the planned approach will significantly improve the process of assessing information security risks, compare different harms and probabilities, form indicators and criteria for the level of information security and, as a result, can become the basis for assessing and managing risks and forming indicators for the level of information security.

Full Text