Abstract
Based on statistical data, a contradiction is shown between an increase in financial investments in the information security (IS) of organizations and a steady increase in the number of IS incidents caused by internal users. A conclusion is made about the cognitive vulnerability and low degree of validity of modern IS risk assessment methods. Stereotypes have been identified, the result of which are cognitive errors in assessing IS risks: the priority of technical protection of information from external threats of IS over organizational and technical protection from internal threats; distrust of the internal client, perception of it exclusively as an object of tough managerial influence, ignoring its subjective role in IS management; restriction of work with personnel within the IS management system with one-time measures and static criteria for assessing human risks and inattention to systemic measures and dynamic, situational criteria. The necessity of updating standards for IS risk management, as well as the development of new methods and tools for assessing, IS risks based on rejecting outdated stereotypes, is substantiated.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
