ANALYSIS OF METHODS AND MEANS TO IMPLEMENT A RISK-ORIENTED APPROACH IN THE CONTEXT OF PROVIDING ENTERPRISE INFORMATION SECURITY
DOI:
https://doi.org/10.24025/2306-4412.1.2018.153279Keywords:
information technologies, information security, threats, vulnerability, information risks, risk assessment.Abstract
The article is devoted to the actual problem of the present – the information security development on the base of risk-oriented approach for solving the problems of information security management for an enterprise. Modern business development trends require the need for risk management. The authors research methods and tools that allow to implement a riskoriented approach in the context of providing enterprise information security and to analyze and evaluate information risks of information security system. The paper considers a series of the tools representatives, most commonly
used in this area, and analyzes several risk assessment methodologies, in particular CRAMM (UK) – the methodology for analysis and risk management, OCTAVE for assessing assets and vulnerability of information security, etc., and a series of regulatory documents, among which NIST SP800-30 (risk
management in information technology system); ISO/IEC 27005:2011 (information security risk management methods); ENISA (information security risk assessment) and many others. The analysis of the software advantages and disadvantages for the determination and assessment of information security
risks (CRAMM, CORAS, Risk Watch, OCTAVE, Oracle Crystal Ball) is presented and a number of recommendations according to the feasibility of using the considered software and management documentation taking into account relevant requirements and criteria of enterprises and organizations is
formed.
Downloads
How to Cite
Issue
Section
URN
License
Copyright (c) 2020 Т. В. Савельєва, О. М. Панаско, О. М. Пригодюк The authors who publish in this journal agree to the following terms:The authors reserve the right to authorship of their work and give the journal the right to first publish this work under the terms of the Creative Commons Attribution License CC BY-NC, which allows other persons to freely distribute published work with a mandatory reference to authors of the original work and the first publication of the work in this journal.
Authors have the right to conclude separate additional agreements for the non-exclusive distribution of the paper in the form in which it was published by this journal (for example, posting work in electronic repository or publishing as part of a monograph), provided that the link to the first publication in this journal is maintained.
The journal policy allows and encourages authors to post on the Internet (for example, in repositories of institutions or on personal websites) the manuscript of work, both before the submission of this manuscript to the editorial staff, and during its editorial work, as it contributes to the emergence of productive scientific discussion and positively affects the efficiency and dynamics of published work citation (see The Effect of Open Access).
