Abstract:
Due to the ever-expanding threat landscape, the problem of timely identification of information security risks, their assessment, and, as a result, management of these risks remains urgent. The main components of all quantitative risk assessments are the frequency, or probability, of the realization of a risky event, and the amount of losses from the realization of the threat. The purpose of the work is to increase the accuracy in quantifying information security risks, develop a theoretical model that takes into account all the relationships between assets in the company's information environment, and compile an effective set of risk management measures. To formalize the company's information security risk assessment model, a set of security breach conditions for the company's information environment was identified, consisting of elements characterizing the possible results of threat implementation for each asset. As a result of the development of the model, the relationship of assets and the versatility of threat scenarios are shown.
Keywords:company assets, data loss, information security, risk assessment, threats.
Fulltext:
PDF file (3110 kB)