Abstract:
When assessing information security risks, it is essential to take into account the various types of uncertainties that are inherent in information systems. Current methods and algorithms for risk assessment may not account for all of these uncertainties, which can lead to inaccurate risk estimates. Therefore, it becomes necessary to develop a new or adapt an existing method for risk assessment that considers all types of uncertainty specific to the class of system under consideration. In this paper, we build on our previous idea of using an integrated assessment method to evaluate information risks. This method aggregates assessments of information systems based on standard information security criteria such as confidentiality, integrity, and availability. By incorporating these criteria, we aim to obtain more accurate and reliable risk estimates that take into account all relevant uncertainties. In the first part of the work, we demonstrated that this method, with appropriate modifications, allows for taking into account all necessary types of uncertainty. We propose an algorithm for identifying the structure of an integrated assessment tree based on the principle of combining related criteria. We demonstrate the efficiency of the algorithm by building risk assessment trees for confidentiality, integrity, and accessibility in SMART systems based on the Internet of Things using this approach.
Keywords:complex information systems, integral risk, complex assessment, accounting for uncertainty
UDC:
004.056.5 BBK:
16.8.
Received: April 18, 2024 Published: September 30, 2024
Fulltext:
PDF file (935 kB)