METHODOLOGY FOR ASSESSING AND IDENTIFYING INFORMATION SECURITY RISK ON THE EXAMPLE OF DISTANCE LEARNING SERVICES
Journal Title: Проблеми системного підходу в економіці - Year 2018, Vol 5, Issue 67
Abstract
For the information age of the society, the process of implementing information technologies in all spheres of the economy is indispensable. Today the management of any organization operates with the corporate information on which the decision is made. Such information must comply with the requirements of relevance, probability, structuring, and, if necessary, confidentiality. Information technologies have become an attribute of increasing the efficiency of business processes, in particular, allowing business entities to reduce production costs, improve the accuracy of economic analysis, and correctly choose strategies and tactics in unforeseen circumstances. One of the most pressing problems that complicate the use of modern information technologies is the provision of information security. Building an effective system of information security depends primarily on the characteristics of risks, the probability of their occurrence and consequences. The article discusses the method and process of identifying and assessing (quantitative and qualitative) information security risk. The following stages in the information security management system were analyzed: identification of major and auxiliary assets, information security threats and their sources, existing funds, and risk control and management measures; identifying information security vulnerabilities and determining the consequences. As an organization, on the example of which the risk assessment methodology is applied, a company of distance learning services has been selected. Formed a summary table of information security incident scenarios with their consequences related to assets and business processes. The IS incident may affect more than one asset or only a part of an asset. The impact is related to the degree of success of the incident. As a result, there is an important difference between the value of the asset and the impact that results from the incident. The impact is considered as an immediate (operational) effect or a future (business) effect that includes financial and market consequences. The first assessment (without measures and means of control and management of any kind) will consider the impact as very close to the value of the associated asset or a combination of assets. For each subsequent iteration for this asset, the impact will vary due to the availability and effectiveness of implemented measures and means of control and management. In the following, the methodology should be detailed according to the types of threats and relevant vulnerabilities. For more convenient use, it is necessary to turn to mathematical modelling and to create a user interface for a more convenient input of data.
Authors and Affiliations
A. S. Azeev
Keywords
Related Articles
- EP ID EP562335
- DOI 10.32782/2520-2200/2018-5-35
- Views 101
- Downloads 0
EFFECT OF LOANS OF INTERNATIONAL FINANCIAL ORGANIZATIONS ON THE FINANCIAL POLICY OF UKRAINE
The article studies the crediting activities of international financial institutions (IFI) in Ukraine, examines the conditions and peculiarities of allowance of IFIs’ credit facilities to economic entities operating in t...
ANALYTICAL ASSESSMENT OF THE INNOVATIVE ENVIRONMENT OF UKRAINE AND ITS INFLUENCE ON THE DEVELOPMENT OF WINE PRODUCERS
The article considers the main trends of development and features of management of innovative processes in the modern conditions of the innovative environment of Ukraine. The innovative environment is created in a certai...
NON-STANDARD FORMS OF EMPLOYMENT OF PERSONNEL OF THE SUBJECTS ENTREPRENEURSHIP AND PROSPECTS FOR THEIR DEVELOPMENT IN UKRAINE
The article considers the teoretical and practical aspects of application of non-standard forms of employment. Non-standard forms of employment are a reciprocal term for various employment patterns that deviate from stan...
IMPROVING THE SYSTEM OF FORECASTING PRICES IN THE EXPORT MARKET FOR AGRICULTURAL PRODUCTS OF UKRAINE
Development of the system of price forecasting in the agricultural stock exchange market of Ukraine is analysed. Approaches to the development of information provision of agricultural commodities market are investigated....
SOME ASPECTS DEPRECIATION POLICY OF ENTERPRISES
The article deals with economic content and objectives of depreciation policy in enterprises. The peculiarities of doing depreciation policy papers, scientists. The role of accelerated depreciation to stimulate the devel...