Risks Management relating to Information Systems Security. Assessment Methods for the Risk Level in Information Security

被引：0

作者：

Baicu, Floarea ^{[1
]}

Baicu, Andrei Mihai ^{[2
]}

机构：

[1] Hyper Univ Bucharest, Bucharest, Romania

[2] VIO TOP, Bucharest, Romania

来源：

QUALITY-ACCESS TO SUCCESS | 2012年 / 13卷 / 129期

关键词：

risk levels; acceptable risk level; tolerable risk; risk criteria; risk acceptability curve;

D O I：

暂无

中图分类号：

C93 [管理学];

学科分类号：

12 ; 1201 ; 1202 ; 120202 ;

摘要：

The paper presents several methods to assess in an organization the risk level concerning information security, qualitative, quantitative and combined methods as well as an original method based on the curve of risk acceptability. This method is mathematically proven by the drawing-up of parallel hyperbolic curves that intersect certain strictly fixed points, which mark the risk levels. All presented methods take into account the utilization value of the asset and the losses that the organization could encounter due to its destruction or effect on the business. Methods can be applied successively during various development stages of the information security management system, as the system security improves, while considering the own needs of the organization at a certain moment and the risk level accepted as tolerable risk. This paper also presents the risk criteria in relation to which the risk level significance is established.

引用

页码：112 / 115

页数：4

共 50 条

[1] Risks Management relating to Information Systems Security. Vulnerabilities and Threats in Information Systems
Baicu, Floarea
Baicu, Andrei Mihai
QUALITY-ACCESS TO SUCCESS, 2012, 13 (128): : 112 - 116
[2] Risks Management relating to Information Systems Security Treatment of IT Equipment Security Risks
Baicu, Floarea
Baicu, Andrei Mihai
QUALITY-ACCESS TO SUCCESS, 2012, 13 (131): : 108 - 112
[3] Risks Management relating to Information Systems Security Evaluation off IT Assets
Baicu, Floarea
Baicu, Andrei Mihai
QUALITY-ACCESS TO SUCCESS, 2012, 13 (127): : 108 - 112
[4] METHODS OF ESTIMATION OF RISKS FOR CONTROL SYSTEMS OF INFORMATION SECURITY
Akhmetov, B. S.
Korchenko, A. G.
Kazmirchuk, S. V.
Zhekambayeva, M. N.
BULLETIN OF THE NATIONAL ACADEMY OF SCIENCES OF THE REPUBLIC OF KAZAKHSTAN, 2015, (06): : 23 - 38
[5] Theory and methods of information security risk assessment
Min, Jinghua
Zhang, Jianjun
Qinghua Daxue Xuebao/Journal of Tsinghua University, 2010, 50 (SUPPL. 1): : 1554 - 1559
[6] EXPERT ANALYTICAL ASSESSMENT OF INFORMATION RISKS AND THE LEVEL OF EFFECTIVENESS OF THE INFORMATION SECURITY SYSTEM
Arkhipov, A. E.
RADIO ELECTRONICS COMPUTER SCIENCE CONTROL, 2009, 2 : 111 - 115
[7] Including technical and security risks in the management of information systems: A programmatic risk management model
Dillon, Robin L.
Paté-Cornell, M. Elisabeth
Systems Engineering, 2005, 8 (01) : 15 - 28
[8] Information security risk assessment model for risk management
Wawrzyniak, Dariusz
TRUST, PRIVACY, AND SECURITY IN DIGITAL BUSINESS, PROCEEDINGS, 2006, 4083 : 21 - 30
[9] Enterprise Risk Management and Information Systems Security Risk
Olson, David L.
Wu, Desheng
PROCEEDINGS OF THE 3RD INTERNATIONAL CONFERENCE ON RISK MANAGEMENT & GLOBAL E-BUSINESS, VOLS I AND II, 2009, : 1 - 5
[10] Expert and fuzzy systems application for information security risks assessment of information and telecommunication systems
Kushch, S. M.
Shutovskyi, V. O.
VISNYK NTUU KPI SERIIA-RADIOTEKHNIKA RADIOAPARATOBUDUVANNIA, 2012, (50): : 114 - 120

← 1 2 3 4 5 →