Risks Management relating to Information Systems Security. Assessment Methods for the Risk Level in Information Security

The paper presents several methods to assess in an organization the risk level concerning information security, qualitative, quantitative and combined methods as well as an original method based on the curve of risk acceptability. This method is mathematically proven by the drawing-up of parallel hyperbolic curves that intersect certain strictly fixed points, which mark the risk levels. All presented methods take into account the utilization value of the asset and the losses that the organization could encounter due to its destruction or effect on the business. Methods can be applied successively during various development stages of the information security management system, as the system security improves, while considering the own needs of the organization at a certain moment and the risk level accepted as tolerable risk. This paper also presents the risk criteria in relation to which the risk level significance is established.