FORMALIZED DESCRIPTION OF THE PROCEDURE OF INFORMATION SYSTEM RISK MANAGEMENT-Reference-Cited by-同舟云学术

FORMALIZED DESCRIPTION OF THE PROCEDURE OF INFORMATION SYSTEM RISK MANAGEMENT

Published:2018-04-25 Issue: Volume: Page:61-70
ISSN:2072-9502
Container-title:Vestnik of Astrakhan State Technical University. Series: Management, computer science and informatics
language:en
Short-container-title:

Author:

Kozunova Svetlana Sergeevna¹,Kravets Alla Grigorievna¹

Affiliation:

1. Volgograd State Technical University

Abstract

The article highlights the aspects of risk management in the information system. According to the analysis of the work of Russian and foreign scientists and world practices in the field of risk management, it is stated that there is a need to improve the effectiveness of risk management of information system and to develop a method for managing the risks of the information system. As a solution to the problem of effective risk management of the information system, there has been proposed a formalized procedure for managing the risks of the information system. The scientific novelty of this solution is the use of decision space and optimization space to reduce risks. This procedure allows to assess the damage, risk and effectiveness of risk management of the information system. The risks of the information system are determined and analyzed; a pyramidal risk diagram is developed. This diagram allows you to describe the relationship of risks with the components of the information system. The negative consequences to which these risks can lead are given. The analysis of methods and approaches to risk management has been carried out. Based on the results of the analysis, the methods GRAMM, CORAS, GOST R ISO / IEC scored to the maximum. The weak points of these methods and the difficulty of applying these methods in practice are described. The developed formalized risk management procedure to control the risks of information system can be used as management system’s element of the information security quality that complies with the recommendations of GOST R ISO / IEC 27003-2012. The prospect of further development of the research results is the development of management systems of risk of information system.

Publisher

Astrakhan State Technical University

Reference34 articles.

1. Миков Д. А. Анализ методов и средств, используемых на различных этапах оценки рисков информационной безопасности // Вопр. кибербезопасности. 2014. № 4 (7). С. 49-54., Mikov D. A. Analiz metodov i sredstv, ispol'zuemyh na razlichnyh etapah ocenki riskov informacionnoy bezopasnosti // Vopr. kiberbezopasnosti. 2014. № 4 (7). S. 49-54.

2. Выборнова О. Н., Ажмухамедов И. М. Синтез управленческих решений по снижению рисков в нечетких условиях при ограниченных ресурсах // Фундаментальные исследования. 2016. № 5. Ч. 1. С. 18-22., Vybornova O. N., Azhmuhamedov I. M. Sintez upravlencheskih resheniy po snizheniyu riskov v nechetkih usloviyah pri ogranichennyh resursah // Fundamental'nye issledovaniya. 2016. № 5. Ch. 1. S. 18-22.

3. Попов Г. А., Попов А. Г. Результирующая оценка при наличии нескольких вариантов оценивания на примере задач информационной безопасности // Вестн. Астрахан. гос. техн. ун-та. Сер.: Управление, вычислительная техника и информатика. 2017. № 1. С. 48-61., Popov G. A., Popov A. G. Rezul'tiruyuschaya ocenka pri nalichii neskol'kih variantov ocenivaniya na primere zadach informacionnoy bezopasnosti // Vestn. Astrahan. gos. tehn. un-ta. Ser.: Upravlenie, vychislitel'naya tehnika i informatika. 2017. № 1. S. 48-61.

4. Kravets А. The Risk Management Model of Design Department's PDM Information System // Creativity in Intelligent Technologies and Data Science. Second Conference, CIT&DS 2017 (Volgograd, Russia, September 12-14, 2017): Proceedings (Ser. Communications in Computer and Information Science. Vol. 754) / ed. by A. Kravets, M. Shcherbakov, M. Kultsova, Peter Groumpos. Volgograd State Technical University [et al.]

5. [Germany]: Springer International Publishing AG, 2017. P. 490-500., Kravets A. The Risk Management Model of Design Department's PDM Information System // Creativity in Intelligent Technologies and Data Science. Second Conference, CIT&DS 2017 (Volgograd, Russia, September 12-14, 2017): Proceedings (Ser. Communications in Computer and Information Science. Vol. 754) / ed. by A. Kravets, M. Shcherbakov, M. Kultsova, Peter Groumpos. Volgograd State Technical University [et al.]