ANALYSIS OF RISK ASSESSMENT METHODS
Keywords:
Information, risk, low, high, assessment method, medium, PHA, SWIFT, RCA, RHA.Abstract
Information risks are related to the creation, processing, transmission, storage and use of information using electronic carriers and other means of communication. Prevention of information risks allows to ensure data integrity, confidentiality.
Risk analysis consists of identifying existing risks and assessing their size (quality or quantity). The risk analysis process can be divided into several sequential steps:
- Identify the main IT resources;
- Determining the importance of certain resources for the organization;
- Identify existing security threats and vulnerabilities that allow threats to be implemented;
- Identification of risks associated with the implementation of a security threat.
References
P. Shamala, R. Ahmad, A. Zolait and M. Sedek, "Integrating information quality dimensions into information security risk management (ISRM)", Journal of Information Security and Applications, vol. 36, pp. 1-10, 2017. Available: 10.1016/j.jisa.2017.07.004.
A. Gupta, "Strategic Dimensions of Information Security Risk Management", Journal of Business Management and Information Systems, vol. 6, no. 2, pp. 1-9, 2019. Available: 10.48001/jbmis.2019.0602001.
Yevseiev, Serhii & Shmatko, Oleksandr & Romashchenko, Nataliia. (2019). Algorithm of information security risk assessment based on fuzzy-multiple approach. Advanced Information Systems. 3. 73-79. 10.20998/2522-9052.2019.2.13.
Wang Meng*, Zhou Shiyuan and Dong Zhankui. A Support Subset Algorithm and Its Application to Information Security Risk Assessment. Recent Patents on Engineering. Volume 11, Issue 3, 2017. Page: [188 - 193]. DOI: 10.2174/1872212111666170221164622.
Abhishek Sharma, Umesh Kumar Singh. Modelling of Smart Risk Assessment Approach for Cloud Computing Environment using AI & supervised machine-learning algorithms. Global Transitions Proceedings. 2022. ISSN 2666-285X, https://doi.org/10.1016/j.gltp.2022.03.030.
Olusola Akinrolabu, Jason R.C. Nurse, Andrew Martin, Steve New. Cyber risk assessment in cloud provider environments: Current models and future needs. Computers & Security. Volume 87. 2019. 101600. ISSN 0167-4048. https://doi.org/10.1016/j.cose.2019.101600.
Q. Hong et al., "An information security risk assessment algorithm based on risk propagation in energy internet," 2017 IEEE Conference on Energy Internet and Energy System Integration (EI2), 2017, pp. 1-6, doi: 10.1109/EI2.2017.8245703.
Shameli-Sendi, A., Aghababaei-Barzegar, R. & Cheriet, M., Taxonomy of information security risk assessment (isra). Computers & Security, 57, pp. 14–30, 2016.http://dx.doi.org/10.1016/j.cose.2015.11.001.
"Information Security Risk Assessment- 7-Step Guide - CISO Portal", CISO Portal, 2022. [Online]. Available: https://www.ciso-portal.com/information-security-risk-assessment-7-step-guide/. [Accessed: 07- Jun- 2022].
"Performing an Information Security and Privacy Risk Assessment| Industry News | ISACA", ISACA, 2022. [Online]. Available: https://www.isaca.org/resources/news-and-trends/industry-news/2022/performing-an-information-security-and-privacy-risk-assessment. [Accessed: 07- Jun- 2022].
