RESEARCH ON ISSUES OF INFORMATION SECURITY RISKS ASSESSMENT AND MANAGEMENT IN THE SECURITY AND DEFENSE SECTOR AND FORMATION OF SECURITY LEVEL INDICATORS
DOI:
https://doi.org/10.28925/2663-4023.2024.26.636Keywords:
information securityAbstract
It is known that the management of the security and defense sector includes various resources — information, personnel (staff), planning, training, conducting combat operations (operations), logistics and operational support. A well-known factor in increasing their viability is the effective use of information systems. In connection with the emergence of new threats that are constantly changing and circulating in information systems, a problem arose regarding the assessment and management of information security risks in the security and defense sector and the issue of forming indicators of the level of information security. The article proposes: the concept of RME, the feasibility of its implementation, the definition of information security risk, the calculation of the expected value of the result of risky activities and what needs to be determined when managing information security risks, the methodology for managing information security risks, methods for assessing risks, both qualitative and quantitative, and the procedure for determining the expected amount of damage (loss) to military information, engineering measures for information protection and measures for the level of qualification and reliability of personnel and their assessment. It should be noted that the above tasks can be achieved through the application of successful and effective risk management, clarification of the management bodies of the procedure for assessing information security, responsibilities for determining and applying the process of processing information security risks. It is assumed that the proposed studies on the assessment and management of information security risks, the formation of the level of information security, will allow determining the most appropriate approach to assessing the information protection system, which can be taken into account in practical work. The implementation of the planned approach will significantly improve the process of assessing information security risks, compare different harms and probabilities, form indicators and criteria for the level of information security and, as a result, can become the basis for assessing and managing risks and forming indicators for the level of information security.
Downloads
References
Zamula, A. A., Severinov, A. V., & Kornienko, M. A. (2017). Analysis of models of information security risk assessment for building an information security system. Science and Technology of the Air Force of the Armed Forces of Ukraine, 2(15), 47–52.
Yezhova, L. F. (2010). Information Security Management. In 2 volumes. Vol. 1. Kyiv: Publishing House of DUICT.
Zamula, O. A. (2014). Analysis of international standards in the field of information security risk assessment Collected scientific works. Information processing systems, 2(92), 53–56.
Information technology — Security techniques — Information security management systems — Overview and vocabulary (ISO/IEC 27000:2009). (2009).
Information technology. Security techniques. Information security incedent management (ISO/IEC 27035). (2011).
Information technology – Security techniques. Information security risk management (ISO/ IEС 27005:2018). (2018).
Henry, K. (2017). Risk management and analysis. Information Security Management Handbook, Part 1(28), 321–329.
Alberts, C. J. (2018). Operationally Critical Threat, Asset and Vulnerability Evaluation.
Guide for Conducting Risk Assessments. National Institute of Standards and Technology) (200.332). (б. д.). Gaithersburg: National Institute of Standards and Technology.
Risk Management Framework for Information Systems and Organizations. (n. d.). NIST Special Publication 800-37, Revision 2. https://doi.org/10.6028/NIST.SP.800-37r2
Gorbenko, I., Zamula, О., & Osipenko, Y. (2022). The concept of assessing the risks of cybersecurity of the information system of the critical infrastructure object. Radiotekhnika, 2(209), 118–129. https://doi.org/10.30837/rt.2022.2.209.12
Zhuravel, M. Yu., Polozova, T. V., & Storozhenko, O. V. (2014). Formation of a system of indicators for assessing the level of information security of an enterprise. Bulletin of the Economy of Transport and Industry, 33, 171–177.
Kononova, V. O., Kharkyanen, O. V., & Hrybkov, O. V. (2014). Assessment of means of protecting information resources. Bulletin of the National University “Lviv Polytechnic”. Computer systems and networks, 806, 99–105.
Grinkov, V. O. (2019). Methods for quantitative assessment of the stability of a data storage system. Collection of scientific works of VITI, 3, 16–22.
Raimov, A. V. (2017). Economic assessment of confidential information of the organization. Finance and management, 1, 1–9.
Kutsaev, V. V., Orda M. V., Ziboreva, O. B., Golovko, O. E., & Grishenko, N. O. (2021). The value of military information. Collection of scientific papers of MITIT. INTERNATIONAL SCIENTIFIC AND TECHNICAL CONFERENCE “Systems and technologies of communication, informatization and cybersecurity: current issues and development trends”, 3, 172–176.
Published
How to Cite
Issue
Section
License
Copyright (c) 2024 Володимир Ткач , Олександр Шемендюк, Олексій Чередниченко
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
