A geometric approach to the acceptable risk probabilities estimation of information security
DOI:
https://doi.org/10.18372/2410-7840.18.10850Keywords:
geometric probability, geometric approach, information security risk, acceptable risk, probability estimation, risk-appetite, risk owner, information security risk management systemAbstract
Construction and usage of the information security management system based on a risk-oriented approach is considered. At the same time nonconstructivity of project requirements for the construction of such sys-tems by «ensuring the level of risk no higher than acceptable» is defined. In order to overcome this limit proposed to review the functioning of an information security management system as a queuing system with processing the flow of risk events with levels of risk that higher than acceptable and a defined probability of such events occurrence. The solution to this problem is realized by the use of concepts and methods of geometrical probability. With this approach the subjective indicator of risk owner risk-appetite, displayed in the form of acceptable level of risk is transformed into a formalized probabilistic criterion, on which is possible to formulate verifiable requirements for the establishment of information security management systemsReferences
Компания «Инфосистемы Джет» построила СУИБ «Эльдорадо» [Электронный ресурс]. – Режим доступа : http://www.osp.ru/osp-new/ public/resources/releases/?rid=7954. – Дата до-ступа : июнь 2016. – Название с экрана.
ISO 27001 – Information Management Security System [Electronic resource]. – Access mode : http://www.enhancequality.com/iso-standards/ iso-27001-information-security-management-sys-tem/. – Access data : June 2016. – The title of the screen.
Дмитриев А. Менеджмент информационной безопасности [Электронный ресурс] / А. Дмитриев. – Режим доступа : http://www.comizdat. com/index_.php?in=ksks_articles_id&id=568. – Дата доступа : июнь 2016. – Название с экрана.
Information technology. Security techniques. Information security management systems. Require-ments : ISO/IEC 27001:2013. – Second edition 2013-10-01. – Geneva, 2013. – P. 23.
Information technology. Security techniques. Information security risk management : ISO/IEC 27005:2011. – Second edition 2011-06-10. – Ge-neva, 2011. – P. 68.
Методичні рекомендації щодо впровадження системи управління інформаційною безпекою та методики оцінки ризиків відповідно до стандартів Національного банку України [Електронний ресурс]. – Режим доступу : http://zakon3.rada.gov.ua/laws/show/v0365500-11/page. – Дата доступу : червень 2016. – Назва з екрану.
Information technology. Security techniques. Information security incident management : ISO/IEC 27035:2011. – First edition 2011-09-01. – Geneva, 2011. – P. 78.
Кендалл М. Геометрические вероятности / М. Кендалл, П. Моран. – М. : Наука, 1972. – 192 с.
Downloads
Published
Issue
Section
License
Authors who publish with this journal agree to the following terms:- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
