Interpretation of the simple risk level dependence of its implementation in the terms of analytic geometry
DOI:
https://doi.org/10.20535/2411-1031.2017.5.1.120574Keywords:
Simple risk, probability, damage, risk analysis, analytical geometry.Abstract
It is considered the dependence of the level of simple risk on the likelihood of its implementation. Analytical geometry is used to interpret this dependence. It is shown the nonlinear character of its dependence, which leads to the complexity of its analysis in practice. Therefore, a special case of solving the problem of risk level analysis in a linear form is analyzed on the example of a two-component risk model presented on a plane. It is noted that the dependence of the level of risk on the magnitude of possible damage is analogous to the dependence of the level of risk on the magnitude of the probability of its realization and can be expressed by the direct equation. Defining the analogy between the equation of a straight line and the representation of the risk-probability relation for its realization, it is verified the correspondence of this assertion to other methods of specifying a line in the plane. It is considered known variants of specifying a straight line in a segment, with angular coefficients to solve that. The same applies to the methods of specifying the equation of a straight line with respect to a point and a guiding vector and the normal equation of a straight line in which straight lines not leaving the origin of coordinates are considered. Thus, a quasi-analogy is shown between the representation of the dependence of the risk value on the probability of its realization and the equation of the straight line on the plane that leaves the origin and is located in the first quadrant. This allows to investigate risks using known methods of analytical geometry. At the same time, while representing the risk as a sum of two or more components, encountered the need to increase the dimensionality of the coordinate system to n, which leads to the need for further studies in n-dimensional space.
References
“Jet Infosystems” company has built ISMS “Eldorado” [Online]. Available: http://www.osp.ru/osp-new/public/resources/releases/?rid=7954. Accessed on: Febr. 6, 2017.
“ISO 27001 – Information Management Security System”. [Online]. Available: http://www.enhancequality.com/iso-standards/iso-27001-information-security-management-system/. Accessed on: Febr. 6, 2017.
A. Dmitriev, “Information security management”. [Online]. Available: http://www.comizdat.com/ index_.php?in=ksks_articles_id&id=568. Accessed on: Febr. 6, 2017.
International Organization for Standardization. (2013, Oct. 01). ISO/IEC 27001. Information technology. Security techniques. Information security management systems. Requirements. [Online]. Available: https://www.iso.org/standard/54534.html. Accessed on: Febr. 6, 2017.
International Organization for Standardization. (2013, Oct. 01). ISO/IEC 27002. Information technology. Security techniques. Code of practice for information security controls. [Online]. Available: https://www.iso.org/standard/54533.html. Accessed on: Febr. 6, 2017.
International Organization for Standardization. (2011, June 10). ISO/IEC 27005. Information technology. Security techniques. Information security risk management. [Online]. Available: https://www.iso.org/standard/56742.html. Accessed on: Febr. 6, 2017.
V. Mokhor, O. Bakalynskyi, and V. Tsurkan, “A geometric approach to the acceptable risk probabilities estimation of information security”, Ukrainian Information Security Research Journal, vol. 18, no. 3, pp. 210-217, 2016.
doi: 10.18372/2410-7840.18.10850.
“Guidelines for the implementation of information security management systems and risk assessment methodology in accordance with the standards of the National Bank of Ukraine”. [Online]. Available: http://zakon3.rada.gov.ua/laws/show/ v0365500-11/page. Accessed on: Febr. 6, 2017.
International Organization for Standardization. (2016, Nov. 01). ISO/IEC 27035-1. Information technology. Security techniques. Information security incident management. Part 1: Principles of incident management. [Online]. Available: https://www.iso.org/standard/60803.html. Accessed on: Febr. 6, 2017.
International Organization for Standardization. (2016, Nov. 01). ISO/IEC 27035-2. Information technology. Security techniques. Information security incident management. Part 2: Guidelines to plan and prepare for incident response. [Online]. Available: https://www.iso.org/ standard/62071.html. Accessed on: Febr. 6, 2017.
M. Kendall, and P. Moran, Geometrical probabilities. Moscow, Russia: Publishing “Nauka”, 1972.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2020 Collection "Information technology and security"
This work is licensed under a Creative Commons Attribution 4.0 International License.
The authors that are published in this collection, agree to the following terms:
- The authors reserve the right to authorship of their work and pass the collection right of first publication this work is licensed under the Creative Commons Attribution License, which allows others to freely distribute the published work with the obligatory reference to the authors of the original work and the first publication of the work in this collection.
- The authors have the right to conclude an agreement on exclusive distribution of the work in the form in which it was published this anthology (for example, to place the work in a digital repository institution or to publish in the structure of the monograph), provided that references to the first publication of the work in this collection.
- Policy of the journal allows and encourages the placement of authors on the Internet (for example, in storage facilities or on personal web sites) the manuscript of the work, prior to the submission of the manuscript to the editor, and during its editorial processing, as it contributes to productive scientific discussion and positive effect on the efficiency and dynamics of citations of published work (see The Effect of Open Access).
