Information security risk assessment based on spectral approach

Yevhen Maksymenko, Vasyl Tsurkan, Yaroslav Dorohyi, Olha Kruk

Abstract


Using information safety managing systems on the results of the risk assessment is considering. Threats and damages statistics is collecting as a result of their implementation through the planned intervals. As a result, preconditions for using the statistical approach are created. However, the approach to risk assessment is limited by high requirements to the amount of statistics, overstated risk assessment, complexity of loss amount variation consideration, lack of a single standard when comparing risks. The risk assessment spectral approach for information safety managing systems is recommended to overcome the aforementioned limitations. Conditions of using the approach are analyzed, including: accumulating of statistics about the risks and losses due to their implementation, taking into account the risk dynamics, setting of standard for risks comparison.

Keywords: information security, risk, signal information security risk, risk assessment, spectral approach, information security management system.


References


International Organization for Standardization (2013), ISO/IEC 27001:2013, Information technology. Security techniques. Information security management systems. Requirements, Geneva, 23 p.

International Organization for Standardization (2011), ISO/IEC 27035:2011, Information technology. Security techniques. Information security incident management, Geneva, 78 p.

International Organization for Standardization (2011), BS ISO/IEC 27005:2011, Information technology. Security techniques. Information security risk management, Geneva, 68 p.

Buianov, V. P., Kirsanov, K. A., Mikhailov, L. M. (2003), Riskologiia (upravlenie riskami) [Riskology (risk management)], Ekzamen Publ., Мoskow, 384 p.

Vishniakov, Y. D., Radaev, N. N. (2007), Obshchaia teoriia riskov [General risk theory], Akademiia Publ., Moskow, 368 p.

International Organization for Standardization (2009), IEC 31010:2009, Risk management. Risk assessment techniques, Geneva, 176 p.

Akimov, V. A., Lesnykh, V. V., Radaev, N. N. (2004), Riski v prirode tekhnosfere obshchestve i ekonomike [Risks in nature, technosphere, society and economics], Delovoi ekspress Publ., Moskow, 352 p.

Vitlinskyi, V. V., Velykoivanenko, H. I. (2004), Ryzykolohiia v ekonomitsi ta pidpryiemnytstvi [Riskology in economics and business], KNEU Publ., Kyiv, 480 p.

Kachynskyi, A. B. (2003), Bezpeka, zahrozy i ryzyk : naukovi kontseptsii ta matematychni modeli [Security, threats and risk : scientific concepts and mathematical models], Кyiv, 472 p.

Lysychenko, H. V., Zabulonov, Y. L., Khmil, H. A. (2008), Pryrodnyi, tekhnohennyi ta ekolohichnyi ryzyky : analiz, otsinka, upravlinnia [Natural, technological and environmental risk : analysis, assessment, management], Naukova dumka Publ., Kyiv, 544 p.

Stupakov, V. S., Tokarenko, G. S. (2006), Risk-menedzhment [Risk management], Finansy i statistika Publ., Moskow, 288 p.

Matveev, B. A. (2007), Spektralnyi metod otcenki i prognozirovaniia statisticheskikh riskov [Spectral method of statistical estimation and forecasting of risks], YUrGU Publ., Chelyabinsk, 85 p.

Matveev, B. A. (2007), Teoreticheskie osnovy issledovaniia statisticheskikh riskov [Theoretical foundations of statistical studies of risks], YUrGU Publ., Chelyabinsk, 248 p.

Matveev, B. A., Sosnenko, L. S. (2009), Signal riska i ego kharakteristiki [Risk signal and its characteristics], Upravlenie riskom, No. 1 (49), pp. 2-8.

Matveev, B. A. (2010), Spektralnyi pokazatel ekonomicheskogo riska [The spectral index of economic risk], available at : http://dspace.susu.ac.ru/handle/0001.74/1419 (accessed 12 September 2015).

Matveev, B. A. (2011), Prognozirovanie ekonomicheskogo rezultata i sviazannogo s nim riska [Predicting of the economic result and the related risk], Vestnik Yuzhno-Uralskogo gosudarstvennogo universiteta, No. 21 (238), pp. 54-58.

Matveev, B. A. (2012), Spektralnyi podkhod k analizu i izmereniiu riska [Spectral approach to the analysis and risk measurement], Problemy analiza riska, Vol. 9, No. 2, pp. 68-75.

Sosnenko, L. S., Matveev, B. A. (2013), Spektralnyi pokazatel kachestva ekonomicheskoi modeli [Spectral Quality of the economic model], Vestnik Cheliabinskogo gosudarstvennogo universiteta, No. 32 (323), Ekonomika, Iss. 42, pp. 5-9.

Matveev, B. A. (2014), Spektralnaia teoriia riskov [Spectral Risk Theory], Vestnik Yuzhno-Uralskogo gosudarstvennogo universiteta, Vol. 8, No. 2, pp. 20-24.

Matveev, B. A. (2015), Osnovy spektralnoi teorii riskov [Fundamentals of the spectral risks theory], Upravlenie riskom, No. 2, pp. 3-6.

Mokhor, V. V., Maksymenko, Y. V., Zinchenko, Y. V., Tsurkan, V. V. (2015), Otsiniuvannia ryzyku bezpeky informatsii na osnovi spektralnoho pidkhodu [Information security risk assessment based on spectral approach], XVII mizhnarodna naukovo-praktychna konferentsiia «Bezpeka informatsii v informatsiino-telekomunikatsiinykh systemakh», Kyiv, pp. 70.

Mokhor, V. V., Maksymenko, Y. V., Zinchenko, Y. V., Tsurkan, V. V. (2015), Umovy vykorystannia spektralnoho pidkhodu dlia otsiniuvannia ryzyku bezpeky informatsii [Terms of spectral approach to information security risk assessment], 7 vseukrainska naukovo-praktychna konferentsiia «Stan ta udoskonalennia bezpeky informatsiino-telekomunikatsiinykh system», Mykolaiv-Koblevo, pp. 72.




ISSN 2411-1031 (Print), ISSN 2518-1033 (Online)