Information security risk assessment based on spectral approach

Authors

  • Yevhen Maksymenko State institution «Institute of special communications and information security National technical university of Ukraine «Kyiv polytechnic institute», Kyiv,, Ukraine
  • Vasyl Tsurkan State institution «Institute of special communications and information security National technical university of Ukraine «Kyiv polytechnic institute», Kyiv,, Ukraine
  • Yaroslav Dorohyi State institution «Institute of special communications and information security National technical university of Ukraine «Kyiv polytechnic institute», Kyiv,, Ukraine
  • Olha Kruk Pukhov institute for modeling in energy engineering of National academy of sciences of Ukraine, Kyiv,, Ukraine

DOI:

https://doi.org/10.20535/2411-1031.2015.3.2.60897

Abstract

Using information safety managing systems on the results of the risk assessment is considering. Threats and damages statistics is collecting as a result of their implementation through the planned intervals. As a result, preconditions for using the statistical approach are created. However, the approach to risk assessment is limited by high requirements to the amount of statistics, overstated risk assessment, complexity of loss amount variation consideration, lack of a single standard when comparing risks. The risk assessment spectral approach for information safety managing systems is recommended to overcome the aforementioned limitations. Conditions of using the approach are analyzed, including: accumulating of statistics about the risks and losses due to their implementation, taking into account the risk dynamics, setting of standard for risks comparison.

Keywords: information security, risk, signal information security risk, risk assessment, spectral approach, information security management system.

Author Biographies

Yevhen Maksymenko, State institution «Institute of special communications and information security National technical university of Ukraine «Kyiv polytechnic institute», Kyiv,

deputy head of academic department

Vasyl Tsurkan, State institution «Institute of special communications and information security National technical university of Ukraine «Kyiv polytechnic institute», Kyiv,

candidate of technical sciences,
leading researcher

Yaroslav Dorohyi, State institution «Institute of special communications and information security National technical university of Ukraine «Kyiv polytechnic institute», Kyiv,

candidate of technical sciences,
associate professor of academic department

Olha Kruk, Pukhov institute for modeling in energy engineering of National academy of sciences of Ukraine, Kyiv,

junior researcher

References

International Organization for Standardization (2013), ISO/IEC 27001:2013, Information technology. Security techniques. Information security management systems. Requirements, Geneva, 23 p.

International Organization for Standardization (2011), ISO/IEC 27035:2011, Information technology. Security techniques. Information security incident management, Geneva, 78 p.

International Organization for Standardization (2011), BS ISO/IEC 27005:2011, Information technology. Security techniques. Information security risk management, Geneva, 68 p.

Buianov, V. P., Kirsanov, K. A., Mikhailov, L. M. (2003), Riskologiia (upravlenie riskami) [Riskology (risk management)], Ekzamen Publ., Мoskow, 384 p.

Vishniakov, Y. D., Radaev, N. N. (2007), Obshchaia teoriia riskov [General risk theory], Akademiia Publ., Moskow, 368 p.

International Organization for Standardization (2009), IEC 31010:2009, Risk management. Risk assessment techniques, Geneva, 176 p.

Akimov, V. A., Lesnykh, V. V., Radaev, N. N. (2004), Riski v prirode tekhnosfere obshchestve i ekonomike [Risks in nature, technosphere, society and economics], Delovoi ekspress Publ., Moskow, 352 p.

Vitlinskyi, V. V., Velykoivanenko, H. I. (2004), Ryzykolohiia v ekonomitsi ta pidpryiemnytstvi [Riskology in economics and business], KNEU Publ., Kyiv, 480 p.

Kachynskyi, A. B. (2003), Bezpeka, zahrozy i ryzyk : naukovi kontseptsii ta matematychni modeli [Security, threats and risk : scientific concepts and mathematical models], Кyiv, 472 p.

Lysychenko, H. V., Zabulonov, Y. L., Khmil, H. A. (2008), Pryrodnyi, tekhnohennyi ta ekolohichnyi ryzyky : analiz, otsinka, upravlinnia [Natural, technological and environmental risk : analysis, assessment, management], Naukova dumka Publ., Kyiv, 544 p.

Stupakov, V. S., Tokarenko, G. S. (2006), Risk-menedzhment [Risk management], Finansy i statistika Publ., Moskow, 288 p.

Matveev, B. A. (2007), Spektralnyi metod otcenki i prognozirovaniia statisticheskikh riskov [Spectral method of statistical estimation and forecasting of risks], YUrGU Publ., Chelyabinsk, 85 p.

Matveev, B. A. (2007), Teoreticheskie osnovy issledovaniia statisticheskikh riskov [Theoretical foundations of statistical studies of risks], YUrGU Publ., Chelyabinsk, 248 p.

Matveev, B. A., Sosnenko, L. S. (2009), Signal riska i ego kharakteristiki [Risk signal and its characteristics], Upravlenie riskom, No. 1 (49), pp. 2-8.

Matveev, B. A. (2010), Spektralnyi pokazatel ekonomicheskogo riska [The spectral index of economic risk], available at : http://dspace.susu.ac.ru/handle/0001.74/1419 (accessed 12 September 2015).

Matveev, B. A. (2011), Prognozirovanie ekonomicheskogo rezultata i sviazannogo s nim riska [Predicting of the economic result and the related risk], Vestnik Yuzhno-Uralskogo gosudarstvennogo universiteta, No. 21 (238), pp. 54-58.

Matveev, B. A. (2012), Spektralnyi podkhod k analizu i izmereniiu riska [Spectral approach to the analysis and risk measurement], Problemy analiza riska, Vol. 9, No. 2, pp. 68-75.

Sosnenko, L. S., Matveev, B. A. (2013), Spektralnyi pokazatel kachestva ekonomicheskoi modeli [Spectral Quality of the economic model], Vestnik Cheliabinskogo gosudarstvennogo universiteta, No. 32 (323), Ekonomika, Iss. 42, pp. 5-9.

Matveev, B. A. (2014), Spektralnaia teoriia riskov [Spectral Risk Theory], Vestnik Yuzhno-Uralskogo gosudarstvennogo universiteta, Vol. 8, No. 2, pp. 20-24.

Matveev, B. A. (2015), Osnovy spektralnoi teorii riskov [Fundamentals of the spectral risks theory], Upravlenie riskom, No. 2, pp. 3-6.

Mokhor, V. V., Maksymenko, Y. V., Zinchenko, Y. V., Tsurkan, V. V. (2015), Otsiniuvannia ryzyku bezpeky informatsii na osnovi spektralnoho pidkhodu [Information security risk assessment based on spectral approach], XVII mizhnarodna naukovo-praktychna konferentsiia «Bezpeka informatsii v informatsiino-telekomunikatsiinykh systemakh», Kyiv, pp. 70.

Mokhor, V. V., Maksymenko, Y. V., Zinchenko, Y. V., Tsurkan, V. V. (2015), Umovy vykorystannia spektralnoho pidkhodu dlia otsiniuvannia ryzyku bezpeky informatsii [Terms of spectral approach to information security risk assessment], 7 vseukrainska naukovo-praktychna konferentsiia «Stan ta udoskonalennia bezpeky informatsiino-telekomunikatsiinykh system», Mykolaiv-Koblevo, pp. 72.

Downloads

Published

2015-12-31

How to Cite

Maksymenko, Y., Tsurkan, V., Dorohyi, Y., & Kruk, O. (2015). Information security risk assessment based on spectral approach. Collection "Information Technology and Security", 3(2), 138–146. https://doi.org/10.20535/2411-1031.2015.3.2.60897

Issue

Vol. 3 No. 2 (2015)

Section

INFORMATION SECURITY RISK MANAGEMENT

License

Copyright (c) 2020 Collection "Information technology and security"

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

The authors that are published in this collection, agree to the following terms:

  1. The authors reserve the right to authorship of their work and pass the collection right of first publication this work is licensed under the Creative Commons Attribution License, which allows others to freely distribute the published work with the obligatory reference to the authors of the original work and the first publication of the work in this collection.
     
  2. The authors have the right to conclude an agreement on exclusive distribution of the work in the form in which it was published this anthology (for example, to place the work in a digital repository institution or to publish in the structure of the monograph), provided that references to the first publication of the work in this collection.
     
  3. Policy of the journal allows and encourages the placement of authors on the Internet (for example, in storage facilities or on personal web sites) the manuscript of the work, prior to the submission of the manuscript to the editor, and during its editorial processing, as it contributes to productive scientific discussion and positive effect on the efficiency and dynamics of citations of published work (see The Effect of Open Access).