Methods and means of analysis of risks of the information security of the enterprise

• Main Authors: Damir Faritovich Fayzulayev, Boris Borisovich Morozov
• Format: Article
• Language: English
• Published: Moscow Engineering Physics Institute 2017-07-01
• Series: Bezopasnostʹ Informacionnyh Tehnologij
• Subjects: CORAS; CRAMM; Microsoft Security Assessment Tool (MSAT); OCTAVE; RiskWatch; GRIF; information security analysis; analysis and assessment of IS risks; information security; methods and means of IS risk assessment
• Online Access: https://bit.mephi.ru/index.php/bit/article/view/267

Methods and means of assessing information security risks are considered. The main problems that arise in the process of performing the analysis of the security of an enterprise in the field of information security are shown. A brief review of the existing instrumental solutions to the problems of assessing the risks of information security organizations engaged in various fields of activity is given. The main advantages and disadvantages of methods for risk assessment and software based on these techniques are analyzed. The results of the review are presented, conclusions are made regarding the shortcomings of methods and tools, and the question of the optimal correlation of such concepts as the breadth of applicability of methods and software tools and reliability, accuracy and adequacy of information security risk assessment are considered. We propose new additional stages of risk analysis that allow improving existing methods and eliminating the shortcomings identified during the review.