ANALYSIS OF METHODOLOGIES FOR ASSESSING INFORMATION SECURITY RISKS

Authors

  • А.А. Abdulaev Kyrgyz State University of Construction, Transport and Architecture named after N. Isanov Author
  • kyzy A. Medetbek Kyrgyz State University of Construction, Transport and Architecture named after N. Isanov Author
  • kyzy G. Murzabek Kyrgyz State University of Construction, Transport and Architecture named after N. Isanov Author

Keywords:

information security, information security risk, risk analysis, risk assessment methodology, quantitative assessment, qualitative assessment

Abstract

The article describes and analyzes the main methods of information security risk assessment. It was noted that it is most effective to use a mixed approach that combines both qualitative and quantitative risk assessment. Several existing software products for information security risk assessment methodology have been analyzed.

References

1. Петренко С.А. Управление информационными рисками. Экономически оправданная безопасность // Петренко С.А., Симонов С.В. – М.: Компания АйТи; ДМК Пресс, 2004. – 384 с.

2. Баранова Е.К. Методики и программное обеспечение для оценки рисков в сфере информационной безопасности // Управление риском. 2009. № 1(49). С. 15–26.

3. Международный стандарт ISO/IEC 27005:2008. Информационная технология – Методы защиты – Менеджмент рисков информационной безопасности BS ISO/IEC 27005:2008.

4. Левченко В.Н. Этапы анализа рисков. URL: http://www.cfin.ru/finanalysis/risk/ stages.shtml

Downloads

Published

2026-03-03

Issue

Vol. 45 No. 3 (2021): СОВРЕМЕННЫЕ ПРОБЛЕМЫ МЕХАНИКИ

Section

Статьи

Categories