Research on Information Security Risk Assessment Techniques

Abstract

The emergence of new technologies not only generates new methods of attacks, but also expands the existing list of threats, and, as you know, each threat can be carried out by a large number of different attacks. To date, there are methods based on various approaches to the study of information security threats, such as: assessment of the relevance of information security threats according to the FSTEC methodology of Russia, ATT&CK Matrix for Enterprise, Howard-Longstaff incident taxonomy, information security threat assessment study based on a security model. All of the above methods can be divided into two groups of threat assessment: quantitative and qualitative. In this connection, there is a need to conduct their research. The article presents a study of methods for assessing information security threats, conducted in various ways.