Analysis of methods for assessing and managing cyber risks and information security

Abstract

Global trends to increase the threats to information and cybersecurity, increasing the level of vulnerability of information and telecommunications systems (ITS) necessitate the development and implementation of new standards and regulations on information security, the introduction of new technologies and best practices in information security. The main approach to information and cybersecurity in ITS is the Risk-Based Protection Strategy. The main task of information risk management (IR) is to identify and assess objectively the most significant risks for the company's business, as well as the need to use risk controls to increase the efficiency and profitability of the company's economic activities. It is believed that quality risk management allows you to use the optimal efficiency and cost of risk control and information protection measures, adequate to the current goals and objectives of the company's business. The paper presents results of solving the current problem of finding optimal methods for assessing the risks of information and cybersecurity. Criteria for selecting the best methods of risk assessment are proposed. The analysis of known methods of risk assessment for compliance with these criteria is performed. Proposals have been formulated to create promising methods for risk assessment, their application to modern information security management systems, especially those designed for critical infrastructure, will most effectively address the problems of information and cybersecurity, as well as privacy.