企业信息安全审计中风险评估的比较分析

2022 International Conference on Smart Information Systems and Technologies (SIST) Pub Date : 2022-04-28 DOI:10.1109/SIST54437.2022.9945804

Zhanna Alimzhanova, Akzer Tleubergen, S. Zhunusbayeva, Dauren Nazarbayev

{"title":"企业信息安全审计中风险评估的比较分析","authors":"Zhanna Alimzhanova, Akzer Tleubergen, S. Zhunusbayeva, Dauren Nazarbayev","doi":"10.1109/SIST54437.2022.9945804","DOIUrl":null,"url":null,"abstract":"This article discusses a threat and vulnerability analysis model that allows you to fully analyze the requirements related to information security in an organization and document the results of the analysis. The use of this method allows avoiding and preventing unnecessary costs for security measures arising from subjective risk assessment, planning and implementing protection at all stages of the information systems lifecycle, minimizing the time spent by an information security specialist during information system risk assessment procedures by automating this process and reducing the level of errors and professional skills of information security experts. In the initial sections, the common methods of risk analysis and risk assessment software are analyzed and conclusions are drawn based on the results of comparative analysis, calculations are carried out in accordance with the proposed model.","PeriodicalId":207613,"journal":{"name":"2022 International Conference on Smart Information Systems and Technologies (SIST)","volume":"50 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-04-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Comparative Analysis of Risk Assessment During an Enterprise Information Security Audit\",\"authors\":\"Zhanna Alimzhanova, Akzer Tleubergen, S. Zhunusbayeva, Dauren Nazarbayev\",\"doi\":\"10.1109/SIST54437.2022.9945804\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"This article discusses a threat and vulnerability analysis model that allows you to fully analyze the requirements related to information security in an organization and document the results of the analysis. The use of this method allows avoiding and preventing unnecessary costs for security measures arising from subjective risk assessment, planning and implementing protection at all stages of the information systems lifecycle, minimizing the time spent by an information security specialist during information system risk assessment procedures by automating this process and reducing the level of errors and professional skills of information security experts. In the initial sections, the common methods of risk analysis and risk assessment software are analyzed and conclusions are drawn based on the results of comparative analysis, calculations are carried out in accordance with the proposed model.\",\"PeriodicalId\":207613,\"journal\":{\"name\":\"2022 International Conference on Smart Information Systems and Technologies (SIST)\",\"volume\":\"50 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-04-28\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2022 International Conference on Smart Information Systems and Technologies (SIST)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SIST54437.2022.9945804\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 International Conference on Smart Information Systems and Technologies (SIST)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SIST54437.2022.9945804","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

摘要

本文讨论了一个威胁和漏洞分析模型，该模型允许您全面分析组织中与信息安全相关的需求，并记录分析结果。使用这种方法可以避免和防止因主观风险评估而产生的不必要的安全措施成本，在信息系统生命周期的各个阶段规划和实施保护，通过自动化信息系统风险评估过程，减少信息安全专家在信息系统风险评估过程中花费的时间，并减少信息安全专家的错误水平和专业技能。在前几节中，分析了常用的风险分析方法和风险评估软件，并根据对比分析的结果得出结论，根据提出的模型进行计算。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Comparative Analysis of Risk Assessment During an Enterprise Information Security Audit

This article discusses a threat and vulnerability analysis model that allows you to fully analyze the requirements related to information security in an organization and document the results of the analysis. The use of this method allows avoiding and preventing unnecessary costs for security measures arising from subjective risk assessment, planning and implementing protection at all stages of the information systems lifecycle, minimizing the time spent by an information security specialist during information system risk assessment procedures by automating this process and reducing the level of errors and professional skills of information security experts. In the initial sections, the common methods of risk analysis and risk assessment software are analyzed and conclusions are drawn based on the results of comparative analysis, calculations are carried out in accordance with the proposed model.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2022 International Conference on Smart Information Systems and Technologies (SIST)

自引率

0.00%

发文量