{"title":"评估风险管理体系可信度的问题","authors":"V. Selifanov, Veronika V. Anikeeva, Igor A. Ognev","doi":"10.17212/2782-2230-2023-1-69-82","DOIUrl":null,"url":null,"abstract":"This article is devoted to the assessment of confidence in the risk management system. The term trust in relation to information systems is practically not used nowadays. The author proposes a procedure for assessing confidence in the risk management system, which consists of four stages: compliance with the requirements of Russian legislation and national standards, assessing the optimality of the existing risk management system and reassessing risks. A description of existing methods for assessing confidence in risk management systems has been given. It is concluded that at present there are no existing requirements to the system of risk assessment even in some segments. The paper proposes to use a pre-agreed by stakeholders’ selection of criteria for assessing risks from a system of standards that describe the process of risk assessment in terms of systems engineering. The criteria and indicators used in the standards that define systems analysis are considered. Probabilistic assessment of a few indicators is taken as the basis of risk assessment: risk of violation of reliability of process implementation without regard to information protection requirements; risk of violation of information protection requirements in the process; integral risk of violation of process implementation with regard to information protection requirements. To calculate these risk indicators the investigated entities are examined in the form of a modeled system of a complex structure. A mathematical model for assessing risks in accordance with the provisions of systems engineering standards is presented.","PeriodicalId":207311,"journal":{"name":"Digital Technology Security","volume":"367 2","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-03-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Issues of assessing the credibility of the risk management system\",\"authors\":\"V. Selifanov, Veronika V. Anikeeva, Igor A. Ognev\",\"doi\":\"10.17212/2782-2230-2023-1-69-82\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"This article is devoted to the assessment of confidence in the risk management system. The term trust in relation to information systems is practically not used nowadays. The author proposes a procedure for assessing confidence in the risk management system, which consists of four stages: compliance with the requirements of Russian legislation and national standards, assessing the optimality of the existing risk management system and reassessing risks. A description of existing methods for assessing confidence in risk management systems has been given. It is concluded that at present there are no existing requirements to the system of risk assessment even in some segments. The paper proposes to use a pre-agreed by stakeholders’ selection of criteria for assessing risks from a system of standards that describe the process of risk assessment in terms of systems engineering. The criteria and indicators used in the standards that define systems analysis are considered. Probabilistic assessment of a few indicators is taken as the basis of risk assessment: risk of violation of reliability of process implementation without regard to information protection requirements; risk of violation of information protection requirements in the process; integral risk of violation of process implementation with regard to information protection requirements. To calculate these risk indicators the investigated entities are examined in the form of a modeled system of a complex structure. A mathematical model for assessing risks in accordance with the provisions of systems engineering standards is presented.\",\"PeriodicalId\":207311,\"journal\":{\"name\":\"Digital Technology Security\",\"volume\":\"367 2\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-03-29\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Digital Technology Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.17212/2782-2230-2023-1-69-82\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Digital Technology Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.17212/2782-2230-2023-1-69-82","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Issues of assessing the credibility of the risk management system
This article is devoted to the assessment of confidence in the risk management system. The term trust in relation to information systems is practically not used nowadays. The author proposes a procedure for assessing confidence in the risk management system, which consists of four stages: compliance with the requirements of Russian legislation and national standards, assessing the optimality of the existing risk management system and reassessing risks. A description of existing methods for assessing confidence in risk management systems has been given. It is concluded that at present there are no existing requirements to the system of risk assessment even in some segments. The paper proposes to use a pre-agreed by stakeholders’ selection of criteria for assessing risks from a system of standards that describe the process of risk assessment in terms of systems engineering. The criteria and indicators used in the standards that define systems analysis are considered. Probabilistic assessment of a few indicators is taken as the basis of risk assessment: risk of violation of reliability of process implementation without regard to information protection requirements; risk of violation of information protection requirements in the process; integral risk of violation of process implementation with regard to information protection requirements. To calculate these risk indicators the investigated entities are examined in the form of a modeled system of a complex structure. A mathematical model for assessing risks in accordance with the provisions of systems engineering standards is presented.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
