Algorithm of risk assessment of perturbation of information services in an organization

The process of assessing the information security risks is described as a sequence of the stages. A number of the issues associated with the collection and analysis of input information is identified. The shortcomings of the existing software tools for assessment of the level of information services perturbation. The paper presents an algorithm for estimating the level of information services perturbation, which allows us to solve the problem of allocation of the factors associated with the likelihood of threats. While using this algorithm, the prediction of future losses, determination of the weak spots in the system of information protection, the ordering of the actions of the auditors and the determination of the optimal composition, consistency, cost, and feasibility, of the work of the auditors will become possible. The algorithm describes the features of the prereporting to the experts in the survey. The best practices for organizing and optimizing the process of auditing of information security are developed. The necessity of demonstration of the analytical information received from the specialists, taking into account in its authenticity and the risk of conflict between the interests, is shown. Based on the obtained data, the analytical data processing of the system and ranking of threats to the availability of information services within the organization is made.