Vestnik of Astrakhan State Technical University. Series: Management, Computer Sciences and Informatics
RUS  ENG    JOURNALS   PEOPLE   ORGANISATIONS   CONFERENCES   SEMINARS   VIDEO LIBRARY   PACKAGE AMSBIB  
General information
Latest issue
Archive
Impact factor

Search papers
Search references

RSS
Latest issue
Current issues
Archive issues
What is RSS



Vestn. Astrakhan State Technical Univ. Ser. Management, Computer Sciences and Informatics:
Year:
Volume:
Issue:
Page:
Find






Personal entry:
Login:
Password:
Save password
Enter
Forgotten password?
Register


Vestnik of Astrakhan State Technical University. Series: Management, Computer Sciences and Informatics, 2018, Number 2, Pages 61–70
DOI: https://doi.org/10.24143/2072-9502-2018-2-61-70
(Mi vagtu531)
 

COMPUTER SOFTWARE AND COMPUTING EQUIPMENT

Formalized description of the procedure of information system risk management

S. S. Kozunova, A. G. Kravets

Volgograd State Technical University
References:
Abstract: The article highlights the aspects of risk management in the information system. According to the analysis of the work of Russian and foreign scientists and world practices in the field of risk management, it is stated that there is a need to improve the effectiveness of risk management of information system and to develop a method for managing the risks of the information system. As a solution to the problem of effective risk management of the information system, there has been proposed a formalized procedure for managing the risks of the information system. The scientific novelty of this solution is the use of decision space and optimization space to reduce risks. This procedure allows to assess the damage, risk and effectiveness of risk management of the information system. The risks of the information system are determined and analyzed; a pyramidal risk diagram is developed. This diagram allows you to describe the relationship of risks with the components of the information system. The negative consequences to which these risks can lead are given. The analysis of methods and approaches to risk management has been carried out. Based on the results of the analysis, the methods GRAMM, CORAS, GOST R ISO / IEC scored to the maximum. The weak points of these methods and the difficulty of applying these methods in practice are described. The developed formalized risk management procedure to control the risks of information system can be used as management system’s element of the information security quality that complies with the recommendations of GOST R ISO / IEC 27003-2012. The prospect of further development of the research results is the development of management systems of risk of information system.
Keywords: information system, risk, damage, evaluation, management effectiveness, optimization.
Received: 14.12.2017
Bibliographic databases:
Document Type: Article
UDC: 004.942
Language: Russian
Citation: S. S. Kozunova, A. G. Kravets, “Formalized description of the procedure of information system risk management”, Vestn. Astrakhan State Technical Univ. Ser. Management, Computer Sciences and Informatics, 2018, no. 2, 61–70
Citation in format AMSBIB
\Bibitem{KozKra18}
\by S.~S.~Kozunova, A.~G.~Kravets
\paper Formalized description of the procedure of information system risk management
\jour Vestn. Astrakhan State Technical Univ. Ser. Management, Computer Sciences and Informatics
\yr 2018
\issue 2
\pages 61--70
\mathnet{http://mi.mathnet.ru/vagtu531}
\crossref{https://doi.org/10.24143/2072-9502-2018-2-61-70}
\elib{https://elibrary.ru/item.asp?id=32808857}
Linking options:
  • https://www.mathnet.ru/eng/vagtu531
  • https://www.mathnet.ru/eng/vagtu/y2018/i2/p61
  • Citing articles in Google Scholar: Russian citations, English citations
    Related articles in Google Scholar: Russian articles, English articles
    Вестник Астраханского государственного технического университета. Серия: Управление, вычислительная техника и информатика
     
      Contact us:
     Terms of Use  Registration to the website  Logotypes © Steklov Mathematical Institute RAS, 2024