Information Protection Model Based on Information Security Risk Assessment for Small and Medium-Sized Business

Шевченко, Світлана Миколаївна and Жданова, Юлія Дмитрівна and Кравчук, Катерина Володимирівна (2021) Information Protection Model Based on Information Security Risk Assessment for Small and Medium-Sized Business Електронне фахове наукове видання "Кібербезпека: освіта, наука, техніка", 2 (14). pp. 158-175. ISSN 2663-4023

[thumbnail of S_Shevchenko_Y_Zhdanovа_K_Kravchuk_CEST_14.pdf] Text
S_Shevchenko_Y_Zhdanovа_K_Kravchuk_CEST_14.pdf

Download (1MB)

Abstract

This study focuses on the protection of information resources on the basis of risk-oriented approach for small and medium-sized businesses with an emphasis on risk assessment of information security (IS). The analysis of scientific sources allowed to characterize the essence of the risk-oriented approach and to formulate the main provisions for creating a model of information protection based on this technology. The content line of the model focuses on conducting qualitative and quantitative IS risk assessment, namely, SWOT-analysis, statistical method, expert assessment method and Monte Carlo method. The step-by-step procedure of carrying out the stages of analysis and implementation of these methods for IS risk assessment is described. In order to obtain a comprehensive map of IS risks at the initial stage, it is proposed to conduct a SWOT analysis, in particular to identify business weaknesses and external and internal threats. Use a statistical method to quantify IS risk if there are sufficient analytical reports. Otherwise, implement the method of expert assessments. The final step is to generate a script using the Monte Carlo method. To effectively describe the context of each information resource, use the technology of forming multiple pairs "threat - vulnerability". The relevance and possibilities of using this model as a methodology of information for small and medium businesses are substantiated

Item Type: Article
Uncontrolled Keywords: information security (IS) risks; SWOT analysis; statistical methods; method of expert assessments; Monte Carlo method; threats; vulnerabilities; information protection model
Subjects: Це архівна тематика Київського університету імені Бориса Грінченка > Статті у наукометричних базах > Index Copernicus
Це архівна тематика Київського університету імені Бориса Грінченка > Статті у журналах > Фахові (входять до переліку фахових, затверджений МОН)
Divisions: Це архівні підрозділи Київського університету імені Бориса Грінченка > Факультет інформаційних технологій та математики > Кафедра інформаційної та кібернетичної безпеки імені професора Володимира Бурячка
Depositing User: Павло Миколайович Складанний
Date Deposited: 04 Jan 2022 10:11
Last Modified: 04 Jan 2022 10:11
URI: https://elibrary.kubg.edu.ua/id/eprint/40425

Actions (login required)

View Item View Item