TY - JOUR
T1 - Information Security Risk Assessment
AU - Kuzminykh, Ievgeniia
AU - Ghita, Bogdan
AU - Sokolov, Volodymyr
AU - Bakhshi, Taimur
PY - 2021/7/24
Y1 - 2021/7/24
N2 - Information security risk assessment is an important part of enterprises’ management practices that helps to identify, quantify, and prioritize risks against criteria for risk acceptance and objectives relevant to the organization. Risk management refers to a process that consists of identification, management, and elimination or reduction of the likelihood of events that can negatively affect the resources of the information system to reduce security risks that potentially have the ability to affect the information system, subject to an acceptable cost of protection means that contain a risk analysis, analysis of the “cost-effectiveness” parameter, and selection, construction, and testing of the security subsystem, as well as the study of all aspects of security.
AB - Information security risk assessment is an important part of enterprises’ management practices that helps to identify, quantify, and prioritize risks against criteria for risk acceptance and objectives relevant to the organization. Risk management refers to a process that consists of identification, management, and elimination or reduction of the likelihood of events that can negatively affect the resources of the information system to reduce security risks that potentially have the ability to affect the information system, subject to an acceptable cost of protection means that contain a risk analysis, analysis of the “cost-effectiveness” parameter, and selection, construction, and testing of the security subsystem, as well as the study of all aspects of security.
KW - information risk management
KW - security risk management
KW - risk classification
KW - OCTAVE
KW - CRAMM
KW - RiskWatch
KW - fuzzy logic
U2 - 10.3390/encyclopedia1030050
DO - 10.3390/encyclopedia1030050
M3 - Article
VL - 1
SP - 602
EP - 617
JO - Encyclopedia
JF - Encyclopedia
SN - 2673-8392
IS - 3
ER -