Open Access Open Access  Restricted Access Subscription or Fee Access

Methods of Risk Assessment for Information Security Management

(*) Corresponding author

Authors' affiliations



The study showed that mainly for analysis and risk assessment used statistical data on incidents and information security threats. In many countries at the state level, such statistics are not kept, which limits the possibilities of existing tools for national use. It should also be noted that the study sets tools expert certain limitations (on the used set of parameters) and gives him the possibility of applying for evaluation of a wider range of values. Based on this, two methods are presented for analysis and evaluation of risk, which allow you to use a wide range of parameters, giving the opportunity to create a more flexible means of assessment, and calculate risks based on statistics and on expert judgment, made in uncertain, formalized environment with regard to time period, industry, economic and managerial specifics of the enterprise, etc. In addition, the developed methods will make it possible to reproduce the results, both in numerical and in verbal form, for example, using linguistic variable, often used for description of complex systems described by the parameters shown not only in quantitative but also in qualitative form.
Copyright © 2016 Praise Worthy Prize - All rights reserved.


Method of Analysis and Information Security Risk Assessment; Risk; Risk Analysis; Risk Assessment; Risk Management; Risk Profile

Full Text:



Information technology. Security techniques. Information security management systems. Requirements: ISO/IEC 27001:2013, International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), 2013, 34 р.

B.S. Akhmetov, A.G. Korchenko, S.V. Kazmirchook, M.N. Zhekambayeva, Kortezhnaya model’ bazovykh kharakteristik riska (The tuple model of the underlying risk characteristics), Вестник КазНИТУ, №6, pp. 12-19, 2015.

Ciapessoni, E., Cirio, D., Massucco, S., Pitto, A., Silvestro, F., Risk-based security and control framework for power system operation under significant amounts of HVDC-connected wind power generation, (2015) International Review of Electrical Engineering (IREE), 10 (3), pp. 370-380.

Kondakci, S., Dependency Analysis of Risks in Information Security, (2013) International Journal on Information Technology (IREIT), 1 (1), pp. 22-30.

H. Kumamoto, E.J. Henley, Probabilistic Risk Assessment and Management for Engineers and Scientists 2nd Ed., ISBN: 0-7803-6017-6, (IEEE Press, 1996).

S. Kondakci, Controlling security risks in large computer networks, International Journal of Computational Intelligence– ICSP' 2003, (ISSN 1304-2386, Vol. 1, No. 2, pp. 7-10, 2003.

S. Kondakci, A New Assessment and Improvement Model of Risk Propagation in Information Security, Int. Journal of Information and Computer Security, Vol. 1, No. 3, pp. 341-366, 2007.

E. Ciapessoni, D. Cirio, S. Grillo, S. Massucco, A. Pitto, F. Silvestro, “Operational Risk Assessment and Control: a probabilistic approach”, IEEE PES Innovative Smart Grid Technologies (ISGT) Europe, Chalmers Lindholmen, Gothenburg, Sweden, October 10-13, 2010.

Tiwana,A.,and M.keil. ‘Functionality risk in software development’. in IEEE transactions on engineering management,412-425. (2006).

J. Tudor. 2013. “Web Application Vulnerability Statistics 2013,” Context.

Priyadharshini, M., Baskaran, R., Balaji, N., Saleem Basha, M.S., Analysis on countering XML-based attacks in web services, (2013) International Review on Computers and Software (IRECOS), 8 (9), pp. 2197-2204.

A.G. Korchenko, Postroyeniye system zashity informatsii na nechyotkikh mnozhestvakh. Teoriya i prakticheskiye resheniya (Construction of information protection systems on fuzzy sets. Theory and practical solutions), K.: “MK-Press”, 2006., 320 p. (ill. Monography).

B. G. Litvak, Ekspertnyye tehnologii v upravlenii (Expert technology in management): Manual., 2nd Ed., rev., Moscow: Delo, 2004, 400 p.

P. Fishbern, Teoriya poleznosti dlya prinyatiya reshenii (Utility theory for decision making), Moscow: Nauka, 1978, 352 p.

Information technology, Security techniques, Code of practice for information security management: ISO/IEC 27002:2005, International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), 2005, 171 р.

Mahmood, F., Rizk, M., Sabiha, N., Lehtonen, M., Flashover Probability Distribution and Volt-Time Curves of Medium Voltage Overhead Line Insulation Under Combined AC and Lightning Impulse Voltages, (2015) International Review of Electrical Engineering (IREE), 10 (5), pp. 625-632.

Aminudin, N., Marsadek, M., Ramli, N., Rahman, T., Razali, N., Robust Model for Weather-Related Contingency Probability Estimation Used for Risk Based Security Assessment, (2014) International Review on Modelling and Simulations (IREMOS), 7 (5), pp. 854-862.

Zaitar, Y., Risk Assessment in ERP Projects Life Cycle: the Application of FMEA Approach, (2014) International Review on Computers and Software (IRECOS), 9 (11), pp. 1888-1895.


Please send any question about this web site to
Copyright © 2005-2024 Praise Worthy Prize