Abstract
This paper analyzes risk-management methods that are used in practice and described in the technical literature, standards, and guidelines. The analysis is aimed at classifying the methods and identifying their strengths and weaknesses in terms of practical use to solve information security problems. Based on the data obtained, various ways of implementing risk-management methods are proposed and the range of information security problems for each class of the methods is defined.
Similar content being viewed by others
References
Baldin, K.V., Risk-menedzhment. Uchebnoe posobie (Risk Management. Textbook), Moscow: Eksmo, 2008.
Barton, T.L., Shenkir, W.G., and Walker, P.L., Making Enterprise Risk Management Pay Off: How Leading Companies Implement Risk Management, Financial Times/Prentice Hall, 2002, ed. 1.
GOST (State Standard) R ISO/MEK 27005-2010: Information Technology. Security Methods and Means. Information Security Risk Management, 2011.
GOST (State Standard) R ISO/MEK 31010-2011: Risk Management. Methods of Risk Assessment, 2012.
Scniederjans, M.J., Hamaker, J.L., and Scniederjans, A.M., Information Technology Investment. Decision Methodology, World Scientific Publishing Co. Pte. Ltd., 2005, p. 552.
Lientz, B.P. and Larssen, L., Risk Management for ITProjects. How to Deal with over 150 Issues and Risks, Elsevier Inc, 2006, p. 331.
Astakhov, A.M., Iskusstvo upravleniya informatsionnymi riskami (Art of Information Risk Management), Moscow: DMK Press, 2010.
BS (British Standard) 7799-3:2006 RU Information Security Management Systems–Guidelines for Information Security Risk Management. http://gtrust.ru/show_good.php?idtov=1031
Miller, M.B., Mathematics and Statistics for Financial Risk Management, John Wiley & Sons, Inc., Hoboken, New Jersey, 2014, p. 336.
Regester, M. and Larkin, J., Risk Issues and Crisis Management: A Casebook of Best Practice, Kogan Page, 2005, p. 256.
Author information
Authors and Affiliations
Corresponding author
Additional information
Original Russian Text © P.A. Baranov, 2015, published in Problemy Informatsionnoi Bezopasnosti. Komp’yuternye Sistemy.
About this article
Cite this article
Baranov, P.A. Using risk-oriented approaches to solve information security problems. Aut. Control Comp. Sci. 49, 643–647 (2015). https://doi.org/10.3103/S0146411615080209
Received:
Published:
Issue Date:
DOI: https://doi.org/10.3103/S0146411615080209