Abstract
The article is devoted to the development of methods for identifying, assessing and neutralizing risks in order to ensure the reliability and security of information systems. The regulatory requirements for risk analysis in information systems have been developed. The methodology for analyzing information security risks in the banking sector has been developed and analyzed. Effective risk reduction strategies were used. Studied methods allow the user to receive a quantitative risk assessment of the system. This makes it possible to eliminate the need to use expensive resources to identify risks. Research was conducted on building an Information Security Risk Management System, measures and procedures for identifying, measuring, monitoring, controlling and minimizing information security risks. The purpose of the Information Security Risk Management System is to prevent and reduce the threat of negative consequences associated with the operation of information systems, as well as external factors affecting information systems. It is aimed at minimizing the risks in bank’s activities related to the violation of the integrity, confidentiality and availability of information systems.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Boranbayev, A., Boranbayev, S., Nurusheva, A., Yersakhanov, K.: The modern state and the further development prospects of information security in the republic of Kazakhstan. In: 15th International Conference of Information Technology, Information Technology – New Generations, pp. 33–38 (2018)
Boehm, B.W.: Software risk management: principles and practices. Softw. IEEE 8, 32–41 (1991)
Charette, R.N.: Software engineering risk analysis and management. Intertext Publications (1989)
Higuera, R.P., Haimes, Y.Y.: Software Risk Management. DTIC Document (1996)
Boranbayev, A., Boranbayev, S., Yersakhanov, K., Nurusheva, A., Taberkhan, R.: Methods of ensuring the reliability and fault tolerance of information systems. In: 15th International Conference of Information Technology, Information Technology – New Generations, pp. 729–730 (2018)
Lough, K.G., Stone, R., Turner, I.: The risk in early design method. J. Eng. Des. 20(2), 155–173 (2009)
Lough, K.G., Stone, R.B., Tumer, I.Y.: Implementation procedures for the risk in early design (red) method. J. Ind. Syst. Eng. 2(2), 126–143 (2008)
Krus, D., Grantham, K.: Generated risk event effect neutralization: identifying and evaluating risk mitigation strategies during conceptual design. In: INCOSE, Rome, pp. 1225–1237 (2012)
AlKazimi, M.A., Altabbakh, H., Murray, S., Grantham, K.: Evaluating generated risk event effect neutralization as a new mitigation strategy tool in the upstream industry. Proc. Manuf. 3, 1374–1378 (2015)
Grantham Lough, K., Stone, R., Tumer, I.: Prescribing and implementing the risk in early design (RED) method. In: Proceedings of DETC 2006, Philadelphia, USA, - Philadelphia, pp. 431–439 (2006). https://doi.org/10.1115/detc2006-99374
Krus, D., Grantham, K.: Failure prevention through the cataloging of successful risk mitigation. Strategies 13, 712–721 (2013). https://doi.org/10.1007/s11668-013-9728-8
Krus, D.A.: The risk mitigation strategy taxonomy and generated risk event effect neutralization method. Ph.D. thesis. Missouri, p. 176 (2012)
Lough, K.G., Stone, R.B., Tumer, I.Y.: The risk in early design (RED) method: likelihood and consequence formulations. In: Proceedings of DETC’06: ASME 2005 International Design Engineering Technical Conferences and Computers and Information in Engineering Conference, pp. 1–11 (2007). https://doi.org/10.1115/detc2006-99375
Vucovich, J.P., et al.: Risk assessment in early software design based on the software function-failure design method. In: Proceedings of the 31st Annual International Computer Software and Applications Conference, Institute of Electrical and Electronics Engineers (IEEE) (2007)
Grantham, K., Elrod, C., Flaschbart, B., Kehr, W.: Identifying risk at the conceptual product design phase: a web-based software solution and its evaluation. Mod. Mech. Eng. 2, 25–34 (2012)
Yousefi, H.: Risk assessment and risk analysis in information security. In: 7th Conference on Quality & Productivity in Electronic Industry (2008)
Boranbayev, A.S.: Defining methodologies for developing J2EE web-based information systems. J. Nonlinear Anal.: Theory Methods Appl. 71(12), 1633–1637 (2009)
Boranbayev, A., Mazhitov, M., Kakhanov, Z.: Implementation of security systems for prevention of loss of information at organizations of higher education. In: Proceedings of the 12th International Conference on Information Technology: New Generations (ITNG 2015), Las Vegas, Nevada, USA, pp. 802–804, 13–15 April 2015
Boranbayev, A., Boranbayev, S., Altayev, S., Seitkulov, Y.: Application of diversity method for reliability of cloud computing. In: Proceedings of the 2014 IEEE 8th International Conference on Application of Information and Communication Technologies-AICT2014, Astana, Kazakhstan, p. 244–248, 15–17 October 2014
Turskis, Z., Goranin, N., Nurusheva, A., Boranbayev, S.: A fuzzy WASPAS-based approach to determine critical information infrastructures of EU sustainable development. Sustain. (Switz.) 11(2), 424 (2019)
Turskis, Z., Goranin, N., Nurusheva, A., Boranbayev, S.: Information security risk assessment in critical infrastructure: a hybrid MCDM approach. Inform. (Neth.) 30(1), 187–211 (2019)
Boranbayev, S., Goranin, N., Nurusheva, A.: The methods and technologies of reliability and security of information systems and information and communication infrastructures. J. Theor. Appl. Inf. Technol. 96(18), 6172–6188 (2018)
Boranbayev, A., Boranbayev, S., Nurusheva, A.: Analyzing methods of recognition, classification and development of a software system. Adv. Intell. Syst. Comput. 869, 690–702 (2018)
Boranbayev, A., Boranbayev, S., Nurusheva, A.: Development of a software system to ensure the reliability and fault tolerance in information systems based on expert estimates. Adv. Intell. Syst. Comput. 869, 924–935 (2018)
Boranbayev, A., Shuitenov, G., Boranbayev, S.: The method of data analysis from social networks using apache Hadoop. Adv. Intell. Syst. Comput. 558, 281–288 (2018)
Boranbayev, A., Boranbayev, S., Nurusheva, A., Yersakhanov, K.: Development of a software system to ensure the reliability and fault tolerance in information systems. J. Eng. Appl. Sci. 13(23), 10080–10085 (2018)
Boranbayev, S., Nurkas, A., Tulebayev, Y., Tashtai, B.: Method of processing big data. Adv. Intell. Syst. Comput. 738, 757–758 (2018)
Akhmetova, Z., Boranbayev, S., Zhuzbayev, S.: The visual representation of numerical solution for a non-stationary deformation in a solid body. Adv. Intell. Syst. and Comput. 448, 473–482 (2016)
Boranbayev, S.N., Nurbekov, A.B.: Development of the methods and technologies for the information system designing and implementation. J. Theor. Appl. Inf. Technol. 82(2), 212–220 (2015)
Hritonenko, N., Yatsenko, Y., Boranbayev, S.: Environmentally sustainable industrial modernization and resource consumption: is the Hotelling’s rule too steep? Appl. Math. Model. 39(15), 4365–4377 (2015)
Akhmetova, Z., Zhuzbayev, S., Boranbayev, S., Sarsenov, B.: Development of the system with component for the numerical calculation and visualization of non-stationary waves propagation in solids. Front. Artif. Intell. Appl. 293, 353–359 (2016)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Boranbayev, A., Boranbayev, S., Nurbekov, A. (2020). Development of the Technique for the Identification, Assessment and Neutralization of Risks in Information Systems. In: Arai, K., Kapoor, S., Bhatia, R. (eds) Advances in Information and Communication. FICC 2020. Advances in Intelligent Systems and Computing, vol 1129. Springer, Cham. https://doi.org/10.1007/978-3-030-39445-5_53
Download citation
DOI: https://doi.org/10.1007/978-3-030-39445-5_53
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-39444-8
Online ISBN: 978-3-030-39445-5
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)