Confidential information processing in information systems under conditions of the universal informatization in both stateowned and private companies is an urgent problem. Many operators processing a trade secret or per-sonal data underestimate possible damage caused by the disclosure, deletion or change of confidential in-formation and afterwards become victims either of deliberate criminals or suits of workers whose rights were violated. In such a way, the safety risk assessment of confidential information processed in information systems is a priority trend both for an operator and for a subject of confidential information. As a result of the investigation carried out there was developed a procedure for risk assessment of information systems processing confidential information in which it is possible to define and process a critical group of threats, and also a system for the definition of sufficient and the best set of countermeasures among possible ones. At the intermediate and final stage there is defined a significance of an information safety risk witnessing of measures carried out for the assurance of confidential information safety.
The process of information security risk assessment based on the methodology OCTAVE.
На сегодняшний день в нормативно-правовой базе Российской Федерации отсутствуют точные механизмы определения степени ущерба от нарушения свойств информационной безопасности. Имеющиеся упоминания о степени ущерба (Приказ № 17ФСТЭК, проект методики ФСТЭК 2015 года) предлагают экспертный аппарат определения точных значений степени ущерба, а, следовательно, полученные результаты у экспертов разных направленностей и уровня знаний будут разными. В данной статье приведен подход к определению степени социального ущерба, основанный на проекте методики ФСТЭК по определению угроз безопасности информации в ИС от 2015 года. To date, the regulatory framework of the Russian Federation does not have precise mechanisms for determining the degree of damage caused by a violation of information security properties. The existing references to the degree of damage (Order No. 17FSTEC, draft FSTEC methodology 2015) offer an expert apparatus for determining the exact values of the degree of damage, and, consequently, the results obtained by experts of different fields and levels of knowledge will be different. This article presents an approach to determining the degree of social damage based on the draft FSTEC methodology for determining information security threats in IP from 2015.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.