Application of a risk-based approach using reflexive risk models in building information security systems
| dc.contributor.author | Arkhypov, Oleksandr | |
| dc.contributor.author | Gregus, Michal | |
| dc.contributor.author | Arkhypova, Yevheniia | |
| dc.date.accessioned | 2021-06-14T13:14:34Z | |
| dc.date.available | 2021-06-14T13:14:34Z | |
| dc.date.issued | 2020 | |
| dc.description.abstracten | The risk-based approach (RBA) provides certain advantages in the construction and operation of information security management systems, therefore, the most frequently applied standards in this area are based on it. But the practical application of RBA for protection against cyber threats is fraught with a number of difficulties and limits. It is shown that application of a detailed risk assessment to assess the information security in organization intensively using the Internet and other IT in its activities, require a lengthy work to investigate vulnerabilities, calculating the private risks, reducing them into risks of threat. Taking into account the extremely high labor costs of this procedure, it is relevant to solve the problem by assessing high-level risks. Four verbal specifications of the attacker are introduced, describing various aspects of his behavior and skills, the socio-psychological context of his actions, the target settings of these actions, affecting the choice of the attacker's strategy, methods and ways to implement information threats. On the basis of these specifications reflexive risk models are formed. These are mathematical models whose structure and parameters reflect the characteristics of the attacker contained in its specification. Each of these models can be tailored to its own security policy to minimize losses to the organization. The study of reflexive models in a number of cases made it possible to determine the maximum volume of investments in the information security system and reveal the limitations in the application of the RBA to the construction of the information security system. | uk |
| dc.format.pagerange | P. 130-143 | uk |
| dc.identifier.citation | Arkhypov, O. Application of a risk-based approach using reflexive risk models in building information security systems / Oleksandr Arkhypov, Michal Gregus, Yevheniia Arkhypova // Proceedings of the 1st International Workshop on Computational & Information Technologies for Risk-Informed Systems (CITRisk 2020). Kherson, Ukraine, October 15-16, 2020. – Kherson, 2020. – Pp. 130-143. | uk |
| dc.identifier.uri | https://ela.kpi.ua/handle/123456789/41515 | |
| dc.language.iso | en | uk |
| dc.publisher.place | Kherson | uk |
| dc.source | CEUR workshop proceedings | uk |
| dc.subject | risk-based approach | uk |
| dc.subject | investments | uk |
| dc.subject | reflexive risk models | uk |
| dc.subject | hacker | uk |
| dc.subject | information security | uk |
| dc.subject | безопасность информации | uk |
| dc.subject | безпека інформації | uk |
| dc.subject | информационная безопасность | uk |
| dc.subject | риск-ориентированный подход | uk |
| dc.subject | рефлексивные риски | uk |
| dc.subject | ризик-орієнтований підхід | uk |
| dc.subject | рефлексивні ризики | uk |
| dc.title | Application of a risk-based approach using reflexive risk models in building information security systems | uk |
| dc.type | Article | uk |
Файли
Контейнер файлів
1 - 1 з 1
Вантажиться...
- Назва:
- CITRisk_Risk-Based Approach.pdf
- Розмір:
- 635.07 KB
- Формат:
- Adobe Portable Document Format
- Опис:
Ліцензійна угода
1 - 1 з 1
Ескіз недоступний
- Назва:
- license.txt
- Розмір:
- 9.01 KB
- Формат:
- Item-specific license agreed upon to submission
- Опис: