scholarly journals About Some Risks Associated with Subjective Factors, and the Methodology for their Assessment

2021 ◽  
Vol 9 (3) ◽  
pp. 94-102
Author(s):  
A. Kozlov ◽  
N. Noga
Keyword(s):  
Risk Assessment ◽  
Fuzzy Logic ◽  
Information Security ◽  
Complex Network ◽  
Negative Consequences ◽  
Management Decisions ◽  
Personnel Policy ◽  
Critical Information ◽  
Implementation Period ◽  
Fuzzy Logic Method

The authors propose a methodology for assessing the risk associated with subjective factors that may affect the achievement of the final goals of business projects, including ensuring information security. Such factors may include the level of salary, the level of professionalism, and others. At the same time, we propose carrying out the risk assessment by using the fuzzy logic method, which allows us to determine the dependence of the risk on various parameters under conditions of their uncertainty. According to the authors, the proposed methodology will help avoid some incorrect management decisions in the formation of author (working) teams, which could lead to negative consequences in the further implementation of the business project. These negative consequences can be expressed in delaying the implementation period, increasing the project’s cost, or even losing business due to critical information and personnel leakage. Also, this method allows you to increase the effectiveness of personnel policy in the organisation or the company. We noted that this method is applicable not only for individual enterprises but also for corporations and associations with complex network structures.

IRISK METHOD FOR SECURITY ESTIMATION OF THE SIMULATION POLYGON FOR THE PROTECTION OF CRITICAL INFORMATION RESOURCES

2019 ◽  
Author(s):  
Bogdan Korniyenko ◽  
Lilia Galata
Keyword(s):  
Risk Assessment ◽  
Information System ◽  
Information Security ◽  
Risk Analysis ◽  
Information Resources ◽  
Security System ◽  
Assessment System ◽  
Automated System ◽  
Information Risk ◽  
Critical Information

In this article, the research of information system protection by ana­ ly­ zing the risks for identifying threats for information security is considered. Information risk analysis is periodically conducted to identify information security threats and test the information security system. Currently, various information risk analysis techni­ ques exist and are being used, the main difference being the quantitative or qualitative risk assessment scales. On the basis of the existing methods of testing and evaluation of the vulnerabilities for the automated system, their advantages and disadvantages, for the possibility of further comparison of the spent resources and the security of the information system, the conclusion was made regarding the deter­ mi­ nation of the optimal method of testing the information security system in the context of the simulated polygon for the protection of critical information resources. A simula­ tion ground for the protection of critical information resources based on GNS3 application software has been developed and implemented. Among the considered methods of testing and risk analysis of the automated system, the optimal iRisk methodology was identified for testing the information security system on the basis of the simulated. The quantitative method Risk for security estimation is considered. Generalized iRisk risk assessment is calculated taking into account the following parameters: Vulnerabili­ ty  — vulnerability assessment, Threat — threat assessment, Control — assessment of security measures. The methodology includes a common CVSS vul­ nerability assessment system, which allows you to use constantly relevant coefficients for the calculation of vulnerabilities, as well as have a list of all major vulnerabilities that are associated with all modern software products that can be used in the automated system. The known software and hardware vulnerabilities of the ground are considered and the resistance of the built network to specific threats by the iRisk method is calculated.

Risk assessment of public-private partnership in Russia based on the fuzzy logic method

2020 ◽  
pp. 132-143
Author(s):  
A. N. Savrukov ◽  
N. Т. Savrukov ◽  
E. A. Kozlovskaya
Keyword(s):  
Risk Factors ◽  
Risk Assessment ◽  
Fuzzy Logic ◽  
Public Private Partnership ◽  
Risk Level ◽  
Project Implementation ◽  
Private Partnership ◽  
Aggregate Risk ◽  
Fuzzy Logic Method ◽  
Project Level

This paper is the first to assess the integral level of risks in public-private partnership (PPP) projects being implemented in Russia, taking into account the stages of project implementation. The results of empirical assessments have shown that the aggregate risk level is now estimated by experts as high. The key risks are incorrect assessment of project parameters, possible change of tariffs as well as risks related to the construction stage and demand for services. The majority of risk factors in PPP projects are of sectoral, project-level nature and are not related to economic, political or legal conditions. The study has shown differences in the structure of risks that partnership subjects are willing to take and transfer to another party, which has allowed to justify the distribution of risks among participants.

A Fuzzy Logic Based Information Security Risk Assessment Method

2011 ◽  
Vol 130-134 ◽  
pp. 3726-3730
Author(s):  
Ya Ling Yang ◽  
Yan Hui Zhou
Keyword(s):  
Risk Assessment ◽  
Information System ◽  
Fuzzy Logic ◽  
Information Security ◽  
Assessment Method ◽  
Assessment Methods ◽  
Security Risk ◽  
Risk Assessment Method ◽  
Information Security Risk ◽  
Security Risk Assessment

Risk assessment for information security is uncertainty. To control these uncertainties is of great significance for effective risk assessment [1].There are many assessment methods, and the conclusions from them are less clear. This paper presents a fuzzy logic based information security risk assessment method FLISRAM. In this method, the results are from a comprehensive assessment for assets, threats and vulnerabilities of the information system.

Ensuring the security of critical information infrastructure: the powers of the federal government bodies of the Russian Federation

2019 ◽  
Author(s):  
Ilia Pavlovich Mikhnev ◽  
Svetlana Vladimirovna Mikhneva
Keyword(s):  
Information Security ◽  
Federal Government ◽  
Russian Federation ◽  
Legal Status ◽  
Information Infrastructure ◽  
Critical Information ◽  
Security Service ◽  
Presidential Decree ◽  
Computer Attacks ◽  
The Russian Federation

The article discusses the competences and powers of the state authorities of the Russian Federation within their legal status in the field of ensuring the security of critical information infrastructure. Some functions and authorities in the field of information security have changed in a number of federal executive bodies. In particular, the Federal Security Service, on the basis of a presidential decree, is authorized to create a state system for detecting, preventing and eliminating the consequences of computer attacks on information resources of the Russian Federation. However, not all rights and obligations are enshrined; a number of powers cause the duality of the legal status of certain federal bodies of state power. The clarity and unambiguity of securing the rights and obligations of state bodies authorized in the field of information security are guarantees for effectively ensuring the security of important information infrastructure facilities.

Financial Risks of the Bank: Assessment and Mechanism of Neutralization

2020 ◽  
Vol 22 (1) ◽  
pp. 6-12
Author(s):  
Nelia Volkova ◽  
◽  
Alina Mukhina ◽  
Keyword(s):  
Risk Assessment ◽  
Financial Stability ◽  
Financial Risk ◽  
Stable Operation ◽  
Financial Risks ◽  
Negative Consequences ◽  
Conceptual Approach ◽  
Relevant Today ◽  
Banking Institution ◽  
The Impact

Abstract. Introduction. The issue of financial risk management of commercial banks is quite relevant today, because the activity of banks is the most risky of all. The presence of risks in banking can lead to unexpected losses, namely the loss of own resources. That’s why for the stable operation of the bank without loss the priority is to assess the financial risks, which is the basis for their further neutralization. Purpose. The purpose of the article is to develop conceptual provisions for assessment financial risks and justifying the need to neutralize them. Results. The article analyzes the impact of risks on the financial stability of a banking institution. The main methods of bank risk assessment are considered. All these include the statistical method, the analytical method, the expert method, the analogue method and the combined method. The necessity of neutralization of financial risks in order to avoid negative consequences is substantiated. Also the methods of bank risks neutralization are considered. It should be noted that these methods of neutralization can not only be used, but also supplement the list with new methods must be done, which in the future will protect the bank from the influence of undesirable factors. A conceptual approach to the assessment and neutralization of financial risks is proposed. This conceptual approach aims to ensure effective assessment of the level of risk with their subsequent neutralization Conclusions. Use of a conceptual approach will allow an effective risk assessment and decision-making to avoid or accept risk. Thanks to using this approach, the banking institution will be able to react swiftly to the presence of financial risks and to prevent the occurrence of negative consequences, which may lead to a violation of the financial stability of the bank.

Sign in / Sign up

Export Citation Format

Share Document