scholarly journals STUDY OF INFORMATION SECURITY OF THE INFORMATION SERVICES MARKET

2021 ◽  
Vol 6 (2) ◽  
pp. 110-114
Author(s):  
Natalia Kondratenko
Keyword(s):  
Information System ◽  
Risk Management ◽  
Information Security ◽  
Information Society ◽  
Social Engineering ◽  
Information Services ◽  
Information Value ◽  
Industrial Society ◽  
Productivity Cost ◽  
Research Findings

The article is devoted to the study of information security of the information services market. The subject of the research is information security, and the goal of the paper is to study the information security of the information services market. Information security is considered a socio-economic challenge that can be addressed through the confident actions of the state. Data analysis confirmed the problem of information security at different levels. Information security is aimed at protecting information from unauthorized access. The development and transformation of the information services market depend on the quality metrics of the Internet. This paper deals with the issue of maintaining a sufficient level of information transparency, which is related to and interdependent on information security. The main risks and threats caused by the active introduction of information technologies and the advancement of the information services market are specified. The study found that in the day-to-day operations of each company, many risks can affect the information system due to information security breaches. Social engineering involves the use of psychological techniques to mislead users by providing information or access for attackers. In order for the company to cope with external risks in the information services market, it is necessary to build a strong risk management information system. The process of risk management is ongoing and iterative in nature, it must be repeated indefinitely as new threats and vulnerabilities emerge, especially external ones. The choice of countermeasures or controls used must strike a balance between productivity, cost, effectiveness, and the information value of the asset being protected. Conclusions: the research identified the basic principles of information security, namely confidentiality, integrity, and availability. Moreover, to increase the information security of the companies which are participants in the information services market, the author proposes implementing a range of measures within the company. Information security in the information services market is a marker of the crucial difference between the information society and the industrial society. The main hallmark of the information society is its openness. This means a significant reduction and thus a general lack of confidential information for society. The study established that the digitalization of the economy is modifying the information services market. The research findings may prove useful to businesses and governments to boost information security of the information services market. The research is based on the methods of theoretical generalization and comparison to define the concept of “information security” and its interrelations with other definitions of the relevant terminological framework. Analysis, synthesis, and scientific abstraction were used to identify factors affecting the risks and threats to information security of the information services market. There were used methods of analysis, comparison and generalization when summarizing research findings.

scholarly journals MODERN TOOLS FOR INFORMATION SECURITY SYSTEMS

2021 ◽  
Vol 335 (1) ◽  
pp. 14-18
Author(s):  
N. Baisholan ◽  
K.E. Kubayev ◽  
T.S. Baisholanov
Keyword(s):  
Information System ◽  
Risk Management ◽  
Information Systems ◽  
Information Security ◽  
Information Technologies ◽  
Business Processes ◽  
Security Audit ◽  
Security Systems ◽  
Security Models ◽  
Methods And Techniques

Efficiency of business processes in modern organizations depends on the capabilities of applied information technologies. The article describes and analyzes the role and features of audit tools and other methodological tools and models in ensuring the quality and security of information systems. The standard’s principles are reviewed, as well as the importance of meeting business needs. In order to protect virtual values in a company’s system environment, the importance of using information security models is revealed. Practical proposals in risk management and information security in information technology are analyzed through the COBIT standard. Measures for protecting the information system of an organization from accidental, deliberate or fake threats are considered. The possibility of using one of the real information security models by the information recipient or provider in accordance with the requirements of external processes is reported. Furthermore, in connection with increase in the number of attack methods and techniques and development of their new tools and vectors, the need to improve and ways to ensure information security are being considered. The essential tasks of security audit are considered, and the stages of their implementation are described. With regard to security of information systems, an analytical model is proposed for determining vulnerability’s numerical value.

scholarly journals INFORMATION SYSTEM SECURITY RISK MANAGEMENT ANALYSIS IN UNIVERSITAS ADVENT INDONESIA USING OCTAVE ALLEGRO METHOD

2019 ◽  
Vol 7 (1) ◽  
pp. 1715-1724
Author(s):  
Elmor Benedict Wagiu ◽  
Raminson Siregar ◽  
Raymond Maulany
Keyword(s):  
Information Technology ◽  
Information System ◽  
Risk Management ◽  
Information Security ◽  
Business Processes ◽  
Financial Information ◽  
Security Risk ◽  
System Risk ◽  
Area Of Concern ◽  
The Impact

Universitas Advent Indonesia is one of the many universities that use information technology to support their business processes in the hope that information technology will provide significant benefits. The use of information technology in supporting a business can not be separated from the risks that might be faced. for that, good management of information technology will be the key to how much risk will be faced. In this case, the researcher will conduct an analysis of information system risk management at the Universitas Advent Indonesia. The method used by researchers is OCTAVE ALLEGRO. OCTAVE ALLEGRO is a method that is often used to carry out analysis in the field of risk management and risk assessment. The purpose of this study was to identify risks that could potentially threaten business processes at Universitas Advent Indonesia by first identifying the impact of the area, determining the scale of priorities etc. The results of the study using OCTAVE Allegro is a risk reduction approach for each area of concern of each UNAI critical information asset namely student financial information, lecturer financial information, student score information, student transcript information, and class attendance data. UNAI makes written rules regarding responsibilities in maintaining information security and sanctions for violators and do socialize about the rule well gradually to Universitas Advent Indonesia employees. Re-evaluate information security by using OCTAVE Allegro method periodically, for example, once every 2 years.

scholarly journals MODERN TOOLS FOR INFORMATION SECURITY SYSTEMS

2021 ◽  
Vol 335 (1) ◽  
pp. 14-18
Author(s):  
N. Baisholan ◽  
K.E. Kubayev ◽  
T.S. Baisholanov
Keyword(s):  
Information System ◽  
Risk Management ◽  
Information Systems ◽  
Information Security ◽  
Information Technologies ◽  
Business Processes ◽  
Security Audit ◽  
Security Systems ◽  
Security Models ◽  
Methods And Techniques

Efficiency of business processes in modern organizations depends on the capabilities of applied information technologies. The article describes and analyzes the role and features of audit tools and other methodological tools and models in ensuring the quality and security of information systems. The standard’s principles are reviewed, as well as the importance of meeting business needs. In order to protect virtual values in a company’s system environment, the importance of using information security models is revealed. Practical proposals in risk management and information security in information technology are analyzed through the COBIT standard. Measures for protecting the information system of an organization from accidental, deliberate or fake threats are considered. The possibility of using one of the real information security models by the information recipient or provider in accordance with the requirements of external processes is reported. Furthermore, in connection with increase in the number of attack methods and techniques and development of their new tools and vectors, the need to improve and ways to ensure information security are being considered. The essential tasks of security audit are considered, and the stages of their implementation are described. With regard to security of information systems, an analytical model is proposed for determining vulnerability’s numerical value.

Research on Method of Information System Information Security Risk Management

2014 ◽  
Vol 926-930 ◽  
pp. 4105-4109
Author(s):  
Xiao Li Cao
Keyword(s):  
Information System ◽  
Risk Management ◽  
Information Systems ◽  
Information Security ◽  
Risk Analysis ◽  
Management Approach ◽  
Security Risk ◽  
System Risk ◽  
Information Security Risk ◽  
Security Risk Management

With the popularity of the Internet and global information continues to advance organizational information systems have become an important strategic resource for the survival of the importance of information security to protect its widespread concern. Once the information security organization information system is destroyed, the Organization for Security attribute information would cause tremendous impact the organization's business operation, the losses include not only economic, but also likely to organize image, reputation is a strategic competitive advantage even fatal injuries. However, the existing information systems of information security risk management approach to information system risk analysis and assessment with specific organizational environment and business background with fragmentation, lack of risk analysis and description of the formation process, carried only consider "technical" factors security decisions, lack of full expression to achieve the desired goal of a number of decisions on organizational decision-making. Therefore, the information system to carry information security risk management is essential.

Comparison and Evaluation of Information Security Models for Access Control

2014 ◽  
Vol 657 ◽  
pp. 708-712 ◽  
Author(s):  
Nicolae Anton ◽  
Anișor Nedelcu
Keyword(s):  
Information System ◽  
Risk Management ◽  
Information Security ◽  
Mathematical Models ◽  
Structural Characteristics ◽  
Future Research ◽  
Security Risk ◽  
Security Models ◽  
Security Modeling ◽  
Security Risk Management

This paper presents an approach to various forms of security and different access levels required in an information system by analyzing mathematical models that can be applied to this field. By describing their structural characteristics and how they find implementation in the study of information security, this paper underlines the necessity, means and effectiveness of information security modeling. The conclusions of this paper highlight the importance of a well-defined security risk management and how achieving this goal provides an opening for future research.

The formation of information security culture of college students

2019 ◽  
pp. 29-36
Author(s):  
I. D. Rudinskiy ◽  
D. Ya. Okolot
Keyword(s):  
College Students ◽  
Information Security ◽  
Information Society ◽  
Technical Aspect ◽  
Data Sources ◽  
Structural Components ◽  
Security Culture ◽  
The Individual ◽  
Information Security Culture ◽  
Ability And Willingness

The article discusses aspects of the formation of information security culture of college students. The relevance of the work is due to the increasing threats to the information security of the individual and society due to the rapid increase in the number of information services used. Based on this, one of the important problems of the development of the information society is the formation of a culture of information security of the individual as part of the general culture in its socio-technical aspect and as part of the professional culture of the individual. The study revealed the structural components of the phenomenon of information security culture, identified the reasons for the interest in the target group of students. It justifies the need for future mid-level specialists to form an additional universal competency that ensures the individual’s ability and willingness to recognize the need for certain information, to identify and evaluate the reliability and reliability of data sources. As a result of the study, recommendations were formulated on the basis of which a culture of information security for college students can be formed and developed and a decomposition of this process into enlarged stages is proposed. The proposals on the list of disciplines are formulated, within the framework of the study of which a culture of information security can develop. The authors believe that the recommendations developed will help future mid-level specialists to master the universal competency, consisting in the ability and willingness to recognize the need for certain information, to identify and evaluate the reliability and reliability of data sources, as well as to correctly access the necessary information and its further legitimate use, which ultimately forms a culture of information security.

Risk Management on Information Security in ABC Company

2017 ◽  
Vol 4 (1) ◽  
pp. 62-66
Author(s):  
Luyen Ha Nam
Keyword(s):  
Risk Management ◽  
Information Security ◽  
Data Management ◽  
Management System ◽  
Risk Mitigation ◽  
Data Management System ◽  
Data Centre ◽  
Long Time ◽  
Mitigation Action ◽  
Better Than

From long, long time ago until nowadays information still takes a serious position for all aspect of life, fromindividual to organization. In ABC company information is somewhat very sensitive, very important. But how wekeep our information safe, well we have many ways to do that: in hard drive, removable disc etc. with otherorganizations they even have data centre to save their information. The objective of information security is to keep information safe from unwanted access. We applied Risk Mitigation Action framework on our data management system and after several months we have a result far better than before we use it: information more secure, quickly detect incidents, improve internal and external collaboration etc.

FORMALIZED DESCRIPTION OF THE PROCEDURE OF INFORMATION SYSTEM RISK MANAGEMENT

2018 ◽  
pp. 61-70
Author(s):  
Svetlana Sergeevna Kozunova ◽  
Alla Grigorievna Kravets
Keyword(s):  
Information System ◽  
Risk Management ◽  
Negative Consequences ◽  
Management Procedure ◽  
System Risk ◽  
Weak Points ◽  
Formalized Description ◽  
Relationship Of ◽  
The Relationship ◽  
Further Development

The article highlights the aspects of risk management in the information system. According to the analysis of the work of Russian and foreign scientists and world practices in the field of risk management, it is stated that there is a need to improve the effectiveness of risk management of information system and to develop a method for managing the risks of the information system. As a solution to the problem of effective risk management of the information system, there has been proposed a formalized procedure for managing the risks of the information system. The scientific novelty of this solution is the use of decision space and optimization space to reduce risks. This procedure allows to assess the damage, risk and effectiveness of risk management of the information system. The risks of the information system are determined and analyzed; a pyramidal risk diagram is developed. This diagram allows you to describe the relationship of risks with the components of the information system. The negative consequences to which these risks can lead are given. The analysis of methods and approaches to risk management has been carried out. Based on the results of the analysis, the methods GRAMM, CORAS, GOST R ISO / IEC scored to the maximum. The weak points of these methods and the difficulty of applying these methods in practice are described. The developed formalized risk management procedure to control the risks of information system can be used as management system’s element of the information security quality that complies with the recommendations of GOST R ISO / IEC 27003-2012. The prospect of further development of the research results is the development of management systems of risk of information system.

Sign in / Sign up

Export Citation Format

Share Document