sg
O‘zbekcha

METHODS OF ANALYZING AND ASSESSING INFORMATION SECURITY RISKS

Authors

  • Tashatov Nurlan Narkenovich

    Evrosiyo milliy universiteti

  • Onarkulov Maksadjon Karimberdiyvich

    Fargʻona davlat universiteti

  • Askarbekkizi Akbota

    Evrosiyo milliy universiteti

Keywords:

risk management, threats, information security, risk assessment, tool.

Abstract

This article evaluates information security risk management processes, emphasizing the critical role of risk assessment in safeguarding organizational assets. It details the stages of risk assessment–identification, analysis, evaluation, and treatment–and scrutinizes tools such as CRAMM, FRAP, RiskWatch, MSAT, and CORAS for their effectiveness across various organizational settings. A comparative analysis assesses each toolʼs strengths and limitations, providing guidance for organizations to select appropriate methodologies that align with ISO 31000 standards.

This study aims to help organizations adapt to evolving threats and maintain compliance by enhancing their security frameworks through suitable risk assessment practices. The insights offered serve as a strategic resource for continuous improvement in information security management.

Author Biographies

  • Tashatov Nurlan Narkenovich, Evrosiyo milliy universiteti

    Evrosiyo milliy universiteti. Qozogʻiston. Fizika-matematika fanlari nomzodi, professor

  • Onarkulov Maksadjon Karimberdiyvich, Fargʻona davlat universiteti

    Fargʻona davlat universiteti, fizika-matematika fanlari boʻyicha falsafa doktori (PhD),

  • Askarbekkizi Akbota, Evrosiyo milliy universiteti

    Evrosiyo milliy universiteti, Qozogʻiston, magistrant

References

International Organization for Standardization. (2018). ISO/IEC 31000: Risk management – Guidelines (ISO/IEC 31000:2018). https://www.iso.org/standard/65694.html

Волкова, Л. В., Макарова, Д. В., & Докучаев, В. А. (2021). Использование метода CRAMM для оценки информационных рисков. Телекоммуникации и информационные технологии, 8(1), 103-109.

Putra, S. J., Gunawan, M. N., Sobri, A. F., Muslimin, J. M., & Saepudin, D. (2020, October). Information Security Risk Management Analysis Using ISO 27005: 2011 For The Telecommunication Company. In 2020 8th International Conference on Cyber and IT Service Management (CITSM) (pp. 1-5). IEEE.

Wirtz, R., & Heisel, M. (2020). Model-based risk analysis and evaluation using CORAS and CVSS. In Evaluation of Novel Approaches to Software Engineering: 14th International Conference, ENASE 2019, Heraklion, Crete, Greece, May 4–5, 2019, Revised Selected Papers 14 (pp. 108-134). Springer International Publishing.

Kuzminykh, I., Ghita, B., Sokolov, V., & Bakhshi, T. (2021). Information security risk assessment. Encyclopedia, 1(3), 602-617.

Alimzhanova, Z., Tleubergen, A., Zhunusbayeva, S., & Nazarbayev, D. (2022, April). Comparative analysis of risk assessment during an enterprise information security audit. In 2022 International Conference on Smart Information Systems and Technologies (SIST) (pp. 1-6). IEEE.

Chandrinos, T. A. (2023). Analysis of frameworks/methods for information security risk management (Masterʼs thesis, Πανεπιστήμιο Πειραιώς).

Исатайұлы, С. Қ., & Алимжанова, Ж. М. Аудит информационной безопасности методами оценочного динамического моделирования. In The XIII International Science Conference «Perspective of science and practice», December 13–15, Amsterdam, Netherlands. 322 p. (p. 305).

Сидоркін, П., Горліченко, С., Некоз, В., & Шилан, М. (2023). Методи управління ризиками інформаційної безпеки CRAMM та COBIT 5 for Risk. Сучасні інформаційні технології у сфері безпеки та оборони, 47(2), 41-47.

Downloads

Published

2024-07-30

Issue

No. 3 (2024): FarDU.Ilmiy xabarlar jurnali (Aniq va tabiiy fanlar)

Section

Physics and technology

License

Copyright (c) 2024 Scientific journal of the Fergana State University

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.