sg
O‘zbekcha

METHODS OF ANALYZING AND ASSESSING INFORMATION SECURITY RISKS

Mualliflar

  • Nurlan Tashatov

    Evrosiyo milliy universiteti

  • Maksadjon Onarkulov

    Fargʻona davlat universiteti

  • Akbota Askarbekkizi

    Evrosiyo milliy universiteti

Kalit so‘zlar:

risk management, threats, information security, risk assessment, tool.

Annotatsiya

This article evaluates information security risk management processes, emphasizing the critical role of risk assessment in safeguarding organizational assets. It details the stages of risk assessment–identification, analysis, evaluation, and treatment–and scrutinizes tools such as CRAMM, FRAP, RiskWatch, MSAT, and CORAS for their effectiveness across various organizational settings. A comparative analysis assesses each toolʼs strengths and limitations, providing guidance for organizations to select appropriate methodologies that align with ISO 31000 standards.

This study aims to help organizations adapt to evolving threats and maintain compliance by enhancing their security frameworks through suitable risk assessment practices. The insights offered serve as a strategic resource for continuous improvement in information security management.

Mualliflar haqida

  • Nurlan Tashatov, Evrosiyo milliy universiteti

    Evrosiyo milliy universiteti. Qozogʻiston. Fizika-matematika fanlari nomzodi, professor

  • Maksadjon Onarkulov, Fargʻona davlat universiteti

    Fargʻona davlat universiteti, fizika-matematika fanlari boʻyicha falsafa doktori (PhD),

  • Akbota Askarbekkizi, Evrosiyo milliy universiteti

    Evrosiyo milliy universiteti, Qozogʻiston, magistrant

Adabiyotlar

International Organization for Standardization. (2018). ISO/IEC 31000: Risk management – Guidelines (ISO/IEC 31000:2018). https://www.iso.org/standard/65694.html

Волкова, Л. В., Макарова, Д. В., & Докучаев, В. А. (2021). Использование метода CRAMM для оценки информационных рисков. Телекоммуникации и информационные технологии, 8(1), 103-109.

Putra, S. J., Gunawan, M. N., Sobri, A. F., Muslimin, J. M., & Saepudin, D. (2020, October). Information Security Risk Management Analysis Using ISO 27005: 2011 For The Telecommunication Company. In 2020 8th International Conference on Cyber and IT Service Management (CITSM) (pp. 1-5). IEEE.

Wirtz, R., & Heisel, M. (2020). Model-based risk analysis and evaluation using CORAS and CVSS. In Evaluation of Novel Approaches to Software Engineering: 14th International Conference, ENASE 2019, Heraklion, Crete, Greece, May 4–5, 2019, Revised Selected Papers 14 (pp. 108-134). Springer International Publishing.

Kuzminykh, I., Ghita, B., Sokolov, V., & Bakhshi, T. (2021). Information security risk assessment. Encyclopedia, 1(3), 602-617.

Alimzhanova, Z., Tleubergen, A., Zhunusbayeva, S., & Nazarbayev, D. (2022, April). Comparative analysis of risk assessment during an enterprise information security audit. In 2022 International Conference on Smart Information Systems and Technologies (SIST) (pp. 1-6). IEEE.

Chandrinos, T. A. (2023). Analysis of frameworks/methods for information security risk management (Masterʼs thesis, Πανεπιστήμιο Πειραιώς).

Исатайұлы, С. Қ., & Алимжанова, Ж. М. Аудит информационной безопасности методами оценочного динамического моделирования. In The XIII International Science Conference «Perspective of science and practice», December 13–15, Amsterdam, Netherlands. 322 p. (p. 305).

Сидоркін, П., Горліченко, С., Некоз, В., & Шилан, М. (2023). Методи управління ризиками інформаційної безпеки CRAMM та COBIT 5 for Risk. Сучасні інформаційні технології у сфері безпеки та оборони, 47(2), 41-47.

Yuklab olishlar

Nashr etilgan

2024-07-30

Son

№ 3 (2024): FarDU.Ilmiy xabarlar jurnali (Aniq va tabiiy fanlar)

Bo‘lim

Physics and technology

Litsenziya

Mualliflik huquqi (c) 2024 Scientific journal of the Fergana State University

Creative Commons License

Ushbu ish Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 Xalqaro litsenziyasi ostida litsenziyalangan.