INFORMATION SECURITY

Analysis of changes in the probability of an incident with information security

  • 1 Computer Science and Engineering Department, Technical University of Varna Varna, Bulgaria

Abstract

Risk assessments are not a one-off action, but there are no formal guidelines on when and how often a risk assessment should be performed. Changing factors affect the risk assessment parameters. The strongest influence of these changes is the probability of an accident. Examining changes in the likelihood of an accident will allow for more accurate planning of periods for checking ri sk factors and assessing risk. In this way, the assessed risk will reflect the changes that have taken place and will lead to more adequate risk management. The analysis of the influence of the changing risk factors is made with the help of a model, which is built on the basis of one asset and the accident scenarios determined for it. The model examines the characteristics of changes in the risk factors for the asset. Th e probability distribution for the random number of changes is determined. The results of the amended conditions are also random. They are expressed in a change in the level of probability of an accident. For these random variables, the main probabilistic characteristics are d etermined and dependencies are derived that can be used for analysis.

Keywords

References

  1. INTERNATIONAL STANDARD ISO/IEC 27005:2018, “Information Technology-Security Techniques- Information Security Risk management”, Reference number ISO/IEC 27005:2018(E).
  2. INTERNATIONAL STANDARD ISO/IEC 27004:2016, „Information technology — Security techniques — Information security management — Monitoring, measurement, analys is and evaluation”, Reference number ISO/IEC 27004:2016..
  3. Людмил Цанков, “Вероятности и физическа статистика - записки на лекции”, “Probabilities and physical statistics - lecture notes”, Sofia, 2011г., look at http://ntne.phys.uni-sofia.bg/BG/Manuals/PS.pdf
  4. “Събития, инциденти, случайности, опасност и риск”, "Events, incidents, accidents, hazards and risks", look at http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source= web&cd=&cad=rja&uact=8&ved=2ahUKEwj81vTSk5TuAhU HfMAKHVJmB7E4ChAWMAN6BAgEEAI&url=http%3A% 2F%2Fspaska.lirex.net%2Fins-educ%2Fbook- 1%2F04.pdf&usg=AOvVaw2_uboSA0ac8YsvR7RYdABh

Article full text

Download PDF