Determining the period for information security risk checks

  • 1 Technical University Varna, Bulgaria


Risk assessments are not a one-off action, but there are no formal guidelines on when and how often a risk assessment should be carried out. Changing factors affect the risk assessment parameters. The strongest influence of these changes is the probabil ity of an accident. The article describes the main parameters of a model that is built on the basis of an asset and the incident scenarios defined for it. An analysis of the changes in the probability of an accident has been made. Dependencies are derived to determine the appropr iate periods for checking the risk factors. These periods must ensure an acceptable level of risk, which is within acceptable levels for the organization.



  1. БДС, ISO 31000:2011, Risk management — Guidelines, Bulgaria, 2011
  2. БДС, EN 31010:2010, Risk management – Risk assessment techniques,. Bulgaria, 2012
  3. INTERNATIONAL STANDARD ISO/IEC 27005:2018, “Information Technology-Security Techniques-Information
  4. Security Risk management”, Reference number ISO/IEC 27005:2018(E).
  5. Genchev P, “Analys is of changes in the probability of an incident with information security”, ICEST’2021, in press
  6. INTERNATIONAL STANDARD ISO/IEC 27004:2016, „Information techno logy — Security techniques — Information
  7. security management — Monitoring, measurement, analysis and evaluation”, Reference number ISO/IEC 27004:2016..
  8. Цанков Л., “Вероятности и физическа статистика - записки на лекции”, София, 2011г., виж на
  9. “Събития, инциденти, случайности, опасност и риск”, , виж на
  10. Genchev P., “An approach to support information securityrisk assessment “, BIA 2020, Electronic ISBN:978-1-7281-7073-2, Print on Demand(PoD) ISBN:978-1-7281-7074-9, Publication Year: 2020,Page(s):125 - 128

Article full text

Download PDF