INFORMATION SECURITY
Determining the period for information security risk checks
Risk assessments are not a one-off action, but there are no formal guidelines on when and how often a risk assessment should be carried out. Changing factors affect the risk assessment parameters. The strongest influence of these changes is the probabil ity of an accident. The article describes the main parameters of a model that is built on the basis of an asset and the incident scenarios defined for it. An analysis of the changes in the probability of an accident has been made. Dependencies are derived to determine the appropr iate periods for checking the risk factors. These periods must ensure an acceptable level of risk, which is within acceptable levels for the organization.