Information Security Risk Assessment Methodology and Software “Rubikon”

Olga Vybornova; Igor Pidchenko; Iskandar Azhmukhamedov

doi:10.2991/csit-19.2019.40

<Previous Article In Volume

Next Article In Volume>

Information Security Risk Assessment Methodology and Software “Rubikon”

Authors

Olga Vybornova, Igor Pidchenko, Iskandar Azhmukhamedov

Corresponding Author

Olga Vybornova

Available Online December 2019.

DOI: 10.2991/csit-19.2019.40 How to use a DOI?
Keywords: information security, risk assessment, subjective uncertainty, fuzzy cognitive model, acceptable risk, current risk, Rubikon, risk assessment software
Abstract: Risk assessment is an important part of the process of ensuring the required levels of information security of an organization. An urgent task is to develop a methodology for assessing information security risks, allowing not only to assess risks at the asset level, but also to trace their impact on the organization’s activities. This article describes the methodology of information security risk assessment “Rubikon”, including the algorithm of the acceptable risk assessment, fuzzy cognitive model and the algorithm of the current risks assessment. To determine the level of acceptable risk, we proposed to construct an acceptable risk curve. The developed model and the algorithm of the current risks assessment allow determining the set of values characterizing the current level of information security risks based on establishing of relationships between negative events, potential threats, protective measures, implemented attacks, information assets, sub-processes and main business processes of the organization. Results visualization is a set of points on the “damage-probability” coordinate plane. The conclusion about the acceptability of risks is made based on an analysis of the location of these points relative to the acceptable risk curve. In order to reduce the complexity of the risk assessment procedure using the «Rubikon» methodology manually, we developed software. In addition, the article provides an example of risk assessment using this software and a comparison of the results with the proven method. This proves the adequacy and reliability of the proposed approach to information security risk assessment.
Copyright: © 2019, the Authors. Published by Atlantis Press.
Open Access: This is an open access article distributed under the CC BY-NC license (http://creativecommons.org/licenses/by-nc/4.0/).

Download article (PDF)

<Previous Article In Volume

Next Article In Volume>

Volume Title: Proceedings of the 21st International Workshop on Computer Science and Information Technologies (CSIT 2019)
Series: Atlantis Highlights in Computer Sciences
Publication Date: December 2019
ISBN: 10.2991/csit-19.2019.40
ISSN: 2589-4900
DOI: 10.2991/csit-19.2019.40 How to use a DOI?
Open Access: This is an open access article distributed under the CC BY-NC license (http://creativecommons.org/licenses/by-nc/4.0/).

Cite this article

ris enw bib

TY  - CONF
AU  - Olga Vybornova
AU  - Igor Pidchenko
AU  - Iskandar Azhmukhamedov
PY  - 2019/12
DA  - 2019/12
TI  - Information Security Risk Assessment Methodology and Software “Rubikon”
BT  - Proceedings of the 21st International Workshop on Computer Science and Information Technologies (CSIT 2019)
PB  - Atlantis Press
SP  - 230
EP  - 235
SN  - 2589-4900
UR  - https://doi.org/10.2991/csit-19.2019.40
DO  - 10.2991/csit-19.2019.40
ID  - Vybornova2019/12
ER  -

download .riscopy to clipboard