Use of Approaches to the Methodology of Factor Analysis of Information Risks for the Quantitative Assessment of Information Risks Based on the Formation of Cause-And-Effect Links

April 16, 2019 · Declared Dead · 🏛 International Scientific-Practical Conference Problems of Infocommunications Science and Technology

"No code URL or promise found in abstract"

Evidence collected by the PWNC Scanner

Authors Ihor Dobrynin, Tamara Radivilova, Nadiia Maltseva, Dmytro Ageyev arXiv ID 1904.08384 Category cs.CR: Cryptography & Security Cross-listed cs.NI Citations 25 Venue International Scientific-Practical Conference Problems of Infocommunications Science and Technology Last Checked 3 months ago

Abstract

The paper suggests methods to the assessment of information risks, which makes the transition from a qualitative assessment of information risks (according to the factor analysis of information risks methodology) to a quantitative assessment. The development factor analysis of information risks methodology of the methodology was carried out using the mathematical apparatus of probability theory, namely Bayesian networks. A comparative analysis of the standard factor analysis of information risks methodology and the developed methodology using statistical data was carried out. During the analysis, the cause and effect relationships of the confidentiality violation have been formed, defined and given in the corresponding table and in the form of the Ishikawa diagram. As an example, it was calculated the amount of risk the company may be exposed to in case of violation of information confidentiality according to the standard factor analysis of information risks methodology and the developed methodology. It is shown that the use of proposed technique allows quantifying the risk assessment that can be obtained using the factor analysis of information risks methodology.