Use Case: Information Security Risk Assessment for Providers of Services in a Virtual Environment (CROSBI ID 706053)
Prilog sa skupa u zborniku | izvorni znanstveni rad | međunarodna recenzija
Podaci o odgovornosti
Musa, Mario ; Zorić, Petra ; Kuljanić, Tibor Mijo ; Gabelica, Nikolina
engleski
Use Case: Information Security Risk Assessment for Providers of Services in a Virtual Environment
Information and data in today’s world are the most valuable assets of an organization. Every business system, and thus the information and data that are part of such a system, is exposed to certain risks and threats. For this reason, organizations are forced to protect their assets. One of the key parameters that affect an organization’s exposure to risk is information security. Its goal is to protect information from threats. The information security risk management system establishes a mechanism for controlling and managing an acceptable level of risk in the organization. Selecting an appropriate risk assessment methodology allows the organization’s managers to prioritize risks according to their severity or some other criteria. Given the complexity of today’s information business, the Probabilistic Risk Assessment methodology has begun to be applied in information security risk assessment. By creating a use-case scenario, it is possible to conduct qualitative and quantitative risk assessments. Event trees and stable errors as part of the above methodology are used to indicate possible scenarios, as well as to find the causes of their occurrence and to model the possible failure of controls applicable to risk mitigation. This paper will present one of the use cases of information security risk assessment using these trees. Also, their application in the conditions of a complex information system will be presented on the example of an organization in the Republic of Croatia.
Information systems ; Probabilistic risk assessment ; Service availability ; Security threats
Part of the EAI/Springer Innovations in Communication and Computing book series (EAISICC)
nije evidentirano
nije evidentirano
nije evidentirano
nije evidentirano
nije evidentirano
Podaci o prilogu
379-395.
2022.
objavljeno
10.1007/978-3-030-67241-6_30
Podaci o matičnoj publikaciji
5th EAI International Conference on Management of Manufacturing Systems
Knapčíková, Lucia ; Peraković, Dragan ; Behúnová, Annamáriá ; Periša, Marko
Cham: Springer
978-3-030-67240-9
2522-8595
2522-8609
Podaci o skupu
Nepoznat skup
predavanje
29.02.1904-29.02.2096