engleski

Use Case: Information Security Risk Assessment for Providers of Services in a Virtual Environment

Information and data in today’s world are the most valuable assets of an organization. Every business system, and thus the information and data that are part of such a system, is exposed to certain risks and threats. For this reason, organizations are forced to protect their assets. One of the key parameters that affect an organization’s exposure to risk is information security. Its goal is to protect information from threats. The information security risk management system establishes a mechanism for controlling and managing an acceptable level of risk in the organization. Selecting an appropriate risk assessment methodology allows the organization’s managers to prioritize risks according to their severity or some other criteria. Given the complexity of today’s information business, the Probabilistic Risk Assessment methodology has begun to be applied in information security risk assessment. By creating a use-case scenario, it is possible to conduct qualitative and quantitative risk assessments. Event trees and stable errors as part of the above methodology are used to indicate possible scenarios, as well as to find the causes of their occurrence and to model the possible failure of controls applicable to risk mitigation. This paper will present one of the use cases of information security risk assessment using these trees. Also, their application in the conditions of a complex information system will be presented on the example of an organization in the Republic of Croatia.

Information systems ; Probabilistic risk assessment ; Service availability ; Security threats

Part of the EAI/Springer Innovations in Communication and Computing book series (EAISICC)