RISK MANAGEMENT OF INFORMATION SYSTEMS: STAGES OF THE RISK MANAGEMENT PROCESS
Abstract
The use of information systems (IS) is associated with a certain set of risks. Any assessment of information security risks begins with an inspection of the information system, identification of information resources and a description of information processing technologies. Risk, as a rule, means the possibility that a certain goal will not be achieved during the implementation of the project of automation of the enterprise. The analysis of risk factors is preceded by: planning measures to reduce the impact of risk factors on the outcome of the project and decision-making at various stages of the process of creating an information system. Risk analysis is a procedure for identifying information security (IS) risk factors and assessing their severity. IS risk analysis includes risk assessment and methods to reduce risks or reduce the associated adverse effects. The analysis first identifies the relevant factors and assesses their severity; the completeness of the identified factors increases the quality and accuracy of the predicted risks [1]. All entities that participate and make decisions in the process of enterprise automation (customer – enterprise and system integrator – supplier), carry out risk analysis, each one from his own position. Therefore, it is necessary to take economically justified protection measures when the possible damage is unacceptably large. To monitor the effectiveness of information security, periodic reassessment of risks is necessary, from the point of view of information security. Resources on the likelihood of such a breach and as part of business risks and handled in a similar manner. Thus, the overall risk assessment allows to implement the necessary measures at the level of departments, projects, specific risks or at the level of the organization as a whole. Upon completion of the overall risk assessment, risk processing is performed, which involves the adoption of one or more appropriate options that reduce the likelihood of risks and their impact on the information system.
References
Андрианов В.В., Зефиров С.Л., Голованов В.Б. Обеспечение информационной безопасности бизнеса. Москва : ЦИПСиР, 2016. 373 с.
Ибадулаев В.А., Космачев В.П. Концепция построения информационного обеспечения системы управления риском. URL: http://www.alf-center.com (дата звернення: 14.09.2021).
Основы информационной безопасности. Интернет-Университет Информационных Технологий. URL: http://www.intuit.ru (дата звернення: 15.09.2021).
Терещенко Л.О., Гужко C., Шайкан А.В. Управлінські інформаційні системи : підручник. Київ : КНЕУ, 2008. 485 с.
Andrianov V.V., Zefirov S.L., Golovanov V.B. (2016). Obespechenie informacionnoj bezopasnosti biznesa [Ensuring business information security]. Moskva: CIPSiR. (in Russian)
Ibadulaev V.A., Kosmachev V.P. (n. d.). Koncepciya postroeniya informacionnogo obespecheniya sistemy upravleniya riskom [The concept of building information support for the risk management system]. Retrieved from: http://www.alf-center.com (in Russian)
Osnovy informacionnoj bezopasnosti [Fundamentals of Information Security]. (n. d.). Internet-Universitet Informacionnyh Tekhnologij. Retrieved from: http://www.intuit.ru (in Russian)
Tereshchenko L.O., Huzhko C., Shaykan A.V. (2008). Upravlins'ki informatsiyni systemy [Management information systems]. Kyiv: KNEU. (in Ukrainian)
