【 摘 要 】

Methods and means of assessing information security risks are considered. The main problems that arise in the process of performing the analysis of the security of an enterprise in the field of information security are shown. A brief review of the existing instrumental solutions to the problems of assessing the risks of information security organizations engaged in various fields of activity is given. The main advantages and disadvantages of methods for risk assessment and software based on these techniques are analyzed. The results of the review are presented, conclusions are made regarding the shortcomings of methods and tools, and the question of the optimal correlation of such concepts as the breadth of applicability of methods and software tools and reliability, accuracy and adequacy of information security risk assessment are considered. We propose new additional stages of risk analysis that allow improving existing methods and eliminating the shortcomings identified during the review.

【 授权许可】

Unknown