ISSN 2071-8594

Russian academy of sciences

Editor-in-Chief

Gennady Osipov

A.Zh. Abdenov, V.A. Trushin, G.A. Abdenova, Y.A. Inozemtseva. Risk calculation on the base of objective and subjective assessments in respective nodes of SIEM-system

Abstract.

The article considers the issues of the risk management in the respective nodes of the SIEM-system for the organization goals in real time, for the recommendations of the information security in the enterprise information systems. Risk calculations are based on the objective assessments of the realization probability of adverse events, the predictions of damage value from security information violation. The recommendation offers to include the organization of effective choice of means on information resources security under financial restrictions for purchasing the means.

Keywords:

risk assessment; information security; information resources; information system; adverse events; objective assessments; damages.

PP. 87-99.

REFERENCES

1. Kotenko I.V., Saenko I.B. SIEM-sistemy dlya upravleniya informatsiey i sobytiyami bezopasnosti // Zashchita informatsii. INSIDE. 2012. № 5. S. 54-65.
2. Miller D.R., Harris Sh., Harper A.A. Van-Dyke S., Black Ch. Security Information and Event Management (SIEM) Implementation. McGrawHill Companies. 2011. - 430 p.
3. Abdenov A.Zh., Zarkumova-Raykhel R.N. Otsenivanie riska v informatsionnykh sistemakh na osnove obektivnykh i ekspertnykh otsenok // Voprosy zashchity informatsii. 2015, № 1. – S. 64-70.
4. Abdenov A.Zh., Zarkumova R.N. Vybor sredstva effektivnoy zashchity s pomoshchyu metodov teorii igr // Voprosy zashchity informatsii. 2010, №2. – S. 26-31.
5. ISO/IEC 27005:2008. Information technology. Security techniques. Information security risk management. 2008. - 56 p.
6. Risk management: Implementation principles and inventories for risk management/risk assessment methods and tools. ENISA (European Network and Information Security Agency). 2006. - 168 p.
7. Chi-Chun Lo, Wan-Jia Chen. A hybrid information security risk assessment procedure considering interdependences between controls // Expert Systems with Applications. 2011. V.39. pp. 248-257.
8. Vose D. Risk Analysis: F Quantitative guide. 3-rd edition. John Wiley & Sons, 2008. - 752 p.
9. Kumamoto H., Henley E. Probabilistic risk assessment and management for engineers and scientists.2-nd edition. Institute of Electrical and Electronics Engineers. Inc. New York, 1996. - 620 p.
10. NIST SP 800-30:2012. Guide for conducting Risk Assessments // National Institute of Standards and Technology. – URL: http://csrc.nist.gov/publications/PubsSPs.html - 22 p.
11. Simkin M.M. O rekurrentnoy filtratsii pri vzaimno-korrelirovannykh shumakh obekta i izmeritelya //Avtomatika i telemekhanika, 1980, № 1, S. 71-80.
12. Gribunin V.G., Chudovskiy V.V. Kompleksnaya sistema zashchity informatsii na predpriyatii. – M.: Izdatelskiy tsentr «Akademiya». 2009. - 416 c.
13. Baranov D. Otsenka effektivnosti upravleniya riskami // Informatsionnaya bezopasnost. 2004, № 2, iyun.– S. 26-27.
14. Terenin A.A. Proektirovanie ekonomicheski effektivnoy sistemy informatsionnoy bezopasnosti // Zashchita informatsii. INSIDE. 2005, №1. – S. 26-35.
15. Ouen G. Teoriya igr. – M.: Mir. 1971. - 230 c.