The Validity of Information Security Risk Assessment Methods for Organizations

Based on statistical data, a contradiction is shown between an increase in financial investments in the information security (IS) of organizations and a steady increase in the number of IS incidents caused by internal users. A conclusion is made about the cognitive vulnerability and low degree of va...

Full description

Saved in:
Bibliographic Details
Published in:Scientific and technical information processing 2020-10, Vol.47 (4), p.241-247
Main Author: Astakhova, L. V.
Format: Article
Language:English
Subjects:
Computer Science
Computer Systems Organization and Communication Networks
Organizations
Risk assessment
Risk management
Security
Stereotypes
Citations: Items that this one cites
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Based on statistical data, a contradiction is shown between an increase in financial investments in the information security (IS) of organizations and a steady increase in the number of IS incidents caused by internal users. A conclusion is made about the cognitive vulnerability and low degree of validity of modern IS risk assessment methods. Stereotypes have been identified, the result of which are cognitive errors in assessing IS risks: the priority of technical protection of information from external threats of IS over organizational and technical protection from internal threats; distrust of the internal client, perception of it exclusively as an object of tough managerial influence, ignoring its subjective role in IS management; restriction of work with personnel within the IS management system with one-time measures and static criteria for assessing human risks and inattention to systemic measures and dynamic, situational criteria. The necessity of updating standards for IS risk management, as well as the development of new methods and tools for assessing, IS risks based on rejecting outdated stereotypes, is substantiated.
ISSN:0147-6882
1934-8118
DOI:10.3103/S014768822004005X