Mathematical representation of developing risk management principles in grc-solution for the banking system organizations of the Russian federation and its derivation
Authors: Abramova O.S., Posternak E.V. | |
Published in issue: #4(21)/2018 | |
DOI: 10.18698/2541-8009-2018-4-294 | |
Category: Informatics, Computer Engineering and Control | Chapter: Methods and Systems of Information Protection, Information Security |
|
Keywords: threatening in the area of information, the Bank of Russia, data asset, information security, information security risk assessment, information security tool, adversary model, information security management, information protection level |
|
Published: 11.04.2018 |
Many types of activity are actively regulated by the state in the information security area. This article considers the necessity for applying the system of the GRC class for the banking system organizations in the Russian Federation. The Bank of Russia is one of the regulators in the banking sector. The article examines the documentation that regulates the risk management process in the banking system organizations of the Russian Federation. We describe a mathematical model of the risk management techniques in the GRC-solution for the banking system organizations of the Russian Federation and its derivation, necessary for the follow-on development of the risk management techniques.
References
[1] Dorofeev A.V., Markov A.S. Information security management: basic concepts. Voprosy kiberbezopasnosti, 2014, no. 1(2), pp. 67–73.
[2] Dorofeev A.V. Information security management: risk management. Voprosy kiberbezopasnosti, 2014, no. 2(3), pp. 66–73.
[3] Mikov D.A. Analysis of methods and tools which are used in the various stages of information security risk assessment. Voprosy kiberbezopasnosti, 2014, no. 4(7), pp. 49–54.
[4] Chobanyan V.A., Shakhalov I.Yu. Analysis and synthesis of the requirements to the systems of safety of objects of the critical information infrastructure. Voprosy kiberbezopasnosti, 2013, no. 1(1), pp. 17–27.
[5] Barabanov A.V., Dorofeev A.V., Markov A.S., Tsirlov V.L. Sem’ bezopasnykh informatsionnykh tekhnologiy [Seven safe informational technologies]. Moscow, DMK Press publ., 2017, 224 p.
[6] Skvortsov M.A., Shakhalov I.Yu. Obzor metodov i sredstv otsenki riskov informatsionnoy bezopasnosti [Review on methods and tools of informational security risk assessment]. Bezopasnye informatsionnye tekhnologii (Bit-2016) [Safe Informational Technologies (BIT-2016)]. Moscow, Bauman Press, 2016, pp. 265–269.
[7] Dorofeev A.V. Information security management: transition to ISO 27001:2013. Voprosy kiberbezopasnosti, 2014, no. 3(4), pp. 69–73.
[8] Buldakova T.I., Mikov D.A. Ensuring the concordance and the adequacy of information security risk factors assessment. Voprosy kiberbezopasnosti, 2017, no. 3(21), pp. 8–15.
[9] Chuklyaev I.I. Methodical providing complex management of risks of informational security of function-oriented information resources management information systems. Voprosy kiberbezopasnosti, 2016, no. 4(17), pp. 61–71.
[10] Kazarin O.V., Repin M.M. The features of the risk analysis of confidential information leak through technical channels for creating radio-electronic equipment. Voprosy kiberbezopasnosti, 2015, no. 4(12), pp. 62–69.
[11] Petrenko Yu.A., Petrenko S.A. The best practice to control business continuity. Zashchita informatsii. Insayd, 2010, no. 5(35), pp. 12–21.
[12] Nikiforov D.A. Evolyutsiya IB. Evolution of information security: developments that have changed beyond recognition. Zashchita informatsii. Insayd, 2015, no. 6(66), pp. 44–45.
[13] Revenkov P.V., Berdyugin A.A. Expansion of the operational risk profile in banks under increase of DDoS-threats. Voprosy kiberbezopasnosti, 2017, no. 3(21), pp. 16–23.