:   .., ..
:   . II:
:  111
:  
:  2024
:   .., .. . II: // . 111. .: , 2024. .97-117. DOI: https://doi.org/10.25728/ubs.2024.111.4
:   , , ,
(.):  complex information systems, integral risk, complex assessment, accounting for uncertainty
:   . , . . , 蠖 , . , . . , SMART- .
(.):  When assessing information security risks, it isessentialto take into account thevarioustypes ofuncertaintiesthat are inherent ininformation systems.Currentmethods and algorithms forrisk assessmentmay not accountfor alloftheseuncertainties,whichcan lead to inaccuraterisk estimates.Therefore,itbecomesnecessarytodevelop a new or adapt an existing method forrisk assessmentthatconsidersall types of uncertaintyspecifictothe class of system under consideration.In this paper, webuild onourprevious idea of usinganintegrated assessment methodtoevaluateinformation risks.Thismethodaggregates assessmentsof informationsystemsbasedonstandard information security criteriasuch asconfidentiality, integrity,andavailability.By incorporating these criteria,we aim to obtain more accurate and reliable risk estimates that take into account all relevant uncertainties. In the first part of the work,wedemonstratedthat this method, with appropriate modifications, allowsfortaking into account all necessary types of uncertainty.Weproposean algorithm for identifying the structure ofanintegrated assessment tree based on the principle ofcombiningrelated criteria.We demonstrate theefficiency of the algorithm by building risk assessment trees for confidentiality, integrity,and accessibilityinSMART systems based on the Internet of Thingsusing this approach.

PDF

: 124, : 40, : 10.


© 2007.