Защита информации в организациях : методика исследования угроз, уязвимостей и рисков
The monograph is devoted to the development of research methodology of threats, vulnerabilities and risks in information security in organizations. Substantiated mathematical apparatus of research: axiomatization of Boolean , which as most adequately describes the processes of mental activity in the construction of expert system model of information security in the organization and eliminates various types of heuristics that are typical of artificial intelligence languages . Methodology contains descriptive ( verbal ) and math ( formalized ) components . The technique developed formalized description of threats, vulnerabilities and risks of information protection systems and synthesis of relations between them allows you to fully analyze and document requirements related to information security in the organization, avoiding the cost of excessive security measures possible in the subjective assessment of the risks to assist in planning and implementation of protection at all stages of the life cycle of information systems, ensure that work in the shortest possible time, provide a justification for the choice of countermeasures to evaluate the effectiveness of countermeasures to compare their various options. The monograph provides examples of using methods for cal factor calculations , ensuring correct the validity of decisions of experts in information security in organizations. For managers and specialists units for the protection of information.