The Information Security Risk Management
The main formal tasks of the information security risk management process using functional and contextual models reflecting the basic concepts and basic functions of information security risk management systems.
Implementation of IT and program projects seems to be very complicated and taught process, associated with many uncertainties and risks. Sure, this does not mean the rejection of such projects, supposed the more responsibility for the decision making process of new information technologies implementation. To manage various problems which face project managers, it makes sense to use special risk management software. The functionality of modern risk management systems allows identifying risk occurrence, conducting scenario modeling, take the more appropriate managing decisions based on scenario analysis and mathematical calculations. All these functionality will support project manager to optimize his business activities in accordance to risk management practices and ensure better coordination and balance inside the project team. Currently there available a wide range of project management software, but it is reasonable to conduct some analysis in terms of applicability to specific IT projects. The author will review the most appropriate software solutions for the risk management in IT area, conduct competitive analysis and provide some recommendations on software selection.
Software development process nowadays faces many challenges and risks. In order to manage risks we need to understand the scope and objectives of the software developments and use the appropriate automated risk management tool. The study addresses software risk management in software development area and an approach to analysis, structuring, and evaluating risk with the help of specialized automated tools. The author provides recommendations on how to define a set of selection criteria for automated tools and analyses the growing demand for service hosting solutions and web-applications, stressing that almost any software including risk management tools can be successfully run using this method.
Ключевые слова: портфельный подход, концепция VaR, хеджирование рисков, хедж-премия, стоимость компании
The monograph is devoted to the development of research methodology of threats, vulnerabilities and risks in information security in organizations. Substantiated mathematical apparatus of research: axiomatization of Boolean , which as most adequately describes the processes of mental activity in the construction of expert system model of information security in the organization and eliminates various types of heuristics that are typical of artificial intelligence languages . Methodology contains descriptive ( verbal ) and math ( formalized ) components . The technique developed formalized description of threats, vulnerabilities and risks of information protection systems and synthesis of relations between them allows you to fully analyze and document requirements related to information security in the organization, avoiding the cost of excessive security measures possible in the subjective assessment of the risks to assist in planning and implementation of protection at all stages of the life cycle of information systems, ensure that work in the shortest possible time, provide a justification for the choice of countermeasures to evaluate the effectiveness of countermeasures to compare their various options. The monograph provides examples of using methods for cal factor calculations , ensuring correct the validity of decisions of experts in information security in organizations. For managers and specialists units for the protection of information.
World fi nancial crisis and increased volatility of major economic indicators raised attention to the problem of fi nancial risk management in corporations, and to the possibilities of fi nancial derivatives usage for hedging. In perfect markets hedging by means of derivatives allows corporations to mitigate fi nancial risks allowing for minimum costs. Current paper examines factors that restrict usage of derivatives for hedging currency risks by corporations on Russian fi nancial market. It is concluded that on Russian market it is reasonable to use internal facilities as basic method of currency risk management: asset/liability management, regulation of debt
currency structure, diversifi cation, etc. Derivatives should be used in addition to these facilities in very limited volumes for hedging the most predictable sources of risk.