D.A. Maliev1, D.V. Miskov2, M.A. Nazarenko3

1-3 Institute of Advanced Technologies and Industrial Programming (MIREA – Russian Technological University) (Moscow, Russia)

Formulation of the problem. Currently, due to the constant development of information technology and the increasing risk of leakage and breach of confidentiality of important information, much attention is paid to assessing information security risks to prevent or minimize the loss of important data belonging to companies and private users. Information Risk Factor Analysis (FAIR) is a risk management system that can help companies understand, analyze and measure information risk. Risk measurement serves as the basis for making informed decisions on the implementation of information security tools.

Target. Consider information security risk management using FAIR using the example of an electronics industry enterprise.

Results. The main aspects of managing and analyzing information security risks, as well as concepts and judgments on risk assessments are given. The taxonomy of factors contributing to risk and their mutual influence are considered. A risk management framework is presented that can help organizations understand, analyze and measure information risk. Definitions of risk variables are given, their application, data collection, ontology of fair analysis, range estimation, indicators and reporting are considered.

Practical significance. The analysis carried out will help to justify the introduction of tools for the deployment of encryption at the enterprise of the electronics industry.

Maliev D.A., Miskov D.V., Nazarenko M.A. Information security risk management in the electronics industry. Nonlinear World. 2022. V. 20. № 4. 2022. P. 51-59. DOI: https://doi.org/10.18127/j20700970-202204-05 (In Russian)

1. Jack F., Jack J. Measuring and Managing Information Risk. A FAIR approach. USA: Elsevier Inc. 2015.
2. Mahovikova G.A., Kas'janenko T.G. Analiz i ocenka riskov v biznese. M.: Jursajt. 2016 (In Russian).
3. Mihajlova N.V. Metody ocenki i analiza riskov.Tekst : neposredstvennyj. Materialy XVI Mezhdunar. nauch. konf. «Issledovanija molodyh uchenyh» (g. Kazan', janvar' 2021 g.). Kazan': Molodoj uchenyj. 2021. S. 9-11. URL: https://moluch.ru/conf/stud/archive/386/16258/ (data obrashhenija: 26.11.2021) (In Russian).
4. Shvec S.K. Analiz i ocenka riskov kompanii. SPB: 2015 (In Russian).
5. Voprosy upravlenija informacionnoj bezopasnost'ju. Vyp. 2. Ucheb. posobie dlja vuzov. Izd. 2-e, ispr. M.: Gorjachaja linija-Telekom. 2014. 130 s. (In Russian).