Modifications of the Formal Risk Analysis and Assessment for the Information System Security
More details
Hide details
1
Faculty of Computer Sciences and Information Technology, West Pomeranian University of Technology, Al. Piastów 17, Szczecin, Poland
2
Faculty of Applied Informatics and Mathematics, Warsaw University of Life Sciences, ul. Nowoursynowska 159, Warsaw, Poland
Adv. Sci. Technol. Res. J. 2024; 18(2):317-332
KEYWORDS
TOPICS
ABSTRACT
In the article, a modification of Formal Model of Risk Analysis FoMRA was proposed. The Modified FoMRA (1) method takes into account the guidelines of ISO/IEC 27001 and ISO/IEC 27005 standards. The applied modification and abstraction by resources and security controls (also called countermeasures) significantly shortened the time of risk weight calculation in comparison with the MEHARI method. An attempt was also made to further reduce the time of risk analysis using agents collecting information and data from various network nodes, from operating systems and devices, and additional agents containing information on reports on security procedures, security services, security management and organizational activities related to the information systems (maintenance, insurance, outsourcing contracts, etc.) and transfer it to the local FoMRA1 database. The obtained results indicate that the proposed method together with agents installed in various nodes enable a quick reaction to the system threats and prevention of their impacts (quasi-real-time security monitoring system).