Entry Information Security Risk Assessment Ievgeniia Kuzminykh 1,* , Bogdan Ghita 2 , Volodymyr Sokolov 3 and Taimur Bakhshi 4 1 Department of Informatics, King’s College London, London WC2R 2ND, UK 2 School of Engineering, Computing and Mathematics, University of Plymouth, Plymouth PL4 8AA, UK;
[email protected] 3 Department of Information and Cyber Security, Borys Grinchenko Kyiv University, 04212 Kyiv, Ukraine;
[email protected] 4 Center for Information Management and Cyber Security, Foundation for Advancement of Science & Technology, Lahore 54770, Pakistan;
[email protected] * Correspondence:
[email protected] Definition: Information security risk assessment is an important part of enterprises’ management practices that helps to identify, quantify, and prioritize risks against criteria for risk acceptance and objectives relevant to the organization. Risk management refers to a process that consists of identification, management, and elimination or reduction of the likelihood of events that can negatively affect the resources of the information system to reduce security risks that potentially have the ability to affect the information system, subject to an acceptable cost of protection means that contain a risk analysis, analysis of the “cost-effectiveness” parameter, and selection, construction, and testing of the security subsystem, as well as the study of all aspects of security. Keywords: information risk management; security risk assessment; risk classification; OCTAVE; CRAMM; RiskWatch; fuzzy logic Citation: Kuzminykh, I.; Ghita, B.; Sokolov, V.; Bakhshi, T. Information 1. Introduction Security Risk Assessment. Over time, the complexity of information systems is increasing, and, therefore, the Encyclopedia 2021, 1, 602–617. https:// issues of information security are becoming increasingly important for any organization.