Assessment of information risks based on expert information (for example, SBHI AR "Medical prevention center")
Abstract
Assessment of information risks based on expert information (for example, SBHI AR "Medical prevention center")
Incoming article date: 02.08.2016Now risks associated with the violation of information security properties become especially relevant, including for medical institutions. This article describes the technique of assessment of information risks, including the algorithm of assessment of the acceptable risk, fuzzy cognitive model and the algorithm of expert assessment of the current risks. The proposed model and algorithm of assessment of current risks allows defining of multiple points that characterize the current level of information risks on a coordinate plane "damage - probability". The main difference between the described method and already existent ones – is determination of asset significance for company that allows making reasonable management decisions in the end. The offered technique has been applied in the state budgetary healthcare institution of Astrakhan region "Medical prevention center": curve of acceptable risk is constructed; the current (relevant) information risks are estimated. Then results of assessment were used for making management decisions on lowering the risks to acceptable values.
Keywords: assessment of information risks, acceptable risk, current risk, fuzzy cognitive model, information asset, expert information, medical prevention center