Biblio

Filters: Author is Aleksandrov, Mark N.  [Clear All Filters]
2023-01-13
Mandrakov, Egor S., Dudina, Diana A., Vasiliev, Vicror A., Aleksandrov, Mark N..  2022.  Risk Management Process in the Digital Environment. 2022 International Conference on Quality Management, Transport and Information Security, Information Technologies (IT&QM&IS). :108–111.
Currently, many organizations are moving to new digital management systems, which is accompanied not only by the introduction of new approaches based on the use of information technology, but also by a change in the organizational and management environment. Risk management is a process necessary to maintain the competitive advantage of an organization, but it can also become involved in the course of digitalization itself, which means that risk management also needs to change to meet modern conditions and ensure the effectiveness of the organization. This article discusses the risk management process in the digital environment. The main approach to the organization of this process is outlined, taking into account the use of information tools, together with the stages of this process, which directly affect the efficiency of the company. The risks that are specific to a digital organization are taken into account. Modern requirements for risk management for organizations are studied, ways of their implementation are outlined. The result is a risk management process that functions in a digital organization.
2022-11-18
Aleksandrov, Mark N., Vasiliev, Victor A., Aleksandrova, Svetlana V..  2021.  Implementation of the Risk-based Approach Methodology in Information Security Management Systems. 2021 International Conference on Quality Management, Transport and Information Security, Information Technologies (IT&QM&IS). :137—139.
Currently, most companies systematically face challenges related to the loss of significant confidential information, including legally significant information, such as personal data of customers. To solve the problem of maintaining the confidentiality, integrity and availability of information, companies are increasingly using the methodology laid down in the basis of the international standard ISO / IEC 27001. Information security risk management is a process of continuous monitoring and systematic analysis of the internal and external environment of the IT environment, associated with the further adoption and implementation of management decisions aimed at reducing the likelihood of an unfavorable result and minimizing possible threats to business caused by the loss of manageability of information that is important for the organization. The article considers the problems and approaches to the development, practical implementation, and methodology of risk management based on the international standard ISO 31000 in the modern information security management system.