Socio-technical aspects of information risks

Authors: Filippov D.L., Boyko E.V. Published: 12.05.2020
Published in issue: #2(82)/2020  
DOI: 10.18698/2306-8477-2020-2-657  
Category: The Humanities in Technical University | Chapter: Social sciences  
Keywords: information risk, human factor, formation of competences

The paper considers the components of information risks. It is indicated that the number of incidents caused by the human factor in various manifestations remains very large, while the actions of the internal intruder can be differentiated by the degree of their awareness of the probability and extent of the damage. It is pointed out that some national features of information security management can activate the social aspects of information risks.

[1] Sharapov A.V. Bezopasnost informatsionnykh tekhnologiy — IT Security, 2010, no. 2, pp. 44–48.
[2] GOST R ISO / IEC 27005–2010. Informatsionnaya tekhnologiya. Metody i sredstva obespecheniya bezopasnosti. Menedzhment riska informatsionnoy bezopasnosti. [State standard R ISO / IEC 27005–2010. Information technology. Security techniques. Information security risk management (ITM)]. Moscow, Standartinform Publ., 2011. Available at: http://docs.cntd.ru/document/gost-r-iso-mek-27005-2010 (accessed April 20, 2020).
[3] Federalnyy zakon «O tekhnicheskom regulirovanii» ot 27.12.2002 № 184-FZ (poslednyaya redaktsiya) [Federal Law “On Technical regulation” of 27.12.2002 no. 184-FZ (latest revision)]. Konsultant Plus. Available at: http://www.consultant.ru/document/cons_doc_LAW_40241/ (accessed April 20, 2020).
[4] GOST R 51897–2011 / ISO 73:2009 Menedzhment riska. Terminy i opredeleniya [State standard R 51897–2011 / ISO 73:2009. Risk management. Terms and definitions]. Moscow, Standartinform Publ., 2012. Available at: http://docs.cntd.ru/document/1200088035 (accessed April 20, 2020).
[5] Vyazankina A.V., Astakhova L.V. Interaktivnaya Nauka. Tekhnicheskie nauki — Interactive science. Technical Sciences, 2016, no. 6, pp. 66-70.
[6] Standart Banka Rossii STO BR IBBS-1.0-2014. Obespechenie informatsionnoy bezopasnosti organizatsiy bankovskoy sistemy Rossiyskoy Federatsii. Obshchie polozheniya [Standard of the Bank of Russia STO BR IBBS-1.0-2014. Ensuring Information Security of Organizations of the Banking System of the Russian Federation. General Provisions]. Москва, 2014. Konsultant Plus. Available at: http://www.consultant.ru/document/cons_doc_LAW_163762/ (accessed April 20, 2020).
[7] Petrenko S.A., Simonov S.V. Upravlenie informatsionnymi riskami. Ekonomicheski opravdannaya bezopasnost [Information risk management. Cost-Effective Security]. Moscow, DMK Press Publ., 2004, 392 p.
[8] Lapinsky I. Chelovecheskiy faktor v informatsionnoy bezopasnosti [The human factor in information security]. Available at: https://www.itweek.ru/security/article/detail.php?ID=183714 (accessed September 1, 2019).
[9] Britanskiy standart BS 7799-3. Sistemy upravleniya informatsionnoy bezopasnostyu [British Standard BS 7799-3. 2006. Information Security Management Systems]. 2006. Available at: https://konyakov.ru/konyakov/uploads/2014/01/BS_7799_3_ru.doc (accessed September 1, 2019).