Development of a comprehensive methodology for assessing information security risks in a commercial bank

Abstract

Read online

This paper discusses the methods of improving the security of the information system of a commercial bank. The subject of the study is a comprehensive methodology for assessing information security used to determine the level of security and risk of information security of an automated system based on predictive estimates and specialized software tools. The purpose of the study and the carried out analysis are to improve the effectiveness of decisions made when performing work on risk assessment and management in a commercial bank. The results presented in the framework of the developed methodology can be used to solve the problems of increasing the reliability of an automated information system in various fields and sectors of activity, including organizations of the industrial sector, as well as commercial organizations. The main approaches used in the development of a comprehensive risk assessment methodology relate to the methods of expert assessment, the theory of random Markov processes, methods and models of mathematical statistics and probability theory, methods of applied system analysis and forecasting.

Keywords

• risk assessment, information technology, commercial bank, information system, information security tools, automated information system.