Journal of Information and Organizational Sciences (Jun 2006)
IDENTIFICATION OF THE FREQUENCY AND THE INTENSITY OF THE THREATS IN THE FUNCTION OF DEVELOPMENT OF THE INFORMATION SYSTEM
Abstract
In the process of development of the security system of the information system, the risk assessment is the foundation for selection of the security measures. The reduction of the level of risk and the amount of costs depend upon the adequate selection of the security measures. The quality of the risk assessment depends upon the adequate assessment of the form and the intensity of the threats. If the forms of threats are not monitored in the business system, it should make its own threat assessment, or use experience of others. The best, but also the most time-consuming solution is to develop own security system, while the fastest way is to use experience of others. However, there is the problem of migration of some other solution to our own system. Depending upon the question whether we are adopting the experiences of domestic or foreign business systems, the question of the applicability to the system from the different business environment becomes relevant. This happens because of the significant differences in the form and intensity of threats in certain local environments or different branches of industry.