COMPARATIVE ANALYSIS OF STANDARDS AND METHODOLOGIES FOR MANAGEMENT OF INFORMATION-SECURITY RISKS OF TECHNICAL AND ELECTRONIC SYSTEMS OF THE CRITICAL INFRASTRUCTURE
Abstract
Information security is a priority at the national and world level, which results with the need to define certain security violations with the ultimate goal of successfully preventing information breaches, and with that quickly and successfully remediating the consequences.
In a cyber-war scenario, the energy and financial sectors are considered as the most critical to national security. The identification of key weaknesses, risks and potential exposure to cyber threats in energy systems, as well as the creators of cyber incidents, can be performed based on the perception of possible cyber-attack scenarios.
At the world level, there are several models for assessing and managing security risk (ISO/IEC 27001, NIST 800-53, COBIT, OCTAVE Allegro, etc.) and therefore the main goal of this research is to sublimate and compare the values of the most frequently used methodologies, which will enable the selection of the best model for the successful prevention of information breaches and the quick and successful remediation of the consequences.
This paper will analyze the application of current standards and methodologies for managing information-security risks in the elements of CI, assessment of the level of application of standards and methodologies in the institutions, which are part of CI, as well as determining a way to improve the management of current information security risks.