MODELS FOR ASSESSING RESIDUAL RISK IN INFORMATION SYSTEMS
DOI: 10.31673/2409-7292.2025.016743
DOI:
https://doi.org/10.31673/2409-7292.2025.016743Abstract
The article considers new models for assessing residual risk in information systems. The proposed models allow for a
more accurate assessment of the state of cybersecurity by taking into account various risk factors and mechanisms of their
influence. The practical application of the models to increase the effectiveness of information protection systems is described.
The results obtained can be used to improve the cyber protection of organizations and critical information systems. New models
for assessing residual risk were presented, which take into account the impact of different types of threats, the level of IS security
and the dynamics of changes in the cyber threat environment.
Keywords: cybersecurity, information system, residual risk, assessment models, cyber protection.
References
1.ISO/IEC 27005:2018. Information security risk management.
2.NIST Special Publication 800-30. Guide for Conducting Risk Assessments.
3.Ransbotham S., Mitra S., Ramsey J. "Security risk management: frameworks and best practices." Journal of
Cybersecurity, 2022.
4.ENISA Threat Landscape Report 2023.
