Company's Information and Telecommunication Networks Security Risk Assesment Algorithm

摘要

An information security and protection has the great importance for a state, company or man. At the state level the information security and protection is governed by laws. Meanwhile, at the enterprise level such laws do not exist or are not very clear. But at these days almost all companies and institutions dispose the information which must be protected. In the some companies the information's component consist of almost 100% production. The loss of information or its modification can have not only economic consequences but also sometimes can be a reason of the disaster with the victims of human. All business enterprises use the Information and telecommunications (ITN) networks. However, the use of such network is associated with the threats to the all network, to the network elements or the business itself. So the company's leaders and security service has the problem how to protect information from internal and external threats. The information security's one of the most important aspect is the information loss risk assessment. In the market it is possible to get such risk assessment tools. But they are expensive. Therefore, many of the small and medium-sized companies are not able to use such tools to assess the information loss risk. In addition, many of the existing threats assessment algorithms are adapted to needs of the state or big companies. Therefore, it is not appropriate to use these algorithms in the small and medium-sized enterprises. Some of the international agreements in cyberspace (eg, ACT) can also cause problems for such companies in the information security field.