Analysis and Management of Information Security Risks in a Commercial Company

Student: Nikitin Andrey

Educational Programme: Information Security Management (Master)

Year of Graduation: 2019

ANNOTATION to the master's thesis on “Analysis and risk management of information security in a commercial company” A student of the Faculty of Business and Management, National Research University "Higher School of Economics" Information Security Management programs Nikitin Andrey Olegovich The object of study is the corporate information service systems of a commercial company and the process of identifying and calculating information security risks. The purpose of the study is to develop a method for analyzing and managing information security risks. To achieve this goal requires the following tasks: 1. Analysis and modeling of typical structural and functional characteristics of the process of risk management of information technology object information and information processing. 2. Building a generalized model of information security threats and information processing. 3. Development of a complex of fuzzy models for assessing and modeling information security risks. 4. Practical testing of the developed approaches to the assessment of information security risks in information processing systems. To solve the tasks in the thesis work, the following methods were used: 1. Review of generally accepted methods and standards for assessing information security risks 2. Observation. 3. Practical method. The master's thesis was completed on ninety-nine pages; it consists of an introduction, four chapters, a conclusion and a list of references consisting of twenty-four sources. The first chapter of the work "Research and structural-functional modeling of a generalized risk management process" reveals the essence of project management. And the concept of a process approach. The second chapter discusses the qualitative and quantitative methods for analyzing information security risks. Presents well-known techniques. The third chapter presents a software description of the implementation of a fuzzy risk management model, including development in the Matlab environment. In this paper, information security risk management methodologies were reviewed and an approach was proposed for risk management with implementation in the Matlab environment in the form of developing a set of fuzzy models for assessing and modeling information security risks. The results of this study will be presented in a leading pharmaceutical manufacturing company in Russia.

Student Theses at HSE must be completed in accordance with the University Rules and regulations specified by each educational programme.

Summaries of all theses must be published and made freely available on the HSE website.

The full text of a thesis can be published in open access on the HSE website only if the authoring student (copyright holder) agrees, or, if the thesis was written by a team of students, if all the co-authors (copyright holders) agree. After a thesis is published on the HSE website, it obtains the status of an online publication.

Student theses are objects of copyright and their use is subject to limitations in accordance with the Russian Federation’s law on intellectual property.

In the event that a thesis is quoted or otherwise used, reference to the author’s name and the source of quotation is required.

Search all student theses