Methodology for assessing the risk associated with information and knowledge loss management

Abstract

In practice, there is a massive time lag between data loss and its cause identification. The existing techniques perform it comprehensively, but they consume too much time, so there is a need for fast and reliable methods. The article’s purpose is to develop a rapid methodology to assess the risk of information and knowledge loss management. It provides the implementation of eight steps and combines a risk mapping method modified by assessments based on risk factors and incidents as elements from set theory and using formalization via binary estimates. The methodology includes five significant events caused by the company staff, technical problems, software, cybercriminals, viral attacks, and 66 factors influencing company incidents. As a result, a risk map of 9 groups was built for a Ukrainian enterprise. Only two groups with the minimum number of incidents and low losses are represented by all five incidents. The defined overall level of each risk group ranges from 0.14 to 0.26, which indicates a low probability of all happenings in the group. In general, the resulting map shows the existence of specific security problems of the company under investigation. The proposed assessment allows us to interpret the level of risk in the company quickly, identify weaknesses in the information security system, and predict future losses.