Main Approaches to the Analysis and Estimation of Risks of Information Security

When constructing the system of ensuring information security developers are faced with the problem of determining the required level of availability, integrity and confidentiality of information resources and supporting infrastructure. To search for «borders» of the information system security certain standards and regulations in the field of information security can be used, but they are not always clearly defined. Certain methods of risk management are used to identify risks, rank them by severity, likelihood of occurrence, and to develop a method for the treatment of these risks. The article describes the purpose of systems analysis and risk assessment, discusses the necessity and the reasons for the emergence of such systems, describes and compares the main approaches to the problem of risk management and describes and compares existing software tools that utilize these approaches.