SNW-аналіз підходів до побудови систем управління інформаційною безпекою

Abstract

This work compares the risk-based and game-theoretic approaches to building an Information Security Management Systems (ISMS). The study estimates these methods based on criteria such as risk assessment methodology, adaptability to evolving threats, implementation complexity, and consideration of attacker behavior. The risk-based approach ensures compliance with international standards and provides a structured methodology for security management. In contrast, the game-theoretic approach enables adaptive decision-making by anticipating an attacker's strategies. The analysis highlights the strengths and limitations of both methods, demonstrating that their combination offers a more effective ISMS model.