Methods and Approaches to Investigating Information Risks by Means of Economic Cost Models

The article deals with legal documents in the field of information security, methods of the information risk assessment including economic cost models for identifying probabilistic parameters and structure of information risks and application of these models to the analysis of investments in information security projects. An adequate assessment of information risk and optimization of investments amount in the information security projects are based on approaches and procedures contained in the international standards for managing information security risks. Unfortunately, these standards are largely conceptual and advisory without taking into account of many factors that significantly affect the accuracy and objectivity of risk assessment. Economic approach to the analysis of risks including the known Gordon-Loeb model is focused mainly on the optimal risk management in general without tailoring to the real object producing risks. We offer models that use heuristic motivational and cost mechanisms to determine the parameters and the structure of risks. These models set links between international standards of the analysis and risk assessment and approaches to the risk optimization presented in the Gordon-Loeb model. To ensure a greater compatibility of these models and practical requirements that must be met through their structure, we introduced the information about the psycho-social characteristics of the intruder.