Analysis and treatment of risks in information systems

Abstract

The risk is the mathematical estimation of the probability of human loss, material damage, environmental damage, social and psychological damage, over a reference period, respectively future and in a given area, for a certain type of risk event. Risk is defined as a product between the probability of the disaster occurring and its impact [1]. Risks exist in all information systems, but they do not necessarily occur. Most experts are of the opinion: the sooner the potential danger will be determined, the more time it will remain for the team of designers to neutralize it or minimize the losses. Thus, the identification of risks must be carried out at the beginning of the works on the information systems. The risks that affect a system and that must be considered at the estimation stage can be differentiated as inherent risks, control risks and undetected risks.