Keywords
Risk analysis
Risk control
ISO/IEC 17025
ISO/IEC 27001
How to Cite
Abstract
The article examines modern approaches to the analysis and control of information system risks in ISO/IEC 17025 accredited laboratories. Particular attention is given to the reliability of measurement data related to transformer electrical parameters, the compromise of which can significantly impact the safety and economic stability of the energy sector. The novelty of the research lies in the development of an integrated model that combines international standards (ISO/IEC 27001, ISO/IEC 17025, NIST, ENISA), mathematical modeling methods (Bayesian networks, Fault Tree Analysis, Monte Carlo simulation), and both preventive and reactive security mechanisms (MFA, SIEM, backup recovery plans). The results demonstrate that the proposed model significantly reduces the probability of risk occurrence and potential economic loss, increases the number of identified threats, and provides deeper insight into critical cause-effect relationships. The presented approach offers an effective tool for enhancing the resilience and security of information systems in accredited laboratories.
References
ENISA. (2023). Threat Landscape Report 2023. European Union Agency for Cybersecurity.
Fenton, N., & Neil, M. (2019). Risk Assessment and Decision Analysis with Bayesian Networks. CRC Press.
Hubbard, D., & Evans, D. (2010). Problems with scoring methods and Monte Carlo simulation. Wiley.
ISO. (2022a). ISO/IEC 27001: Information security management systems – Requirements. International Organization for Standardization.
NIST. (2018). Framework for Improving Critical Infrastructure Cybersecurity. National Institute of Standards and Technology.
Sarker, I. H., et al. (2021). AI-driven cybersecurity: machine learning and deep learning for cyber threat intelligence. Symmetry, 13(2), 251.
Stamatis, D. H. (2003). Failure Mode and Effect Analysis: FMEA from Theory to Execution. ASQ Quality Press.