Minor and Junior Oil Companies Problems in Russia

“…Vulnerability in itself does not cause damage it is only a condition or set of conditions that allows a threat to harm assets. When a threat is realized, one or more vulnerabilities of an asset can be used [58]. At that, one type of vulnerability can lead to many various security threats.…”

“…However, obtaining accurate P t i , P γ ψ , L l , and R l values is not an easy task. This is often not possible in practice [58]. In addition, to paraphrase Zadeh [65], as system complexity increases, analytical precision decreases [35].…”

“…An analysis of various relevant sources on the problems of information risk management [53,58,66,67] showed that to evaluate P t it is enough to enter three verbal gradations with the corresponding approximate quantitative estimates, without which any qualitative scale is meaningless:…”

“…This three-level scale, as noted by some experts [53,58,66,67], is usually sufficient for an initial high-level assessment. This is explained by the fact that estimates of the expected frequency of occurrence of a threat from level to level on a qualitative scale differ significantly, so it is unlikely that competent experts would be greatly mistaken in their estimates.…”

“…On the other hand, the value of the frequency estimate can be converted into the numerical equivalent of the probability of the threat occurrence, corresponding to a certain range of values. The results of the analysis of relevant sources [66,68,69] Then, using the well-known qualitative scales used in assessing information security risks [53,58,66,67], in particular, a three-level qualitative scale, we define the names of fuzzy variables-a set of values of a term-set T: T = {"low likelihood", "moderate likelihood", "high likelihood"} = {"L", "M", "H"}, that is α 1 = "L", α 2 = "M", α 3 = "H".…”

Technique for Evaluating the Security of Relational Databases Based on the Enhanced Clements–Hoffman Model

“…Vulnerability in itself does not cause damage it is only a condition or set of conditions that allows a threat to harm assets. When a threat is realized, one or more vulnerabilities of an asset can be used [58]. At that, one type of vulnerability can lead to many various security threats.…”

“…However, obtaining accurate P t i , P γ ψ , L l , and R l values is not an easy task. This is often not possible in practice [58]. In addition, to paraphrase Zadeh [65], as system complexity increases, analytical precision decreases [35].…”

“…An analysis of various relevant sources on the problems of information risk management [53,58,66,67] showed that to evaluate P t it is enough to enter three verbal gradations with the corresponding approximate quantitative estimates, without which any qualitative scale is meaningless:…”

“…This three-level scale, as noted by some experts [53,58,66,67], is usually sufficient for an initial high-level assessment. This is explained by the fact that estimates of the expected frequency of occurrence of a threat from level to level on a qualitative scale differ significantly, so it is unlikely that competent experts would be greatly mistaken in their estimates.…”

“…On the other hand, the value of the frequency estimate can be converted into the numerical equivalent of the probability of the threat occurrence, corresponding to a certain range of values. The results of the analysis of relevant sources [66,68,69] Then, using the well-known qualitative scales used in assessing information security risks [53,58,66,67], in particular, a three-level qualitative scale, we define the names of fuzzy variables-a set of values of a term-set T: T = {"low likelihood", "moderate likelihood", "high likelihood"} = {"L", "M", "H"}, that is α 1 = "L", α 2 = "M", α 3 = "H".…”

Technique for Evaluating the Security of Relational Databases Based on the Enhanced Clements–Hoffman Model