Risk Analysis and Control of Information Systems in ISO/IEC 17025 Accredited Testing Laboratories
Downloads
In the era of digital transformation, information security has become a critical determinant of reliability in ISO/IEC 17025 accredited testing laboratories, especially those conducting transformer parameter measurements that directly influence national energy infrastructure. This study develops a comprehensive risk analysis and control framework grounded in ISO/IEC 27005 and NIST SP 800-30 methodologies and enhanced with modern cybersecurity mechanisms, including Zero Trust architecture, DevSecOps practices, automated monitoring, and disaster recovery solutions. To provide an integrated evaluation of laboratory information system resilience, the research introduces a Trustworthiness Index (TI), combining confidentiality, integrity, and availability as core security attributes. Simulation results involving three hypothetical laboratories demonstrate that the implementation of advanced control mechanisms significantly increases TI values—from medium trustworthiness levels (55–68) to high levels (78–85). Additionally, an optimization model using the Steepest Ascent Method identifies the most effective configuration of controls for each laboratory profile, ensuring resource-efficient security enhancement. The findings reveal that compliance with ISO/IEC 17025 alone is insufficient to guarantee comprehensive information security, highlighting the need for systematic integration of international cybersecurity standards. Future work will involve validating the proposed model using real laboratory data and extending the TI methodology to multi-criteria or weighted assessment approaches.
Downloads
ISO/IEC 17025:2017. General requirements for the competence of testing and calibration laboratories. Geneva: ISO.
ISO/IEC 27005:2022. Information security, cybersecurity and privacy protection — Guidance on information security risk management. Geneva: ISO.
NIST SP 800-30 Rev. 1. (2022). Guide for Conducting Risk Assessments. National Institute of Standards and Technology, U.S. Department of Commerce.
Rose, S., Borchert, O., Mitchell, S., & Connelly, S. (2020). Zero Trust Architecture (NIST SP 800-207). Gaithersburg: NIST.
Humayed, A., Lin, J., Li, F., & Luo, B. (2021). “Cyber-Physical Systems Security—A Survey.” IEEE Internet of Things Journal, 8(7), 5606–5625.
Abomhara, M., & Koien, G. M. (2021). “Security and Privacy in Cloud Computing: Current Challenges and Future Research Directions.” Journal of Cloud Computing, 10(1), 50.
Shackleford, D. (2022). DevSecOps Practices and Tools: A Guide for Secure Development and Operations. SANS Institute.
Ahmad, R. W., Gani, A., & Hamid, S. H. A. (2023). “Resilience and Reliability in Cloud-based Critical Infrastructures.” Future Generation Computer Systems, 143, 230–243.
Georgescu, A. (2024). “Trustworthiness in Digital Infrastructures: Towards a Unified Index for Risk Assessment.” International Journal of Information Security Science, 13(1), 11–25.
ENISA (2025). Cybersecurity Guidelines for Testing and Calibration Laboratories. European Union Agency for Cybersecurity.
Nona Otkhozoria, Vano Otkhozoria, & Shorena Khorava. (2022). SEARCH FOR AN EXTREMUM USING THE STEEPEST DESCENT METHOD UNDER THE CONDITIONS OF EXPERIMENTAL ERRORS. World Science, (2(74). https://doi.org/10.31435/rsglobal_ws/28022022/7785
Otkhozoria, N., Petriashvili, L., Zhvania, T., & Lortkipanidze, N. (2025). Information Risk Analysis in Laboratories Complying with ISO/IEC 17025 Standard. International Science Journal of Engineering & Agriculture, 4(5), 50–61. https://doi.org/10.46299/j.isjea.20250405.05
Lortkipanidze, N., & Otkhozoria, N. (2024). Navigating business excellence: The crucial role of information technology service management through best practice ITIL. Georgian Scientists, 6(1), 120–124. https://doi.org/10.52340/gs.2024.06.01.15
Otkhozoria, N., Petriashvili, L., Zhvania, T., & Imerlishvili, A. (2025). Advancing information system testing: challenges, methods, and practical recommendations. International Science Journal of Engineering & Agriculture, 4(2), 203–214. https://doi.org/10.46299/j.isjea.20250402.13
Chkheidze, I., Otkhozoria, N., & Narchemashvili, M. (2021). EVALUATION OF MEASUREMENT QUALITY USING THE MONTE-CARLO METHOD. Universum, 65-70. doi: DOI: 10.32743/UniTech.2021.84.3-4.65-70
Otkhozoria, N., Tsiklauri, N., & Otkhozoria, V. (2024). Selection of Mathematical Optimization Methods for Solving Engineering Practice Problems. Georgian Scientists, 6(2), 286–293. https://doi.org/10.52340/gs.2024.06.02.30
Copyright (c) 2025 Georgian Scientists
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
