Algorithm of information security risk assessment based on fuzzymultiple approach

Abstract

The accession of humanity to the era of high-end technology has accelerated the development of Internet technologies, which has encouraged the booming development of automated information systems (AIS), which are gaining popularity. Currently threats combine the influence of all components of security. Threats have gained signs of hybridization. Providing information security is part of the information system management as a whole. In this case, one of the most important components of the InfoSec management system is the risk assessment, which is intended to determine the effectiveness of the applicable protection mechanisms based on the corresponding metrics. The calculations of the system information security level in comparison to the calculations using the FAIR methodology are given in the work. It is possible to state that the proposed methodology does not yield to its efficiency. Indeed, under the same input conditions, identical values of the indicators in the linguistic form of evaluation were obtained. The methodology provides an opportunity to translate the obtained results of risk assessment from a mathematical language into a linguistic form that is more comprehensible to the decision-maker. This increases the effectiveness of the management of automated information systems protection mechanisms.