New method for assessing the risk of automated information systems information security based on fuzzy-multiple approach

Abstract

The subject of the study is the process of assessing the level of information security risk that is being implemented with the help of the fuzzy logic apparatus. The purpose of this work is to develop a methodology for assessing the degree of information security risk, which would avoid the uncertainty factor, that occurs when some parts of information about the analyzed automated information system are absent. The methodology is based on the use of fuzzy logic and fuzzy sets. Which implies the introduction of the term sets for each of the system characteristics and the linguistic assessment of the indicators. The tasks to be solved are to analyze existing information security risk assessment methodologies for identifying their strengths and weaknesses. On the basis of the conducted analysis, a new method for assessing the risk of automated information systems information security is proposed. The following results were obtained: the advantages and disadvantages of qualitative and quantitative methodologies for assessing the risk degree of automated systems information security were identified; the main stages of the proposed methodology were described; the degree of information security risk is calculated in comparison to the FAIR methodology. Conclusion: The methodology provides an opportunity to translate the obtained results of risk assessment from a mathematical language into a linguistic form that is more comprehensible to the decision-maker. This increases the effectiveness of the management of automated information systems protection mechanisms.