Currently, the number and frequency of cyber attacks on the assets of organizations and businesses is growing. Threats are becoming more sophisticated. In the protection of information security, vulnerabilities are being sought that help attackers implement threats and cause tangible damage. Therefore, the issue of security of information assets is relevant. In this article, attention is paid to information security and the problem of analysis and assessment of information security risks with the use of fuzzy logic tools is considered. The issues of methodology and methods used for the analysis and assessment of information security risks are considered. A qualitative assessment method has been chosen. The main factors influencing the assessment of information security risks are highlighted - vulnerability, threat and asset value. A linguistic approach using term sets is proposed to describe the factors. A fuzzy expert system has been developed for the analysis and assessment of information security risks using the MATLAB application software package and the Fuzzy Logic Toolbox extension package. The Mamdani algorithm is used for fuzzy inference. The obtained results of information security risk assessments for organizations of different levels demonstrated the adequacy of the proposed model. Also, this expert system can be used to monitor and predict information security risks.
|
