THE ENTERPRISE INFORMATION SECURITY RISK ASSESSMENT SYSTEM BASED ON FUZZY LOGIC
DOI:
https://doi.org/10.33243/2518-7139-2019-1-1-97-104Abstract
The paper discusses the process of creating a fuzzy production model for assessing the risk of information security of an enterprise. It is shown that traditional methods are not sufficiently suitable for solving such problems precisely because they are not always able to clearly describe the conditions and provide the necessary data for making appropriate decisions, as a rule, uncertainty arises. It is shown that the existing methods of accounting and risk assessment are not deprived of subjectivity and important conditions leading to incorrect estimates of project risks. It is significant that a qualitatively performed analysis of information risks allows us to conduct a comparative analysis of "effectiveness - cost" of various protection options, select adequate countermeasures and controls, and assess the level of residual risks. In addition, risk analysis tools based on modern knowledge bases and inference procedures allow building structural and object-oriented models of information assets of a company, threat models and risk models associated with individual information and business transactions and, therefore, identifying such information assets of the company, the risk of violation of security which is critical, that is unacceptable. The proposed use of the theory of fuzzy logic to assess risks. To model the information security risk of an organization, it is proposed to present fuzzy models as fuzzy networks. The model contains a rule base and allows for linguistic analysis of risks that pose potential threats and damage to the organization. The relationship between factors (antecedent) and risk indicators (sequential) is a binary fuzzy relation on the Cartesian multiplication of the corresponding fuzzy sets. The fuzzy causal relationship between the antecedent and the sequential is given in the form of fuzzy products. The mechanism used in the methodology for obtaining risk assessments based on fuzzy logic allows obtaining a numerical value of risk, a linguistic description of the degree of risk, as well as the level of expert confidence in the occurrence of a risk event.Downloads
Issue
Section
Радіотехніка і телекомунікації
