Possibilities of Assessing Information Security RisksUsing Fuzzy Logic and Econometrics Methods

Abstract

The paper provides an overview of publications devoted to the assessment methods of information security risks in various systems, including those with network structures and using cloud technologies. In most studies, risk assessment and management include the construction of models that adequately show the occurrence of adverse conditions, taking into account various parameters that affect risk. These methods help to make decisions in order to reduce the potential damage that can be caused by external attacks on information resources or by realization of other threats through existing vulnerabilities. However, they provide an acceptable result in risk assessment in conditions where it is possible to quantify the parameters on which the risk depends. In conditions of high uncertainty, for example, when determining the dependence of risk on subjective factors, the use of these methods can lead to high errors. The authors propose the method of the combined use of fuzzy logic and regression analysis, which allows us to solve the problem of assessing the risk of information security in conditions of the uncertainty dependence of various parameters in complex information structures. It also allows you to set parameters on which the information security risk depends in a greater extent, and a list of parameters that you can ignore in the assessed situation. Using this method, you can plan measures to improve protection of the information system in both the short and long term.