Abstract:

Analysis of information security risks is an important part in design of information security systems. To date, the process of analysis of information security risks is reduced to the actions of the developers, based on personal experience. The analysis tools that are based on building assessments and conclusions in terms of the theory of probability are existed. The work is dedicated to the development of systems that will formalize and use the experience of professional designers and managers, and apply when assessing assets and risks of the qualitative assessment, a closer system participants and asset owners. To achieve this goal it is required a multi-step process by which it is constructed the formalized model of risk analysis using the Coras methodology. The models describing the behavior of the information system in the implementation of the scenarios of threats to information security are proposed. To describe the values of the parameters is used fuzzy linguistic assessment. For descriptions of the scenarios is used the tools of Petri-Markov nets. To describe the entire process of asset valuation methodology is used the Coras. Collectively it is obtained the model describing the effect of the threat scenarios to assess the system's assets. Using the developed model, it is possible to use natural assessment of the risks and threats that could reduce the value of the assets of the information system. The basis for this approach is the use of fuzzy linguistic terms as parameters describing the features of the system. Author Biographies Владимир Олегович Шапорин, Odessa National Polytechnic University, Av. Shevchenko, 1, Odessa, Ukraine, 65044 Senior Lecturer Department of computer intellectual systems and networks

Keywords: