Kazmirchuk S. Methodology for assessing the security risks of information system resources

The dissertation is dedicated to the solution of the actual scientific and applied problem, which is related to the expansion of the functional capabilities of risk assessment (RA) tools of information systems resources (ISR) through the development of appropriate effective methodological support. The work analyzes the existing methods, techniques, software tools (ST) of risk assessment and existing databases of information systems resources (ISR) vulnerabilities to determine the set of criteria and identifying and evaluation components. On the basis of the obtained components, a mechanism to develop a set of parameters has been developed, which allows to realize the relevant formers of the analytical and synthetic tuple model of risk characteristics and to organize the selection process of the appropriate existing tools. Functionally, a complete basis of methods for modifying the order of linguistic variables (LV) is presented, which allows to implement the process of transforming the basic standards of parameters on fuzzy numbers (FN) without involving experts of the corresponding subject field and to extend the mathematical base of the fuzzy set theory, associated with operations on linguistic variables (LV) and testing properties of uniformity, unevenness, progression and regression of linguistic variables (LV) on trapezium and triangular fuzzy numbers (FN) before and after their respective functional transformation. The method of converting intervals into fuzzy numbers (FN) to formalize the process of standard values formation without the participation of experts is also presented. Risk assessment (RA) methods that allow carrying out the simultaneous processing of clear, fuzzy and combined values with the possibility of term modification and to automate and implement in real time the appropriate risk assessment (RA) process have been developed. Based on the proposed methods and model, a methodology with polymorphic properties on the risk assessment (RA) of security of information systems resources (ISR) has been developed, which allows to formalize and provide support for the process of creating tools with the properties of adaptability, efficiency, functionality and reliability. A complex of structural solutions of risk assessment (RA) computing systems has been developed. Also, on the basis of the proposed methodology and structural solutions, an experimental study of the risk assessment (RA) software systems has been developed and carried out in order to confirm the reliability of the theoretical positions and practical developments of the dissertation research.