Quantitative risk assessment using the fuzzy sets method
DOI:
https://doi.org/10.17721/ISTS.2025.9.18-25Keywords:
risks, forecasting, losses, protection system, cybersecurity, information protectionAbstract
Background. This paper presents a quantitative risk assessment method based on the analysis and evaluation of risks in information systems. The proposed approach enables the use of a wide range of parameters, providing the creation of flexible assessment tools. This method allows calculating risks based on both statistical data and expert evaluations conducted under conditions of uncertainty and poorly formalized environments.
Additionally, the developed methods provide the representation of results in both numerical and verbal forms. For example, linguistic variables, which are often used to describe complex systems characterized by both quantitative and qualitative parameters, can be utilized. The risks of information systems can be described through a conceptual fuzzy set model that accounts for uncertainty, imprecision, and subjectivity in their evaluation.
Methods. The fuzzy sets method was applied to study the risks of information systems. This method facilitates the prediction of potential economic losses. The proposed approach allows the integration of various risk factors into a unified model, considering both quantitative and qualitative aspects of their assessment.
Result. During the study, a quantitative approach to assessing the risks of enterprise information systems was developed, enabling a comprehensive analysis and evaluation of the impact of various risk factors. The main results of the work include:
The model accounts for uncertainty, imprecision, and subjectivity of data, which is especially important in unstable environments. This ensures high adaptability of the method to different areas of enterprise activity.
The proposed methodology enables the quantitative assessment of potential losses associated with risks in information systems based on statistical and expert data.
Based on the risk assessment results, recommendations can be developed to improve measures for protecting the enterprise's information assets. This includes the creation of adaptive protection strategies aimed at reducing economic losses.
Conclusions. The use of the fuzzy sets method for quantitative risk assessment of information systems has proven its effectiveness due to its ability to account for uncertainty and subjectivity in data evaluation. The developed approach not only predicts risks but also supports informed decision-making to reduce potential losses, contributing significantly to the development of enterprise information security management systems.
Downloads
References
Кочетков, О. В., Гаур, Т. О., & Машін, В. М. (2019). Система оцінки ризиків інформаційної безпеки підприємства на основі нечіткої логіки. Наукові праці ОНАЗ ім. О. С. Попова, 1, 97–104. https://doi.org/10.33243/2518-7139-2019-1-1-97-104
Лаптєв, О. А., Колесник, В. В., Ровда, В. В. & Половінкін, М. І. (2024). Метод підвищення захисту особистих даних за рахунок синтезу резильєнтних віртуальних спільнот. Сучасний захист інформації, 4(60), 141–146. https://doi.org/10.31673/2409-7292.2024.040015
Лукова-Чуйко, Н., & Лаптєва, Т. (2024). Метод виявлення неправдивої інформації на основі експертної оцінки. Захист інформації, 26(1), 29–35. https://doi.org/10.18372/2410-7840./26.18822
Собчук, В. В., Циганівська, І. М., Лаптєв, О. А., & Журавльов, В. М. (2023). Планування технологічних ланцюжків засобами скінченно частково впорядкованих множин. Наукоємні технології, 60(4), 372–385. https://doi.org/10.18372/2310-5461.60.18266
Хорошко, В. О., Лаптєв, О. А., Хохлачева, Ю. Є., Аблуллах, Аль-Далваш Ф., & Пепа, Ю. В. (2024). Особливості проектування захищених інформаційних мереж. Наукоємні технології, 62(2), 154–163. https://doi.org/10.18372/2310-5461.62.18709
Barabash, O., Laptiev, O., & Grushina, O. (2023). The Conceptual Model of the Intelligent Network. Сучасний захист інформації, 4(56), 1–9. https://doi.org/10.1016/j.procs.2021.12.100 та https://doi.org/10.31673/2409-7292.2023.030202
Barabash, O., Sobchuk, V., Sobchuk, A., Musienko, A., & Laptiev, O. (2025). Algorithms for Synthesis of Functionally Stable Wireless Sensor Network. Advanced Information Systems, 9(1), 70–79. https://doi.org/10.20998/2522-9052.2025.1.08
Korchenko, А., Breslavskyi, V., Yevseiev, S., Zhumangalieva, N., Zvarych, A., Kazmirchuk, S., Kurchenko, O., Laptiev, О., Sievierinov, О., & Tkachuk, S. (2021). Development of a Method for Constructing Linguistic Standards for Multi-criteria assessment of Honeypot Efficiency. Eastern European Journal of Enterprise Technologies, 111(3/9), 63–83. https://doi.org/10.15587/1729-4061.2021.225346
Korystin, O., Korchenko, O., Kazmirchuk, S., Demediuk, S., & Korystin, O. (2024). Comparative Risk Assessment of Cyber Threats Based on Average and Fuzzy Set Theory. International Journal of Computer Network and Information, 16(1), 24–34. https://doi.org/10.5815/ijcnis.2024.01.02
Varela, C., & Domingues, L. (2022). Risks of Data Science Projects – A Delphi Study. Procedia Computer Science, 196, 982–989.
Yevseiev, S., Rzayev, K., Laptiev, O., Hasanov, R., Milov, O., Asgarova, B., Camalova, J., & Pohasii, S. (2022). Development of a Hardware Cryptosystem Based on a Random Number Generator with Two Types of Entropy Sources. Eastern-European Journal of Enterprise Technologies, Vol. 5, 9(119), 6–16. https://doi.org/10.15587/1729-4061./2022.265774
Yevseiev, S., Shmatko, O., & Romashchenko, N. (2019). Algorithm of Information Security Risk Assessment Based on Fuzzy-multiple Approach. Сучасні інформаційні системи, 3(2), 73–79. https://doi.org/10.20998/2522-9052.2019.2.13
Downloads
Published
Issue
Section
License
Copyright (c) 2025 Information systems and technologies security
This work is licensed under a Creative Commons Attribution 4.0 International License.
