INFORMATION SECURITY RISK ASSESSMENT MODEL BASED ON FUZZY LOGIC

This article discusses the problem of information security in the Industrial Internet of Things (IIoT) environment. Assessing information security risks in IIoT is complicated by a number of factors: system complexity and heterogeneity, system dynamism, distributed network infrastructure, lack of standards and guidelines, and increased consequences of security breaches. Given these factors, assessing information security risks in IIoT requires an integrated approach adapted to the features and requirements of a specific system and industry. It is necessary to use specialized risk assessment methods and take into account the context and features of the system. A method for assessing information security risks in IIoT based on the mathematical apparatus of fuzzy set theory is proposed. In this paper, an analysis of information security threats to IIoT systems is conducted, from which the most significant criteria are selected. The rules on the basis of which decisions are made are formulated as logical formulas containing input parameters. Three fuzzy inference systems are used: one to assess the probability of a threat being realized, another to assess the probable damage, and the final one to assess the information security risk for the IIoT system. Based on the proposed method, examples of calculating the information security risk assessment in the IIoT environment are given. The proposed scientific approach can serve as a basis for creating expert decision support systems for designing IIoT systems