ERP-SYSTEM RISK ASSESSMENT METHODS AND MODELS

Abstract

Context. Because assessing information security risks is a complex and complete uncertainty process, and non-appearance is a major factor influencing the effectiveness of the assessment, is advisable use vague methods and models that are adaptive to non-computed data. The formation of vague assessments of risk factors is subjective, and risk assessment depends on the practical results obtained in the process of processing the risks of threats that have already arisen during the functioning of the organization and experience of information security professionals. Objective. The object of the study are neural models that combine methods of fuzzy logic and artificial neural networks and systems , that is, human-like style considerations of fuzzy systems with training and simulation of mental phi novena of neural networks. Method. The paper analyzes modern areas of research in the field of information protection in information systems, methods and technologies of information security risk Assessments, use of vague models to solve problems of information security risk assessment , as well as concept and construction of ERP systems and analyze problems of their security and vulnerability. Results. Identified factors influencing risk assessment suggest the use of linguistic variables to describe them and use fuzzy variables to assess their qualities, as well as a system of qualitative assessments. The choice of parameters for the development of the structure of a fuzzy product model of risk assessment and the basis of the rules of fuzzy logical conclusion justified. Conclusions. A vague risk assessment model of ERP systems is considered. You have selected a list of factors that affect information security risk. The methods of assessment of risks of information resources and ERP-systems in general, assessment of financial losses from the implementation of threats, determination of the type of risk according to its assessment for the formation of recommendations for their processing in order to maintain the level of protection of the ERP-system are considered. The list of linguistic variable models is considered. The structure of the database of fuzzy product rules-MISO-structure is selected. Fuzzy variable models are considered.