CYBERSECURITY RISK ASSESSMENT SYSTEM

Abstract

This paper addresses the problem of cybersecurity risk assessment in the context of the growing number and diversity of cyber threats, emphasizing the need for adaptive evaluation methods. Existing risk assessment frameworks, such as FAIR, OCTAVE, and CRAMM, are analyzed, identifying their limitations in mitigating modern threats. A hybrid threat risk assessment method based on fuzzy set theory is selected, enabling flexible risk evaluation under uncertainty. A structural model, a core algorithm, and a software implementation of the risk assessment system are developed to automate the evaluation process as new data (expert assessments, emerging threats, etc.) become available, while also generating recommendations for optimal resource allocation. The proposed system's structural model consists of two primary components: the client-side data processing subsystem and the server-side data processing subsystem. The client-side subsystem performs the initial processing and storage of expert assessments of hybrid threats, incorporating modules for expert authentication, risk assessment, and data storage. The server-side subsystem handles key risk computation tasks and report generation, comprising modules for expert and threat identification, parameter formation for further assessment, expert opinion fuzzification, risk level evaluation, and report generation. Comprehensive testing and performance analysis of the proposed approach were conducted. The obtained results demonstrate its applicability in enhancing organizational cybersecurity, prioritizing the mitigation of the most critical risks, optimizing resource allocation for protection, and adapting to evolving threats.

Keywords: cybersecurity, hybrid threats, cyber threats, risk assessment, risk evaluation, fuzzy logic, fuzzy sets, critical infrastructure, linguistic variable, risk level, structural model, risk assessment system.