Method of numerical calculation of the security level of information infrastructure components

One of the key issues in the process of organizing information security is the assessment of compliance with the requirements for infrastructure protection, as well as response to current threats and risks. This assessment is ensured by conducting an appropriate audit. Domestic and international standards specify various methods for conducting an information security audit, and also provide conceptual models for constructing the assessment process. However, the disadvantages of these standards include the impossibility of their in-depth adaptation within individual information systems, as well as the partial or complete lack of a numerical assessment of security parameters, which can negatively affect the objectivity of the assessment of the parameters used and not reflect real threats. In turn, the adaptation of numerical methods in the analysis of the maturity level of information security processes allows solving a number of important problems, for example, automation of the assessment process, providing a more accurate indicator of identifying vulnerable components of the information infrastructure, as well as the ability to integrate the obtained values with other processes aimed at neutralizing current security threats from intruders. The purpose of this work is to analyze the possibility of using a numerical assessment of the maturity level of information security, as well as the use of fuzzy sets in the audit.

1. Alexandrov A.V., Veligura A.V., Sokolova Ya.V. Method of Comprehensive Assessment of Information Security of the Companies. Economic Vector. 2016;(2):104–112. (In Russ.).

2. Belikov Yu.V. Application of the Fuzzy Set Method in the Information Security Audit Process. Engineering Journal of Don. 2025;(4). (In Russ.). URL: http://ivdon.ru/ru/magazine/archive/n4y2025/9968

3. Ivanova N.V., Korobulina O.Yu. Audit Method of Information Security of the Information Systems. Proceedings of Petersburg Transport University. 2010;(4):143–153. (In Russ.).

4. Kovalenko B.B., Vakulenko A.A., Sorokopudov N.S. The Selection Tools of Information Security Audit's of the Enterprise Method. Scientific Journal NRU ITMO. Series: Economics and Environmental Management. 2019;(3):163–169. (In Russ.). https://doi.org/10.17586/2310-1172-2019-12-3-163-169

5. Nikitsina T. Audit of Information Security Incident Management Systems. Ekonomika i sotsium. 2024;(12–1):954–957. (In Russ.).

6. Voevodin V.A., Markin P.V., Markina M.S., Burenok D.S. Technique for Developing an Information Security Audit Program Taking into Account the Weight Coefficients Of Certificates Audit Based on the Hierarchy Analysis Method. Systems of Control, Communication and Security. 2021;(2):96–129. (In Russ.). https://doi.org/10.24412/2410-9916-2021-2-96-129

7. Voevodin V.A., Markina M.S., Markin P.V. Determination of the Weight of Audit Evidence by the Method of Point Ratings in the Information Security Audit. Computational Nanotechnology. 2020;7(1):57–62. (In Russ.). https://doi.org/10.33693/2313-223X-2020-7-1-57-62

8. Mynuddin M., Hossain M.I., Khan S.U., Islam M.A., Ahad D.M.A., Tanvir M.Sh. Cyber Security System Using Fuzzy Logic. In: 2023 3rd International Conference on Electrical, Computer, Communications and Mechatronics Engineering (ICECCME), 19–21 July 2023, Tenerife, Canary Islands, Spain. IEEE; 2023. P. 1–6. https://doi.org/10.1109/ICECCME57830.2023.10252778

9. Alali M., Almogren A., Hassan M.M., Rassan I.A.L., Bhuiyan M.Z.A. Improving Risk Assessment Model of Cyber Security Using Fuzzy Logic Inference System. Computers & Security. 2018;74:323–339. https://doi.org/10.1016/j.cose.2017.09.011

10. Lyubukhin A.S. Information Security Risk Analysis Methods: Fuzzy Logic. International Journal of Open Information Technologies. 2023;11(2):66–71. (In Russ.).

11. Belikov Yu.V. Development of a Fuzzy Classifier of Incoming Requests for Providing User Access to the Information Infrastructure. Engineering Journal of Don. 2024;(9). (In Russ.). URL: http://ivdon.ru/ru/magazine/archive/n9y2024/9472

12. Ouechtati H., Nadia B.A., Lamjed B.S. A Fuzzy Logic-Based Model for Filtering Dishonest Recommendations in the Social Internet of Things. Journal of Ambient Intelligence and Humanized Computing. 2023;14(5):6181–6200. https://doi.org/10.1007/s12652-021-03127-7

13. Yang Ya.L., Zhou Ya.H. A Fuzzy Logic Based Information Security Risk Assessment Method. Applied Mechanics and Materials. 2011;130–134:3726–3730. https://doi.org/10.4028/www.scientific.net/AMM.130-134.3726

14. Kerimkhulle S., Dildebayeva Zh., Tokhmetov A., et al. Fuzzy Logic and Its Application in the Assessment of Information Security Risk of Industrial Internet of Things. Symmetry. 2023;15(10). https://doi.org/10.3390/sym15101958

15. Guzairov M.B., Mashkina I.V., Stepanova E.S. The Method of Information Value Estimation Using Fuzzy Logic Tools. IT Security (Russia). 2012;19(1):18–29. (In Russ.).

16. Baranova E.K., Gusev A.M. The Method of Information Security Risk Analysis Using Fuzzy Logic Based Tools MATLAB. Educational Resources and Technologies. 2016;(1):88–96. (In Russ.).

17. Anikin I.V. Fuzzy Assessment of Information Security Risk Factors. IT Security (Russia). 2016;23(1):78–87. (In Russ.).