It has been tried to combine expert and statistics methods in analyzing information security risk. Author has brought general statements of information security risk management based on international and internal practices as well as proposed own risk analyzing process. The proposed method includes topologies of information resources, vulnarabilities, threats, impact, bulding events’ tree. It has been proposed to build agrigated risk over the certain information resource. Author has tried to convert experts’ metrixes into fuzzy mathematical model. Conclusion of the experiments is that self-learning model gives better results but in the environment of uncertaince, both experts’ and statistics data can be used.

Problems in programming 2018; 4: 82-92

Borovska O., Sinitsyn I., and Rodin Y. (2011). Comparing national and worldwide approaches in developing grid information security system. Programming Problems. 5, P. 99–109. (In Ukrainian)

Information Security Handbook: A Guide for Managers. National Institute of Standards and Technology. https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-100.pdf

Тerminology in the field of information security in computer systems from unauthorized access. ND TZI 1.1-003-99. http://dstszi.kmu.gov.ua. (In Ukrainian)

International standard BS ISO/IEC 27005:2008, 2008-06-15.

Zagorodnyy A., Borovska O., Svistunov S., Sinitsyn I., Rodin Y. (2014) Сreation of an integrated information resource protection system in the national grid infrastructure. K.: Stal, 373 p. (In Ukrainian)

Borovska O., Svistunov S., Sinitsyn I., Shi-lin V., Rodin Y. (2010). Approaches in developing information security system in the national grid infrastructure. Kyiv: Bogolyubov Institute for Theoretical Physics, 51 p. (In Ukrainian)

Rodin Y. (2012). Processing approaches in the field of information security risk management modeling. Mathematical Machines and Systems, 4, Р. 142–148.

Ming-Chang Lee. (2014). Information Security Risk Analysis Methods and Research Trends: AHP and Fuzzy Comprehensive Method. International Journal of Computer Science & Information Technology (IJCSIT). Vol. 6, N 1.

Integrated Site Security for Grids. − https://isseg-training.web.cern.ch/ISSeG-training/

Zadeh L. (1975). The concept of linguistic variable and its application to approximate reasoning. Information sciences, 8, P. 199−249. CrossRef

Malyshev N., Bershtein L., Bozhenyuk A. (1991). Fuzzy modeling for experts systems in SAPR. Moscow: Energoatomizdat, p. 136. (In Russian)