M.M. Goncharov

International and domestic standards relating to the information security management, are the basis for the mechanisms of information and managing risks analysis, assessing business continuity organization, planning and control systems security. Today, there are a large number of used methods and software tools automating the basic steps and procedures of analysis and risk management in complex information systems. However, the existing information security standards do not reflect specific requirements for information security of computer systems. Available methods of analysis and risk management systems are for commercial or industrial usage. In addition, due to the nature of information security of computer systems, assessment of risks and damages has some difficulties. Remedy of these deficiencies and improving the efficiency of decision-making by assessing and reducing security risks are possible through construction and analysis of cognitive models that take features of complex computer systems as a distributed object-specific security processes and technologies of information security. Hybrid fuzzy model based on fuzzy cognitive maps and fuzzy automata, and method of its construction are proposed. List of elements that determine the state of security of computer systems required for the construction of fuzzy cognitive maps and fuzzy automata is developed. Examples of the construction of fuzzy cognitive maps and fuzzy automata in the framework of a hybrid fuzzy model for information security risks evaluation are given. The method for the analysis of information security risks based on the proposed hybrid fuzzy model is presented.