TY - JOUR AU - Kozhukhivskyi, A. D. AU - Kozhukhivska, O. A. PY - 2022/04/08 Y2 - 2024/03/29 TI - DEVELOPING A FUZZY RISK ASSESSMENT MODEL FOR ERPSYSTEMS JF - Radio Electronics, Computer Science, Control JA - RIC VL - IS - 1 SE - Neuroinformatics and intelligent systems DO - 10.15588/1607-3274-2022-1-12 UR - http://ric.zntu.edu.ua/article/view/254679 SP - 106 AB - <p>Context. Because assessing information security risks is a complex and complete uncertainty process, and uncer-tainties are a major factor influencing valuation performance, it is advisable to use fuzzy methods and models that are adaptive to non-calculated data. The formation of vague assessments of risk factors is subjective, and risk assessment depends on the practical results obtained in the process of processing the risks of threats that have already arisen during the functioning of the organization and experience of information security professionals. Therefore, it will be advisable to use models that can adequately assess fuzzy factors and have the ability to adjust their impact on risk assessment. The greatest performance indicators for solving such problems are neuro-fuzzy models that combine methods of fuzzy logic and artificial neural networks and systems, i.e. “human-like” style of considerations of fuzzy systems with training and simulation of mental phenomena of neural networks. To build a model for calculating the risk assessment of information security, it is proposed to use a fuzzy product model. Fuzzy product models (Rule-Based Fuzzy Models/Systems) this is a common type of fuzzy models used to describe, analyze and simulate complex systems and processes that are poorly formalized.</p><p>Objective. Development of the structure of a fuzzy model of quality of information security risk assessment and protection of ERP systems through the use of fuzzy neural models.</p><p>Method. To build a model for calculating the risk assessment of information security, it is proposed to use a fuzzy product model. Fuzzy product models are a common kind of fuzzy models used to describe, analyze and model complex systems and processes that are poorly formalized.</p><p>Results. Identified factors influencing risk assessment suggest the use of linguistic variables to describe them and use fuzzy variables to assess their qualities, as well as a system of qualitative assessments. The choice of parameters is substantiated and the structure of the fuzzy product model of risk assessment and the basis of the rules of fuzzy logical conclusion is developed. The use of fuzzy models for solving problems of information security risk assessment, as well as the concept and construction of ERP systems and analyzed problems of their security and vulnerabilities are considered.</p><p>Conclusions. A fuzzy model has been developed risk assessment of the ERP system. Selected a list of factors affecting the risk of information security. Methods of risk assessment of information resources and ERP-systems in general, assessment of financial losses from the implementation of threats, determination of the type of risk according to its assessment for the formation of recommendations on their processing in order to maintain the level of protection of the ERP-system are proposed. The list of linguistic variables of the model is defined. The structure of the database of fuzzy product rules – MISO-structure is chosen. The structure of the fuzzy model was built. Fuzzy variable models have been identified.</p> ER -