Modern businesses are heavily dependent on information technology, making information system security and risk management strategically important issues. Information is becoming a key business asset, encompassing both static resources (databases, hardware configurations) and dynamic data processing processes. At the same time, the introduction of the latest technologies is accompanied by an increase in the threats of unauthorized access, privacy violations, and system failures [ 1–3 ].

Legal requirements, such as the GDPR in the European Union [ 4 ] and the Law of Ukraine “On Personal Data Protection” [ 5 ], which oblige organizations to conduct regular audits and assess potential threats, play an important role. In addition, the rapid development of technology, including the introduction of cloud services, the Internet of Things, and artificial intelligence, creates new vulnerabilities that must be taken into account when analyzing information security. Unaccountedfor risks can lead to significant financial losses, fines, and loss of user confidence [ 6 ]. Effective risk management contributes to the continuity of business processes, which guarantees the stable operation of information systems [ 7 ]. Particular attention should be paid to the protection of personal data at critical infrastructure facilities [ 8, 9 ], as their compromise can have large-scale consequences for national security, the economy and society. A reliable cybersecurity system for such facilities should include multi-level control mechanisms, regular threat monitoring, and the use of advanced encryption and authentication technologies.

An effective security audit of personal data information systems is an integral part of information security management. It allows you to assess the security of assets, analyze risks, and propose measures to improve information protection. However, the specifics of personal data make such an audit difficult to conduct, as data loss may be detected with a delay and the consequences are difficult to determine. There is often uncertainty in making decisions about the level of security and compliance with regulatory requirements [ 10–16 ].

An analysis of the literature shows the need for further research in the field of personal data protection. It is necessary to develop models, algorithms, and risk analysis tools to ensure prompt and effective decision-making during the security audit of personal data information systems [17– 24]. They should take into account the specifics of the systems and current regulatory requirements. In general, the main purpose of the security system is to ensure the stable operation of the enterprise, prevent threats, protect legitimate interests, and prevent information loss. It should include classification of information, forecasting of threats, creation of response mechanisms, and increase of cost-effectiveness of protective measures.

Risk is a combination of the probability of an event and its consequences. In most cases, the meaning of risk is defined as follows:

= , (1) where is the probability of successful implementation of the threat, is an assessment of the damage caused by the impact of an information security incident in the event of successful implementation of the threat. A threat is understood as a potential cause of an incident that can cause damage, so various methods are used to assess risks, including a basic vulnerability score, a full overlap protection model, an average risk value, and a loss probability function.

Information system security auditors should have access to effective tools that allow not only assessing the level of security but also formulating reasonable recommendations and developing countermeasures to improve it [ 13–15, 24–26 ]. This provides a favorable environment for in-depth analysis and complex tasks, which is important for increasing the professional efficiency of auditors. Risks to information systems, which can be caused by both technical errors and malicious acts, threaten basic security properties such as confidentiality, integrity, and availability of data. Many threats arise from insufficient adaptation of the infrastructure to changes in the external environment or internal inconsistencies in security measures, making risk analysis a crucial step in establishing the optimal level of protection, taking into account the allowable costs.

In the case of information security risk analysis, a risk can be understood as any distribution belonging to a set of various distributions which is the set of outcomes

× ⟶ , where is the set of system states; is the set of different decisions.

According to the definition of event probability, the process of risk analysis can be viewed as obtaining expert estimates of the frequency of realization of the threat in information systems over a given period. In the absence of statistical data or the emergence of new threats, such as an antivirus storm, the Bayesian approach is effectively used to quantify the factors that determine the level of security, because, in statistical problems, several probabilistic hypotheses are often considered, which change with the receipt of new information. The main advantage of the Bayesian approach is the ability to dynamically adjust probabilities that reflect the degree of confidence in various threat models based on current data, which allows you to obtain a posteriori estimates of the probability of information security incidents, track the receipt of new statistical data, determine the (2) interdependencies between risk factors, and formulate logical conclusions with a physical interpretation of changes in the structure of the problem’s dependencies.

The basis of the Bayesian approach is Bayes’ theorem, the main theorem of probability theory, which allows us to determine the probability that a certain event has occurred based on statistical data. In the case of analyzing the level of security of information system resources, we consider a random variable , which has a probability density ( | ) with parameters . Based on the obtained statistical data, we can conclude about another random variable , which has a probability distribution ( ). Then, according to the Bayes formula: ( | ) = ( | ) ( ) . (3) ( ) The main characteristics of the security of personal data information system resources are the following tuple of indicators: the ability to ensure confidentiality ( ), integrity ( ), and availability ( ) of information in the face of possible threats.

In the event of a threat of a certain type to the studied or similar resource equipped with the same information security systems and no violations of confidentiality, integrity, and availability, it is possible to calculate a posteriori probability of hypotheses for a particular data source.

When collecting facts, the probabilities of hypotheses will increase if the facts support them or decrease if the facts refute them. If three indicators are obtained simultaneously, provided they are independent, the appropriate formula is used:

( | ) ( | ) ( | ) ( ) ( | , , ) = . (4)

∑ ( | ) ( | ) ( | ) ( )

It is worth noting that it is obvious that if the results of the experiment indicate that the information security system did not provide a tuple of security indicators when exposed to a threat, then opposite scenarios should be considered. This means that it is necessary to carefully analyze the factors that contributed to the ineffectiveness of security measures and identify contradictions between the planned and implemented security measures. The use of risk analysis models and algorithms can help identify and resolve problems that arise when ensuring the security of personal data information systems:

( , , | ) = 1 − ( , , | ). (5)

The use of the Bayesian approach to analyzing information risks during the security audit of personal data information systems is relevant due to the ability of this method to quantify the probability of threats, taking into account new information and the specifics of personal data processing. The application of Bayes’ theorem allows us to systematize data on risks and vulnerabilities, evaluate the effectiveness of security measures, and determine optimal protection strategies [ 10, 11, 16, 19, 27, 28 ]. Particular attention should be paid to the confidentiality, integrity, and availability of personal data when identifying risks and developing protection strategies. Risk assessment, which takes into account the likelihood of a threat and potential losses, helps to increase the effectiveness of the information security system and helps to identify its weaknesses. Risk assessment is defined as follows: = , (6) where is the probability of successful realization of the th threat, is the damage estimate in case of successful realization of the th threat, = 1 … " is the number of possible threats.

Despite the importance of risk analysis, there are difficulties in using expert judgment, as it complicates the interpretation of the results. It is advisable to develop methods based on quantitative expert assessments obtained in monetary terms to ensure objectivity and convenience. The solution to these problems determines the relevance of further research in the field of risk analysis and management in information security.

The concept of ensuring the information security of personal data systems emphasizes that audit is a key component of the personal data security management cycle. There are three main types of audit: active, expert, and compliance audits, to ensure its correctness, an integrated approach with a combination of these types, as well as an analysis of security risks, is required [ 12–15, 24, 25, 28, 29 ]. Particular attention is paid to the study of decision support methods during the audit and the review of tools for automating the processes of verification of personal data information systems. The importance of the intellectual support of an expert with the use of data mining technologies to improve the efficiency of the audit is emphasized.

Risk ( ) is considered by the vast majority of experts to be a complex value that involves the existence of such factors as threats, vulnerabilities, and the damage itself, and is expressed using a formula:

= # $ %(&), (7) where # is the amount of damage (loss) in the event of an information asset security breach; $ is the probability of a threat occurring; %(&) is a function describing the probability of a threat to an information asset depending on the cost of providing protective measures, where & is the cost of providing information asset protection in monetary terms.

The amount of damage is determined exclusively by the protected information, the probability of a threat is a fixed value, and the probability of a threat being realized can be reduced by investing (&) in the information security of the asset [ 12, 19, 25 ]. There is a tendency to reduce the likelihood of a threat with increasing investment, but assessing the likelihood of threats, in particular, unauthorized access to protected information becomes difficult when taking into account the intentional actions of people. Increasing funding for information security reduces the likelihood of a threat exponentially [20, 26–29].

Then the function and graph of the dependence (Figure 1) of the probability of a threat on information security costs will look like this: $(&) = '( ) *∙, , ∀(') ∈ 00; 13, (8) - 4,

∀(&) ∈ , where ' is the probability of a threat; 5 is the correction factor for information security costs; & is the cost of protecting an information asset in monetary terms.

The experience of information attacks shows that increased investment in information security for an organization’s valuable assets reduces the likelihood of a threat and increases the likelihood of its implementation. This is confirmed by the facts of hacking of government websites, law enforcement databases, and security systems of banks and corporations by professional hackers and attackers who have extensive experience and use advanced technologies to find weaknesses in protection [ 14, 15, 24–26, 29 ]. The proposed function and graph of dependence (Figure 2) of the probability of threat realization on information security costs will be in the form of a quadratic function: %(&) =

(& − &8)9 : 7 ,

The& parameter indicates the amount of money allocated to protect the information asset. The parameters 6 and 7 are the upper and lower limits of the probability of a threat being realized, determined by expert estimates. It is important to note that the inability to specify a lower bound on the probability of a threat materializing is a drawback of the known models. Even with significant investments in security, the probability of damage cannot be reduced to zero, as current experience shows. An example is the probability of various events such as accidents or disasters.

Determining the amount of money for protective measures at which the value of the probability function of the threat reaches the lower bound 7 presents certain difficulties. The Gordon-Loeb economic model confirms that the optimal level of investment does not exceed > ? 36.8% of the total losses in the event of an information asset security breach, which has been experimentally confirmed empirically [ 1–3, 17 ]. Given the lack of statistical data, and based on intuitive considerations, it seems appropriate to link the value of &8 to a value equal to > ? 36.8% of the amount of damage due to a breach of information security of an asset. Thus, the function of the dependence of the probability of a threat realization on information security costs will be as follows: # 9

G : 7 , 6 − 7 %(&) = # 9 F& − ( (10)

D( E where # is the amount of losses in the event of an information asset security breach.

It should be noted that the study considers several alternative classes of functions of dependence on the probability of threat realization on information security costs. The choice of quadratic dependence in this work is due to the difficulty of determining additional parameters (coefficients) in alternative functions and their interpretation for providing expert assessments.

The task of finding the optimal level of investment in information security will then look like this: = # $(&) %(&) : & = #'( )*∙, H 6 − 7

# 9 F& − ( D( E # 9

G : 7 I : & ⟶ min.

(11)

The development of a threat model includes the stages of identifying types of information assets for risk assessment, determining the environment and sources of threats for each type of asset, which depends on the organization’s information security needs, and the ratio of the cost of protection to the risk. The process of risk identification is cyclical: first, a general threat scheme is formed, an expert cost estimate is made, and then significant risk factors are identified for which detailed models are developed. Threats from people require a high level of detail, in particular for internal and external perpetrators, taking into account their motives and typical actions. The risk of a security breach is determined based on expert assessments of the likelihood of a threat, its realization, and the severity of the consequences. The optimal level of investment in security is determined through nonlinear programming, in particular with the help of the Mathcad software product, which provides a convenient interface for calculations and analysis [ 3, 11–14, 16, 18, 19, 25–28 ]. Analysis of possible losses from threats to integrity, availability, and confidentiality, including fines for violation of regulations and the cost of information recovery, is a key step in the risk assessment process: = MNO : : 9, where MNO is the cost of recovery for the threat group, which is determined by the formula: where is the cost of recovery from the threat; 9 is the cost of compensation to personal data subjects; 9 = P ∙ ", "is the number of lawsuits from personal data subjects; is the maximum fine calculated by the formula: where = Q , 9, , P, SR.

The probability of realization of the identified and assessed threats is assessed by an expert method: where V is the answer to the question of the questionnaire; 6 is the importance coefficient determined by the expert method and satisfying the condition

W

The degree of criticality of threat groups is proposed to be determined based on the calculated value of the risk factor

Z XY = , (17)

[ where XY is the risk coefficient; Z is the consequences of the threat (asset value); [ is the number of threats in the group; \ is the risk measure.

The next step is to compare indicators for threat groups. Alternatives to 6 are compared for each indicator and threat groups are ranked:

6 = QZ, ], \R. (18)

The critical group of threats is determined by the risk coefficient, for this purpose, the assessments of alternatives are compared:

5 (6 )5 (6 ) = QXYR. (19)

To assess the security risk of personal data information systems, an object-oriented assessment model can be used, based on the use of the Petri net apparatus, which is distinguished by the developed rules for triggering transitions and allows taking into account the degree of risk to personal data information systems, as well as the probability of realization and repulsion of personal data security threats. The method for formalizing a mathematical object-oriented risk assessment model based on colored Petri nets is as follows: =< , TU , _, , ` >,

, = Q , 9, , PR,

W TU =

V 6 , where is the set of Petri net states; TU is the set of probabilities of threats realization; _ is the set of transitions that determine the rules for changing the network states; is the input positions (set of parameters of threats and countermeasures); ` is the output positions (set of residual risk values). The advantage of the model is the ability to implement the following features: a probabilistic network allows you to take into account both personal data risks and countermeasures to counter them by setting the probabilities of transitions. The Petri net helps to identify features related to personal data risks and countermeasures and ensures the implementation of a risk mitigation mechanism when implementing countermeasures. In addition, the network is dynamic, since at each cycle of calculation of the mathematical model, it is adapted to the changing properties of the personal data protection system [30].

To minimize the risks to personal data information systems, methods for identifying countermeasures, comparing them, calculating the probability of eliminating threats, and formulating an efficiency theorem have been proposed and implemented. When calculating a set of countermeasures that reduce the residual risk to zero, their effectiveness approaches one [ 12–14, 16, 18, 25 ]. The formed set of countermeasures (T) can be represented as a tuple

T =< XY, _, b >, (21) where XY is the value of the residual risk achieved by applying the formed set of countermeasures; _ is the ratio of neutralized threats to the total number of threats; b is the cost of the formed set of countermeasures. Thus, the modeling task is reduced to finding a set of countermeasures that has a residual risk of XY ⟶ 0, _ ⟶ 1, with an acceptable value of the total cost of this set of countermeasures.

The analysis and management of personal data information security risks include various methods, including tabular methods, fuzzy logic, game theory, and intruder modeling [ 12, 14–16, 19, 24, 25, 29 ]. Evaluation of the effectiveness of the protection system often uses economic indicators, but the complexity of the source data complicates the calculations. Risk analysis tools, such as COBRA, CRAMM, DS Office, FAIR, and OpenFAIR, are used to assess threats but have their limitations and requirements for integration with other systems. The choice of tool depends on the needs of the organization. The development of a new method includes collecting statistics on incidents, assessing specific threats, and using economic indicators to respond quickly to changes. Identifying vulnerabilities and system weaknesses is a key step in assessing the security of information systems, especially those containing personal data. In the context of risk management, risk analysis becomes an integral part of the methodology, which includes the identification of information system components, potential threats, and vulnerabilities (Figure 3). The complexity of information systems requires a systematic approach that includes several stages to ensure consistency and adequacy of security factors [21–24, 26–29].

The risk management methodology should be universal so that it can be applied in different areas and ideas can be organized in a structured way. Traditional probabilistic methods of risk analysis are becoming ineffective due to the lack of sufficient statistical data. Risk management includes measures to minimize the consequences, such as avoidance, probability reduction, protection, risk transfer (e.g., through insurance), threat detection, and recovery. This ensures the validity of decisions and the resilience of information systems in the face of technological change and cyber threats.

Modeling the stages of an information security audit of personal data systems involves a comprehensive approach to assessing and improving measures to protect confidential information. The first step is to analyze information assets, determine their importance, identify threats and vulnerabilities, and develop models of offenders and threats. The system security assessment includes verification of compliance with standards and the effectiveness of security measures. The final stage is the development of recommendations for security modernization, implementation of new technologies, and monitoring of changes in threats. Modeling these stages helps to maintain a high level of personal information security and reduce the risks associated with personal data processing [ 14, 15, 20–22, 24, 29 ].

The process of building a systemic model of personal data protection based on IDEF technologies includes several stages. The first step is to create a model that reflects the relationship between the security audit of personal data information systems and the organization’s activities. The second stage is the decomposition of the model for a more detailed analysis of the audit aspects. The third stage involves the formation of an ontology to unify terms in the field of personal data protection, which is important for standardizing the process. The last stage involves optimizing the model and ontology to increase efficiency and clarity [ 11–13, 17, 19 ].

First, a model of the relationship between the audit of information security of personal data systems and the main activities of the organization is built, which is then decomposed. Figure 4 shows a functional model that reflects the main stages of conducting an information security audit of personal data systems.

The analysis showed that the stages of “Assessment of compliance of personal data systems security with the requirements of regulatory documents” and “Assessment of risks to personal data systems information security” are labor-intensive and require expert support. The author proposes an ontology for systematizing the subject area of information security audit of personal data systems, including tasks, models, and decision-making methods, as well as a database of precedents for specific situations. The security profile of personal data information systems assesses compliance with security requirements through the evaluation indicators determined by experts for the level of protection [ 12–15, 20–22, 25–28 ]. A methodology for assessing the security of personal data information systems based on the creation of a security profile is proposed. To assess the compliance of the level of security of personal data information systems with the requirements of the regulatory framework, 15 group indicators of security of personal data information systems, designated as c , where ( = 1,2, … ,15) (Table 1), were identified. Group indicators determine the measures to ensure the security of personal data by the requirements of regulatory documents on personal data protection. indicators gTh ij . The assessment of private security indicators of personal data information systems c f is carried out by experts using questionnaires that take into account the requirements for each level of personal data security.

If the assessment of private indicators, the fulfillment of which is mandatory, results in a “no” answer, the score is gTh ij = 0; if the answer is “partially,” then gTh ij = 0,5; if the answer is “yes,” then gTh ij = 1. In the case of assessing private indicators, the fulfillment of which is optional, a “yes” answer leads to a score of gTh ij = 1; a “no” answer leads to the fact that the partial indicator is defined as unassessed and is not taken into account in the formation of the assessment results.

The final normalized score for the group indicator gTh iklmnop is calculated using the following formula:

∑ gTh ij gTh iklmnop = q

, = 1 ÷ 15, v = 1 ÷ [ , gTh irst where [ is the number of private security indicators of personal data information systems representing the group indicator; c gTh i is the value of the group indicator assessment; gTh irst is the maximum possible value of the quantitative assessment; gTh i q is the significance coefficient (0 ≤ q ≤ 1), which is assigned by an expert to adapt the personal data protection system to the conditions of their processing and the technical means used.

Based on the final scores of the group indicators gTh iklmnop, a normalized score gT is calculated, which reflects the degree of compliance with the requirements of the regulatory framework for personal data protection: (22) gT = ∑ gTh iklmnop , = 1 ÷ 15, (23)

gT~€ where gT~€ is the maximum possible value of the quantitative assessment gT. Since the maximum value of each of the 15 group indicators is 1, gT~€ = 15.

In this case, the method of expert assessments can be used not only to assess the degree of compliance with certain requirements for personal data protection but also to compare different options for building a personal data protection system [20–23, 27, 28]. The levels of compliance of the security of personal data information systems with the requirements of the regulatory framework are determined by expert assessments, taking into account the fact that the personal data operator can adapt the personal data protection system to the processing conditions and technical means used (Figure 5): • • • 0 ≤ gT < 0,75 is an unacceptable level of security in personal data information systems. 0,75 ≤ gT < 0,95 is moderated security, but countermeasures are required. 0,95 ≤ gT ≤ 1 is the value of the security level that meets the requirements of regulatory documents on personal data protection.

Presentation of the results in the form of the above diagram allows for a visual assessment of the state of personal data protection. The results of the assessment reveal the inconsistency of the security of certain assets of personal data information systems with regulatory requirements, and then an assessment of information security risks caused by this inconsistency is made.

The use of fuzzy logic for information security risk assessment is driven by the need to adapt to uncertainty and the dynamics of cyber threats, which allows for the consideration of fuzzy or ambiguous concepts and expert experience. Methods for assessing information security risks include tabular methods, fuzzy logic, game theory, and a combination of expert and mathematical approaches. They allow risk assessment in the absence of accurate data and take into account social and psychological aspects. It is important to use fuzzy logic to formalize qualitative information, which provides flexibility in forecasting and risk assessment [ 10, 14–18, 21, 24 ].

Effective control of information system security audits using audit logs includes a personal data risk assessment algorithm that uses data mining. The assessment begins with the identification of the object and analysis of threats and vulnerabilities of systems, after which the likelihood and impact of threats on the confidentiality, integrity, and availability of data are assessed. Next, the overall risk is calculated, which allows you to make decisions on threat mitigation measures. An important part is the use of machine learning to detect anomalies in data processing and continuous security monitoring. A fuzzy logic-based information security risk assessment model supports experts in making decisions under uncertainty [20–24, 28]. In this context, the term “information security risk” is defined as the expected potential damage resulting from the impact of a threat due to the presence of vulnerabilities on an information asset: = ƒ~„…/‡ˆ‰Š,

.

ˆ‹Œ‡~Žˆ‹ ‰‰…‹Ž, Consider information security risk in a context where ƒ~„…/‡ˆ‰Š, represents the damage caused by the impact of a threat on an information asset; ˆ‹Œ‡~Žˆ‹ ‰‰…‹Ž, determines the value of this asset. The parameter which takes a value in the range from 0 to 1, determines the information security risk and can be expressed as a percentage (0 ≤ ≤ 100%) relative to the value of the asset ˆ‹Œ‡~Žˆ‹ ‰‰…‹Ž, .

The decomposition of the fuzzy inference system suggests dividing it into two relatively independent parts that solve the problem of assessing two indicators—the probability of successful threat implementation and the risk (potential damage) from the impact of the threat on personal data. Additionally, a set of fuzzy productive rules for risk assessment is proposed, obtained by converting the deterministic rules built in the ontology into fuzzy rules, such as: “IF Threat_Probability( ) is high and Vulnerability(9) is high, THEN Threat_Probability( ) is high,” ..., “IF Threat_Probability( ) is high AND Information_Asset_Value(P) is high, THEN Risk(S) is high” (Figure 6). (24)

The fuzzy logic method was used to analyze information security risks during the audit of the personal data system. Each term set (, c, ‘) for variables ( , 9, , P, ) was assigned a “center of gravity,” which allowed us to build a training set for a fuzzy neural network designed to assess information security risks to personal data system assets. For this purpose, a modular fuzzy neural network implemented in MATLAB using the ANFIS adaptive neuro-fuzzy inference system was used. This approach allows us to effectively assess information security risks in the face of uncertainty and system complexity (Figure 7).

In Figure 7 ’“, ’h , ’” are the values of membership functions for input variables  , 9,P and output variables  , S; LOM-1 (logic output modules), LOM-2 are logic output modules; DM-1 (defasification modules), DM-2 are defasification modules;  , ,  ,9,  , are numerical values corresponding to term sets for variable; , S, , S,9, S, are numerical values corresponding to term sets for variable S.

Figure 8 shows the possible options for decisions regarding the construction of information security systems: obtaining a rational solution (i.e., a solution that satisfies the given constraints on information security risk and the allocated costs for information security), accepting the risk, or increasing the budget.

The proposed modular neural network model has advantages, in particular, the ability to learn and reduce the number of fuzzy rules due to the division into modules. An algorithm for evaluating the effectiveness of personal data protection based on the Clements-Hoffman scheme with full overlap has been developed, which allows comparing and optimizing protection systems according to the criteria “information security risks is the cost of protection costs”. The assessment can be carried out in two problem formulations: • •

Minimizing the risk of information security information protection

•( ) ⟶ min at • = Σ—, — ≤ ˜˜…™Žš›….

Minimization of costs • for the creation of protective barriers while limiting the total risk • (at œ( ) ≤ ˜˜…™Žš›…) where ˜˜…™Žš›… is the maximum allowable cost of creating • in the presence of a limit on the total cost of protective barriers; ˜˜…™Žš›… is the maximum permissible value of the total risk •, i.e., the potential damage from the impact of threats; — is the cost of creating a barrier —∗; 0 ≤ — ≤ 1; 0 ≤ •( ) ≤ 1; 0 ≤

˜˜…™Žš›… ≤ 1; 0 ≤ • ≤ 1; 0 ≤ ˜˜…™Žš›… ≤ 1.

A prototype of an intelligent decision support system for auditing the information security of personal data systems combines technical solutions and algorithmic approaches, using artificial intelligence and machine learning to analyze security. The system provides automatic detection and classification of threats and vulnerabilities, development of protection strategies, as well as recommendations for effective security measures, taking into account the specifics of the information system. An important component is real-time security monitoring for rapid response to new threats, which allows taking into account the dynamics of threats and modern technological challenges (Figure 9) [21, 23, 30–34].

The software of intelligent decision support systems for auditing the information security of systems with personal data implements the main modules through the MATLAB graphical interface, with the ability to enter data through the Excel tabular interface, which organizes access to data via COM/DCOM for the Python computing core and the neural network unit for analyzing information security risks. The system analyzes information systems, builds a model of an intruder and threats, and assesses the level of security and compliance with regulatory requirements, as well as risks to information assets. This makes it possible to formulate recommendations for the modernization of personal data protection, which helps to reduce the risks from threats to personal data information security [20–23, 27, 28, 31].

To improve the accuracy of the information security risk assessment model built using fuzzy logic, training is performed, during which the model parameters are iteratively changed to minimize deviations between the logical conclusion and experimental data [26–28]. This includes changing the weights and parameters of membership functions. It is important to keep in mind that transparency must be maintained during model training to ensure meaningful interpretation.

The parameters of the membership function can be determined by. The Gaussian function (21) (where ž is the mathematical expectation and Ÿ9 is the variance) has the form: = 1 ( (¡9)¤¢£)£ (25)

] = ( ) ¥∙(¦§¢)£. (26)

The two coefficients introduced for this purpose (V and ž) graphically represent the “width” of the membership function (coefficient V), which is analogous to the “variance” parameter, and the coordinate of the membership function vertex on the abscissa axis (coefficient ž), which is analogous to the “mathematical expectation” parameter. This modification of the Gaussian function is due to the convenience of programming and a special restriction on the constancy of the ordinate of the vertices of the membership function. In the modified Gaussian function, the coordinates of the abscissa axis are determined by the variable ¨, ž, and the coordinates of the ordinate axis are determined by the variable ].

To correct the shape of the membership function, two parameters of the Gaussian function are changed: the variance and the mathematical expectation. In the process of modeling in Fuzzy Logic, increasing the “width” of the membership function of input variables (variance for Gaussian curves) while reducing the variance of the output variable gives a smoother, more uniform surface [ 13–16, 21, 25, 29 ]. The Fuzzy Logic interface allows you to build a three-dimensional image of the “surface of the fuzzy inference system” and a graph of the dependence of the output variable on the input variables, which helps to control the quality of the inference mechanism, where a smooth and monotonous graph indicates the sufficiency and consistency of the rules. The use of the “center of gravity” method during defuzzification leads to a narrower range of output values, which means that the risk level will never reach maximum or minimum values. For a model using fuzzy logic, it is advisable to introduce a correction factor to eliminate the effect of narrowing the range. In this case, the object model will look like the one shown in Figure 10. This correction function stretches the output variable to the normalized value of the risk variable 0 ÷ 1 relative to the average value.

Obtaining the parameters of the membership function in the information security risk assessment model using fuzzy logic is reduced to an optimization problem, where the criterion is the minimum area between the target and the obtained function, and the optimization parameters are the variance and mathematical expectation of the Gaussian function. Since the surface of the model has local minima and maxima that reduce accuracy, optimization allows you to obtain coefficients that make the model look monotonic. For multidimensional optimization, it is advisable to use the Gauss-Seidel method. The program algorithm shown in Figure 11, includes the creation of a model for assessing the risk of information security breach using fuzzy logic and automatic optimization of this model, as well as analysis and graphical display of the model in the form of a three-dimensional surface.

The information security risk assessment toolkit includes dialog interaction procedures that simplify decision-making and methodological techniques for preparing information and obtaining results. The program module also solves the problem of narrowing the range of initial values and includes an adaptive learning mechanism.

Taking into account the multidimensionality and component heterogeneity of information technologies and systems, as well as the complexity of harmful effects, necessitates the use of probabilistic models to assess information risks. Within this methodology, risk analysis becomes the main tool for determining the level of security of information systems, since security is defined as a state in which risks do not exceed the acceptable level. Statistical monitoring of attacks and their consequences is becoming necessary for enterprises of all sizes, with a special emphasis on strategic risk management. The use of risk analysis models and algorithms during the security audit of personal data information systems, in particular through the integration of audit methods and fuzzy logic, creates an effective toolkit for risk assessment and management. This approach ensures flexibility and adaptability of the assessment, maintaining a high level of accuracy and transparency in the process. The inclusion of an adaptive learning mechanism allows for improving risk management methods, increasing the efficiency and reliability of information systems.

An important aspect is the cyber defense of critical facilities and infrastructures, where the consequences of attacks can be catastrophic. Risk analysis and risk management in such infrastructures using probabilistic models opens up new opportunities for forecasting and improving the efficiency of information systems. The use of intelligent systems to support decision-making in audits allows not only to determine the level of security and assess compliance with regulations but also to provide recommendations for modernizing personal data protection, reducing the risk of dangerous threats to information security.

The authors have not employed any Generative AI tools.