Abstract
<jats:p>The problem of quantifying information security risks for a specific class of systems ‒ geographically distributed information systems of law enforcement agencies is considered. The key methodological difficulty in applying traditional approaches in this subject area is associated with a systemic lack of reliable incident statistics, caused by both the confidential nature of operations and the uniqueness of many threats. As a solution, a mathematical model based on the apparatus of fuzzy set theory and fuzzy logic inference, adapted to operate under conditions of high uncertainty, is proposed. The model operates with qualitative expert judgments, formalized through the linguistic variables “Asset value”, “Threat probability”, and “Vulnerability degree”. The inference mechanism is implemented based on a complete knowledge base of twenty-seven production rules and the Mamdani algorithm, the output of which is a quantitative assessment of the integral “Risk level”. Model verification was conducted through a computational experiment simulating three characteristic system operation scenarios: mobile access through potentially hostile networks, secure data exchange via dedicated channels, and an internal insider threat. The experiment results demonstrate the model's adequate and logically consistent response, correctly identifying critical and acceptable states. Visualization in the form of a response surface confirms the nonlinear nature of the dependence of the resulting risk on the input parameters. The practical significance of the research, lies in the possibility of integrating the developed model into decision support systems for well-founded planning of protective measures and optimal resource allocation under conditions of incomplete initial data.</jats:p>