METHODS OF SUBSTANTIATION OF ASSESSMENTS OF THE LEVEL OF INFORMATION SECURITY OF INFORMATION SECURITY SOFTWARE

Abstract

The article discusses approaches and methods that make it possible to reasonably assess the level of information security of information security software. Special attention is paid to system, expert and mathematical-statistical methods. The classification of threats is presented, evaluation criteria are given, and the applicability of various models is discussed: from ISO/IEC standards to Bayesian and fuzzy logic models. A generalized methodology is proposed to ensure transparency and reproducibility of procedures for assessing the security of software solutions