Formalized model for assessing the security of an enterprise information system

The article describes the main methods for assessing the security of an enterprise information system (IS), namely: a method for assessing the security of an enterprise IP from unauthorized access (UNA) based on expert information, an expert assessment method, a graph method, a fault tree method, a method based on a complex mechanism model protection. A comparative analysis of the methods for assessing IS security from a functional point of view is given. Based on the analysis, the most effective methods for assessing the security of an enterprise’s IS have been identified: a method for assessing the security of an enterprise’s IS from unauthorized access based on expert information, and a method of expert assessment. A mathematical model has been developed, which includes a method for assessing the security of an enterprise IS from unauthorized access based on expert information, a method of expert assessments. This mathematical model is the basis for the formation of the software package “Assessment of the security of the enterprise information system”.