Formalized Risk-Oriented Model of the Information Technology System

. The aim of the study is to systematize the principles of building information technologies that are essential from the point of view of information risk assessment, and to form, on this basis, a model that provides the ability to analyze risk factors when building secure information systems. Methods: when developing the model, the methods of game theory and set theory were used. The result: the model is focused on taking into account the conflicting nature of interaction between information technologies and sources of threats to information security The information technology system is considered as an interconnected set of technologies of the warring parties, providing the processes of practical activity of one of them, which allows, on a unified methodological basis, to analyze the vulnerabilities of information technologies, scenarios for the implementation of threats, as well as to optimize technological solutions for information protection. The model is characterized by a high degree of generalization, since its main elements are abstract entities: a set of information technologies used by the parties; sets of information operations, implemented by technologies; information and control relationships on sets of technologies and operations. To use the model requires a preliminary development of the list and characteristics of these sets and relations in relation to specific information technologies