Assessment of confidentiality risks of information security of projects based on fuzzy logic

One of the main components of enterprise information security management is its risk assessment. This is especially true for critical infrastructure enterprises and their business partners, including construction companies. However, measuring cybersecurity, even with the current skyrocketing costs of cybersecurity, remains an underdeveloped topic, so developing and agreeing on reliable ways to measure its risks and effectiveness is relevant for research. In many industries, the activities of enterprises are of a design nature and information security management must also be implemented within the framework of the project, which requires further research in this area. Given the incompleteness and vagueness of information about the components of information security, fuzzy logic is actively used in risk assessment models. The article proposes an approach for assessing the risks of violating the confidentiality of documents when solving information security problems of projects. The set of project documents is formalized in the form of a generalized hierarchical structure and the relationship of documents with operations and information systems that are used during operations with documents is determined. Based on the formalized structure of documents, a model has been developed for assessing the risk of violating the confidentiality of a document based on fuzzy logic, which allows one to take into account the incompleteness and blurring of data. The results of the work can be used when making decisions on information security measures for projects at enterprises with project activities, including at critical infrastructure enterprises, IT enterprises, construction companies and others. The proposed approaches can serve as a basis for the development of information technologies to automate the assessment of information security risks of projects.