Analysis of the parameters of information security of the automated systems based on the specified expert assessments

The paper analyzes the possibilities of using expert methods of assessment of the parameters of the information security of the complex systems, one of the most important representatives of which is an automated control system (ACS). It is shown that with respect to the assessment of the information security parameters and, in particular, the risks, the most acceptable method of assessment is an expert one. In this case, there are two diametrically opposite approaches to assessment: the first approach is used to assess the safety performance of global automation com-ponents and the second — some typical elements of the ACS, and then integrated assessments are formed on the basis of the structural relationships of these elements. The paper substantiates the feasibility of using the second approach, because it provides a higher assessment precision. However, this approach is much more labor intensive, based on a large set of assessments, a significant portion of which is obtained by an expert. Due to the abundance of expert assessments, including subjective distortion, we propose a procedure to adjust these data based on the conversion functions. The paper proposes two such functions: one is formed on the basis of the Harrington’s function of desirability and the second — on the basis of polynomial extrapolation by Harrington’s scale. It is shown that the latter function has a number of the advantages compared with the first one.