InfoSec Risk Assessment Methodology based on the example of Learning Management Systems Analysis

The active development and application of new digital technologies in education, on the one hand, has opened up new opportunities for improving the efficiency of the university’s business process management. On the other hand, this has led to a significant increase in security threats and the vulnerability of educational institutions to cyber criminals. The recent rapid growth of various incidents regarding cybercrimes shows the insufficiency of traditional approaches to information security. Consequently, information security risk assessment has become an important task for most educational institutions. Several models have been proposed to help educational institutions solve problems with building information security. This article proposes a new hierarchical structured model for assessing information security risks in educational institutions using fuzzy logic. A new method for assessing information security risks is also described using the example of automated control systems or ERP systems (for example, training management systems). The proposed risk assessment of the university was modeled using fuzzy logic in the form of 15 fuzzy machines. In the course of a number of experiments, we carefully studied the assessment of information security risks of various software products used in universities. The proposed method should solve the problem of flexible risk assessment.