Information systems and technologies, as components of the information sphere, directly and actively influence the state of economic, ecological, energy, transport, food, criminogenic, information and other components of the integrated security of the Russian Federation. The article deals with the formalization of the information system parameters, on which the importance of information risks depends. The technique of designing complex information security systems is described by dividing them into appropriate stages. With the help of the developed software, the KSZI is designed on the basis of the objective parameters of the information system. The model is a set of objects of the information system, described with the help of appropriate software entities. This allows you to improve the accuracy of calculations, avoid dependence on the expertise of experts, which ultimately will allow the software to be used by system administrators who do not have much experience in designing security systems.

information security system, information risk, information security threat, vulnerability of the information system

1. Averchenkov V.I., Rytov M.Yu., Kuvyklin A.V., Rudanovskii M.V. Audit informatsionnoi bezopasnosti organov ispolnitel'noi vlasti [Information security audit of the Executive bodies]. Moscow. Flinta 2011. 100 p. (in Russian).

2. Whitman M. E., Mattord H. J. Principles of information security. Cengage Learning, 2011.

3. GOST no. 13335-1-2006. Informatsionnye tekhnologii. Metody i sredstva obespecheniya bezopasnosti [State standard no. 13335-1-2006. Information technology. Methods and means of security]. (in Russian).

4. Ifinedo P. Understanding information systems security policy compliance: An integration of the theory of planned behavior and the protection motivation theory. Computers & Security. 2012. vol. 31. no. 1. pp. 83-95.

5. Kazakov Yu.M., Leonov Yu.A., Fedorov V.E. Modeling rational schemes of basing of the workpiece in the solution of the problem of synthesis of individual technological processes. XI Mezhdunarodnaya nauchno-prakticheskaya konferentsiya "Mikhailo-Arkhangel'skie chteniya". 2016. pp. 203–235. (in Russian).

6. Tishchenko A.A., Kazakov Yu.M. The method of decision-making about the production of a new product in the initial stages of development at the marketing management approach. Vestnik Slavyanskikh vuzov: ezhegodnyi mezhdunarodnyi nauchno-prakticheskii zhurnal [Journal of Slavic universities: the annual international scientific-practical journal]. 2015. no. 4. pp. 127–130. (in Russian).

7. Averchenkov A.V., Fisun A.P. A multilevel model of personnel identification in the control system and access control at the enterprises of construction industry. Stroitel'stvo i rekonstruktsiya [Construction and reconstruction]. 2016. no. 2. pp. 56–64. (in Russian).

8. Tankard C. Advanced persistent threats and how to monitor and deter them. Network security. 2011. vol. 2011. no. 8. pp. 16-19.