The paper presents the analysis of national and foreign literature on the methods of cybersecurity risk assessment including critical infrastructure facilities. It is stated that cybersecurity and risk assessment are an important issue of critical infrastructure facilities. The paper proposes graphical and analytical methods for assessing the total cybersecurity risk of I&C systems including critical infrastructure facilities. These total risk assessment methods are based on determining the maximum values of consequences for each risk. It is shown that the maximum values of cyber threat effects can be determined by expert means, as the maximum losses that can be caused to the company assets. The proposed methods make it possible to determine the total cybersecurity risk of critical infrastructure, the total losses due to multiple cyber threats, the total losses due to a single cyber threat for a certain period of time, the likelihood of maximum losses due to multiple cyber threats. There are the advantages of these methods for assessing total risk. Based on the proposed methods, it is possible to develop a methodology for assessing the cybersecurity risks of I&C systems including critical infrastructure facilities, and build decision support systems for the application of risk reduction measures. The economic feasibility of applying these or other risk treatment measures, both organizational and technical, is defined by evaluating the cost of such measures with the maximum amount of losses due to the total risk.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.