Module for expected losses assessing in the information security risk management system of a construction company




BIM – technology, BIM-model, corporate information system for building lifecycle management (CIS LM), risk management system, information asset (IA), information security threat, expected losses, aggregated and comprehensive losses assessment, expert assessment


The article examines the problem of the expected losses effective assessment in a construction company upon materialization of information security threats. One of the ways to partially solve this problem is proposed. It is suggested to improve the capabilities of the respective module of the risk management system, which provides the user with a human-machine toolkit for expert assessment of expected losses. This toolkit consists of several stages. The toolkit considers the most effective evaluation scenario given the existing situational decision-making conditions. In order to ensure the operation of the module, the informational and logical connections between the evaluation stages are also defined and the apparatus for the formation of various evaluation scenarios is designed. In addition, to increase the accuracy of the results and increase the flexibility of the proposed algorithm, the possibility of selecting the evaluation scenario by the user with the appropriate role is provided. Since the paper considers the problem of multi-criteria evaluation, the hierarchy of criteria is formalized, and the weight of their influence on the calculation results is also taken into account. When building a logical-mathematical apparatus, the possibility of realizing various types of threats to various information assets (IA) of the enterprise is also considered. The assessment of the consequences of information security threats can be carried out at different levels: general and distributed, taking into account various indicators such as violations of confidentiality, integrity and availability of information. The methods of direct expert evaluation, analytic hierarchy process (AHP), Delphi, linear convolution of criteria, probabilistic modeling are used in the development of the logico-mathematical apparatus. A qualitative-quantitative scale is used to formalize expert judgments. The necessary roles of experts for effective evaluation have been defined. Summarization of experts' assessments is carried out with control of the adequacy of the degree of logic and dispersion of the opinions of each expert, in accordance with the established requirements for the degree of agreement of the opinions of a group of experts. Competence of the experts is also taken into account during assessment.


Николаев В.П. Новейшие методы и информационные технологии управления в строительстве. URL: http://www.

Хлапонін Ю.І., Ізмайлова О.В. Підхід до забезпечення захисту корпоративних інформаційних систем в будівництві. Управління розвитком складних систем. 2017. Вип. 31. С. 126-131.

Кожедуб Ю. Реалізація процесного підходу до керування ризиками інформаційної безпеки в документах NIST. Information Technology and Security. July-December 2017. Vol. 5. Iss. 2 (9), С. 76-89

Корченко О.Г., Казмірчук С.В., Ахметов Б.Б., Прикладні системи оцінювання ризиків інформаційної безпеки. Монографія, Київ, ЦП «Компринт», 2017 435 с.

Dudykevych V., Prokopyshyn I., Chekurin V., Opirskyy I., Lakh Y., Kret T., Ivanchenko Y., & Ivanchenko I. A multicriterial analysis of the efficiency of conservative information security systems. Eastern-European Journal of Enterprise Technologies, vol. 3(9(99), P. 6–13, 2019.

Izmailova, O., Krasovska, H., Krasovska, K., & Zaslavskyi, V. (2020). Assessing the Variety of Expected Losses upon the Materialisation of Threats to Banking Information Systems. Information & Security: An International Journal, 45, 89–118.

Ізмайлова О.В., Пида С.В., Мельник І.М., Красовська К.К. Підвищення достовірності оцінок значущості критеріїв при визначенні ринкової вартості об’єктів нерухомості. Управління розвитком складних систем. 2017. Вип. 29. С. 109-118.

Khlaponin, Y., Izmailova, O., Qasim, N. H., Krasovska, H., & Krasovska, K. (2021). Management Risks of Dependence on Key Employees: Identification of Personnel. Cybersecurity Providing in Information and Elecommunication Systems, 2923, 295–308.

Saaty, T.L., & Vargas, L.G. (2013). Decision making with the Analytic Network Process: Economic, political, social and technological applications with benefits, opportunities, costs and risks.



How to Cite

Izmailova, O. ., Krasovska, H. ., & Krasovska, K. . (2022). Module for expected losses assessing in the information security risk management system of a construction company. Ways to Improve Construction Efficiency, 1(50), 81–92.