The relevance of the study is due to the need to increase the effectiveness of information security risk management in logistics service systems by developing and practical implementation of a mechanism for their assessment and management, taking into account the cause-and-effect relationships between vulnerabilities and threats and the impact of their consequences on the functioning of transport systems. The purpose of the article is to systematize and improve approaches to assessing information security risks in transport logistics systems by developing and practical implementation of a risk management mechanism in transport service systems, which is based on establishing cause-and-effect relationships between vulnerabilities and threats, assessing the probability of their occurrence and the level of consequences, as well as forming justified response measures based on a matrix approach. The article considers theoretical and methodological aspects of assessing information security risks in logistics service systems, approaches to their systematization by levels of probability and consequences, as well as the features of establishing cause-and-effect relationships between vulnerabilities and threats. A mechanism for managing information security risks in logistics service systems is proposed, which is based on a categorical model of relationships between threats and vulnerabilities, involves the use of a matrix of consequences for assessing risks and developing justified measures to minimize them, and is also tested on the example of a transport enterprise. Based on the results of the assessment, the distribution of risks by significance levels is determined and response measures are developed. The effectiveness of the proposed approach is confirmed by the consistency of expert assessments and the improvement of the integral indicator of risk management effectiveness
Dobrovolska et al. (Tue,) studied this question.