Instruments and Systems: Monitoring, Control, and Diagnostics Annotation << Back Approaches to the Formation of an Integrated Information Technology Security System in an Organization V.E. SOKOLOVSKY, E.V. GLINSKAYA, M.A. BASARAB The formation of an integrated information technology security system in organizations of various forms of ownership should be carried out in accordance with regulatory requirements and best practices aimed, among other things, at identification and evaluation (ranking) current threats to information security. Identification and ranking of information security threats makes it possible to formulate and economically justify the necessary measures aimed at reducing the likelihood of information security threats and reducing the relevant business risks of the organization associated with information security incidents. The assessment of information security threats should be systematic and carried out both at the stage of creating an information technology security system and during its operation, including during the development (modernization) of the organization's information infrastructure. A systematic approach to assessing information technology security threats will make it possible to maintain an adequate and effective protection system in the face of changing threats to the security of information and information resources of the organization. The paper considers a risk-based approach to creating an integrated information technology security system in accordance with well-known models for providing information technology security services and the logical-probabilistic I.A. Ryabinin. Based on the fundamental principles of probability theory and the algebra of logic, which makes it possible to perform a mathematically sound ranking of information security threats based on threat scenarios developed by the organization's information security experts. The application of I.A. Ryabinin's logical-probabilistic method makes it possible to analyze information security threats fairly correctly and further determine the quality indicator of the integrated information technology security system. The assessment (ranking) of information security threats allows the decision-maker to form a holistic picture of the risks threatening the business interests of the organization, create a database and knowledge base for expert systems to support technical and other decision-making, and justify measures to reduce negative consequences in the event of security threats in the organization's information infrastructure. Keywords: information security, risk-based approach, service provision model, information security risk, information technology security, information protection tool, logical and probabilistic method of I.A. Ryabinin. DOI: 10.25791/pribor.12.2025.1640 Pp. 51-60.