Instruments and Systems: Monitoring, Control, and Diagnostics Annotation << Back Information Security Risk Analysis and Assessment of the Effectiveness of Security Systems at the Enterprise A.B. SHUKENBAEV, A.S. LAMZIN, N.SH. SHUKENBAEVA, V.V. LEBEDEV The article provides examples of using the CORAS methodology to model threats, scenarios of information security incidents and vulnerabilities in an enterprise [1]. The results obtained make it possible to identify the most critical risks, assess the economic effect of implementing protection measures, and formulate practical recommendations for improving the security of an enterprise's corporate information resources. Keywords: Information security (IS), risk management, IS risk analysis, CORAS, threats and vulnerabilities, risk assessment, residual risk, effectiveness of protection measures, personal data, maturity of IS processes, DDoS attacks. DOI: 10.25791/pribor.3.2026.1661 Pp. 58-70.