Statement of the problem - the number of information systems for various purposes is growing every year. One of obligatory stages of formation of requirements to protection of information contained in the information system is the identification of relevant threats to information security, the implementation of which may lead to violation of information security in the information system, and development on this basis of model of threats of information security, including a description of possible vulnerabilities used in the information system software.
The FSTEC of Russia maintains a database of security threats to information containing the list of threats to the security of information and information about software vulnerabilities. To date information about the threats to the security of information in the data Bank, there are formed separately from information about the vulnerability, the search for threats to information security, relevant to a particular information system, the database must be done manually, which is a very time consuming task, depending on the scale of the information system. To automate the procedure of obtaining information relevant to information systems threats to information security on the basis of the data about the vulnerabilities of the software that is part of the information system, it is proposed to use the apparatus of neural networks. As input data for training neural networks is proposed to use information about the software vulnerabilities accumulated in the data Bank. As a result of the work performed has been successfully tested the proposed method to identify relevant for information system threats of information security on the basis of information about software vulnerabilities. Empirically determined the optimal topology of a neural network. Developed a prototype software product that solves the problem of establishing links between threats to information security and software vulnerabilities in the data security threats information. Suggested promising directions of development in the subject area: applied neural networks, the improvement of their topologies, as well as the development and further improvement of procedures of their learning.