Industrial Automatic Control Systems and Controllers Annotation << Back Quantitative Parameters for Assessing the Level of Information Security of Financial Institutions Yu.Yu. Festa, I.A. Vorobyev Information security risk event can be interpreted as bank losses associated with imperfect security systems: vulnerability to DDoS attacks, virus infections, imperfection of fraud monitoring systems. The draft regulation of the Central Bank of the Russian Federation on the operational risk management system in a credit institution and a banking group involves taking into account the component of this risk in calculating the amount of capital to cover losses. The relationship between the quality of fraud monitoring models and the costs associated with reimbursing these losses, as well as an increase in the amount of capital to cover operational risks, can be expressed in a matrix of errors in the classification of machine learning algorithms. This article provides a brief overview of the laws and regulations governing the use of anti-fraud systems and notifying the regulator about events of the corresponding risk. Existing high-level metrics for managing and quantifying the risk of cyber fraud are considered. The obvious shortcomings of these metrics are pointed out and examples are provided to indicate that they cannot be misunderstood by organizations. It is proposed to introduce a new indicator that corrects these quantitative parameters of the assessment. Keywords: risks; information security; quantitative assessment; model quality; fraud. DOI: 10.25791/asu.9.2021.1310 Pp. 30-40.