Abstract: The human factor is considered in the work from the point of view of threat of influence on information security problems. A review of the expert assessment of security threats over different years showed that the growing influence of the human factor is increasing all the time. The article outlines a number of security threats that are most affected by the human factor, which occupy leading positions in general statistics. The method of calculating the influence of the human factor on the main characteristics of information security threats is given: probability and criticality. The study was based on work with the probability of occurrence and criticality of unrelated threats to information security with the presence of the human factor. The paper reviews the expert assessment of information security threats, which consisted in identifying the most likely and critical threats to information security with the presence of a human factor. The above method of calculating the impact of the human factor on information security threats helps to understand how critical the impact of the human factor is, to clearly distinguish its influence and to trace the level of its impact, which is absent in most modern threat assessment methods due to the consideration of information security threats in general, without taking into account one or another factor .

Abstract: The majority of modern risk evaluation and management methods imply the concept of residual risk as a figure describing the risk of a threat after all countermeasures have been implemented, however, researchers do not pay enough attention thereto. In this research the authors offer their algorithm allowing to represent the residual risk of information security threats in a form of a mathematical model which in its turn creates opportunities for a more detailed analysis of a parameter under review and the model itself. Coefficients of this model demonstrate the impact of input parameters on the final result. The algorithm of the residual risk mathematical model is based on a complete factorial experiment taking into account peculiarities of a parameter under review. This approach allows to analyze the role of residual risk not only as a figure but also mathematical model which can help to better imply residual risk when implementing risk evaluation and management methods in order to improve an information protection system at an enterprise.