In the context of a rapid increase in the number and complexity of cyberattacks, the need for an objective and timely assessment of information security risks is becoming increasingly critical.

The aim of this study is to develop and validate a methodology for automated risk assessment aimed at improving the accuracy, reproducibility, and efficiency of threat analysis in corporate and governmental information systems.

The methodological framework of the research combines quantitative and qualitative approaches based on international standards and models such as ISO/IEC 27005, NIST SP 800-30, and FAIR. The study employs automated monitoring and vulnerability testing systems — OpenVAS, Zabbix, Metasploit, and RiskWatch. For statistical validation of the results, the Monte Carlo method was applied within the computational environment Python 3.12 (NumPy, Pandas, SciPy).

The scientific novelty of this work lies in the development of an integrated risk assessment model that unites monitoring tools and mathematical modeling methods into a single analytical system. The practical significance of the research lies in the possibility of implementing the proposed methodology into corporate GRC and SIEM systems for continuous monitoring and adaptive risk management, as well as its applicability in educational and research activities for training specialists in cybersecurity and digital risk management.