The paper provides an overview of publications devoted to the assessment methods of information security risks in various systems, including those with network structures and using cloud technologies. The authors propose the combined method using fuzzy logic and regression analysis, which allows solving the problem of assessing information security risk in conditions of uncertainty of the dependence of various parameters in complex information structures. It also allows you to identify the parameters on which the information security risk depends to a greater extent, and a list of parameters that you can ignore in the assessed situation.