Most works on the analysis of risk management problems in complex systems offer solutions based on the assumption of independence of risk-reducing control actions. At the same time, in practice, control actions on a particular risk factor can indirectly affect other factors as well. As a result, the assessment of the impact of a particular action on the overall risk can be distorted. Therefore, it is necessary to develop methods for selecting control actions that consider the interdependence of risk factors. This paper considers a three-level risk management model for the protected system. The model includes risk factors with their mutual influence, local risks induced by them, and a method of aggregation of local risks into an indicator characterising the risk of the system as a whole, that is, integral risk. Based on the model, we made conclusions about the possible principles of building an algorithm to identify the set of acceptable risk-reducing control actions.