This paper provides a brief overview and analysis of the most commonly used methods for assessing information security risks in various complex systems. These methods involve creating specific models that help assess, manage, and predict the possible occurrence of adverse situations related to information security. These methods help to make decisions aimed at minimizing the potential damage that could occur because of external attacks on information resources or other threats that exploit existing vulnerabilities. However, they provide an acceptable result in risk assessment in conditions where it is possible to quantify the parameters on which the risk depends. In conditions of high uncertainty, for example, when determining the dependence of risk on subjective factors, the use of these methods can lead to high errors. As a rule, risk assessment is associated with a high degree of uncertainty of parameter values and their mutual influence on the information security risk level. The method proposed by the authors, based on the combined use of fuzzy logic and regression analysis, makes it possible to assess the information security risk in conditions of uncertainty in complex information systems with a network structure. This method also allows you to identify the parameters that most influence the risk level, which in turn enables you to protect information resources while optimizing the cost of implementing an effective protection system. Using this method and basing on the predicted risk level values, allows you to plan events to improve the level of information system protection in both the short and long term.