The article proposes a method for assessing the risk of a possible stay of an automated special-purpose information system in a critical state, based on the synthesis of two heterogeneous mathematical models, one of which allows taking into account the intensity of DDOS attacks and the intensity of application processing, based on Markov processes, and the second is one of the forms of a formal description of protection systems, with complete overlap, in which the interaction of the "threat area", "protected area" is considered – areas of resources of an automated information system for special purposes, and "protection systems" – security mechanisms of an automated information system. The developed method makes it possible to simulate the information security tools included in the automated information system for special purposes, under the influence of DDOS attacks, taking into account both the empirical values obtained as a result of measurements or modeling, and the theoretical base of parameters specified by input data. In the synthesis of the two models, the lack of uncertainty of some of the input parameters, taking into account the values based on expert estimates, was eliminated.

Keywords: automated information system, security assessment, queuing system, risk