The tasks of ensuring the reliability and security of a software system, managing risk and organizing risks are important. The purpose of the developed software system was to identify, evaluate and neutralize the risks of information and automated systems. Ensuring the confidentiality of the information stored in the system, including historical data on errors and risks of the systems, plays an important role. Considering the importance of protecting this system from risks of information security, studies have been conducted using the method of protection from DDoS attacks and management of risks. Approaches are based on the adaptation of certain methods to assess the risks of software systems, help reduce risks by using risk mitigation and assessment strategies based on collected historical data on risk reduction. The study assembled a network of virtual machines. Machines performed various tasks. The first machine was a server analyzing the amount of incoming traffic. The second machine - served as the target server. The third machine performed the task of the attacker and it attacked the second machine. The main purpose of the article is to present the results of reducing information security risks, namely, distributed attacks on the developed software system.