Introduction: Security assessment of modern information systems is a challenging task. These systems incorporate heterogeneous objects, things, subjects and connections between them. They are continuously changing and generate a lot of events. As a result, the system security state is constantly changing. Purpose: To develop an approach for security assessment of the heterogeneous information systems. Results: We develop and present an approach to security assessment. It incorporates data gathering from various sources, log preprocessing, security incidents detection, mapping the security incidents to the nodes of the attack graph, security assessment and forecasting, and results representation. The novelty of the proposed approach is in the technique for mapping the detected incidents to the stages of the targeted cyber attacks. This technique uses the Emerging Threats correlation rules to output the security incidents based on the detected events. It also uses the Targeted Attack Analyzer (Indicators оf Attack) rules that describe security incidents (signatures) using Sigma language to map the detected security incidents to the attack patterns from the MITRE ATT & CK database. Thus, the proposed technique allows one to map the detected events to the attack graph nodes and assess and forecast the targeted cyber attacks. The attack graph is generated using MITRE ATT & CK attack patterns and vulnerabilities from the National Vulnerability Database. The approach is implemented in the Python language. The test environment is deployed to test the mapping of the detected security incidents to the known attack patterns. Practical relevance: The investigation results can be used in the construction of security assessment systems that are aimed at strengthening cyber security of heterogeneous information systems.