Development and Implementation of an Advanced Fuzzy Expert System for the Assessment of Information Security Risks
DOI:
https://doi.org/10.47852/bonviewJCCE52024683Keywords:
fuzzy logic, information security risk assessment, cybersecurity, expert systems, decision-making, risk managementAbstract
This research paper describes an improved fuzzy expert system for assessing information security (IS) risks. More and more organizations are facing significant IS problems. These problems arise in protecting corporate information systems from these threats. Traditional IS risk assessment methodologies often have difficulties. Difficulties arise in eliminating ambiguity and uncertainty that are characteristic of these dynamic environments. This study presents a new approach using fuzzy logic. Fuzzy logic is used to accurately identify and evaluate the subtle intricacies of each IS risk factor. Using linguistic variables and fuzzy sets, the proposed system effectively reproduces the reasoning processes. This research paper delineates the formulation of an advanced fuzzy expert system aimed at enhancing IS risk assessments amidst the evolving complexity of cyber threats. By utilizing linguistic variables and fuzzy sets, the proposed system effectively replicates human-like reasoning processes. This allows for a flexible and dynamic framework for risk assessment. This methodology is characterized by the effective integration of both qualitative and quantitative data, resulting in a comprehensive risk assessment model. The usefulness of this model is validated by its application in learning management systems. The systems evaluated include Platonus, SmartENU, Directum, MOOCENU, KPI, and a university website. Quantitative evaluations were conducted according to standards such as NIST 800-30, ISO/IEC 27001, BS 7799, and a proposed model, yielding scores that range from 0.205 to 0.998 across different criteria and systems. Correlation analysis between the standards and the expert-proposed model revealed high consistency, with correlation coefficients ranging from 0.994 to 0.996. These results underline the robustness of the proposed model in aligning closely with established IS standards and suggest its potential for broader application in IS risk assessment.
Received: 30 October 2024 | Revised: 17 February 2025 | Accepted: 10 March 2025
Conflicts of Interest
The authors declare that they have no conflicts of interest to this work.
Data Availability Statement
Data available on request from the corresponding author upon reasonable request.
Author Contribution Statement
Alibek Barlybayev: Conceptualization, Methodology, Validation, Formal analysis, Investigation, Resources, Data curation, Writing – original draft, Writing – review & editing, Supervision, Project administration, Funding acquisition. Alua Turginbayeva: Methodology, Software, Validation, Resources, Data curation, Visualization.
Metrics
Downloads
Published
Issue
Section
License
Copyright (c) 2025 Authors

This work is licensed under a Creative Commons Attribution 4.0 International License.
How to Cite
Funding data
-
Ministry of Education and Science of the Republic of Kazakhstan
Grant numbers AP19174390