Development and Implementation of an Advanced Fuzzy Expert System for the Assessment of Information Security Risks

Barlybayev A. Turginbayeva A.
27 November 2025 Bon View Publishing Pte Ltd

Journal of Computational and Cognitive Engineering
2025 #4 Issue 4 570 - 580 pp.

This research paper describes an improved fuzzy expert system for assessing information security (IS) risks. More and more organizations are facing significant IS problems. These problems arise in protecting corporate information systems from these threats. Traditional IS risk assessment methodologies often have difficulties. Difficulties arise in eliminating ambiguity and uncertainty that are characteristic of these dynamic environments. This study presents a new approach using fuzzy logic. Fuzzy logic is used to accurately identify and evaluate the subtle intricacies of each IS risk factor. Using linguistic variables and fuzzy sets, the proposed system effectively reproduces the reasoning processes. This research paper delineates the formulation of an advanced fuzzy expert system aimed at enhancing IS risk assessments amidst the evolving complexity of cyber threats. By utilizing linguistic variables and fuzzy sets, the proposed system effectively replicates human-like reasoning processes. This allows for a flexible and dynamic framework for risk assessment. This methodology is characterized by the effective integration of both qualitative and quantitative data, resulting in a comprehensive risk assessment model. The usefulness of this model is validated by its application in learning management systems. The systems evaluated include Pla-tonus, SmartENU, Directum, MOOCENU, KPI, and a university website. Quantitative evaluations were conducted according to standards such as NIST 800-30, ISO/IEC 27001, BS 7799, and a proposed model, yielding scores that range from 0.205 to 0.998 across different criteria and systems. Correlation analysis between the standards and the expert-proposed model revealed high consistency, with correlation coefficients ranging from 0.994 to 0.996. These results underline the robustness of the proposed model in aligning closely with established IS standards and suggest its potential for broader application in IS risk assessment.

cybersecurity , decision-making , expert systems , fuzzy logic , information security risk assessment , risk management

Text of the article Перейти на текст статьи

Higher School of Information Technology and Engineering, Astana International University, Kazakhstan
Department of Computer and Software Engineering, L.N. Gumilyov Eurasian National University, Kazakhstan

Higher School of Information Technology and Engineering
Department of Computer and Software Engineering

10 лет помогаем публиковать статьи Международный издатель

Книга Публикация научной статьи Волощук 2026 Book Publication of a scientific article 2026