Skip to the main content

Original scientific paper

https://doi.org/10.17559/TV-20200721154801

Modelling of Fuzzy Expert System for an Assessment of Security Information Management System UIS (University Information System)

Ljilja Sikman orcid id orcid.org/0000-0001-6019-8133 ; University of Banja Luka, Bosnia and Herzegovina
Tihomir Latinovic* orcid id orcid.org/0000-0003-3682-6464 ; University of Banja Luka, Bosnia and Herzegovina
Nermin Sarajlic orcid id orcid.org/0000-0001-8004-3358 ; University of Tuzla, Bosnia and Herzegovina


Full text: english pdf 1.159 Kb

page 60-65

downloads: 747

cite


Abstract

Several methodologies based on the international standard ISO/IEC 27001 have been developed for modelling information security management systems within higher education. This paper transformed the ISO/IEC 27001 standard into a questionnaire, which was sent digitally to about 100 universities in Bosnia and Herzegovina, and to the EU, Norway and the USA. The questions are arranged by levels, and the levels have their numerical weights, derived from individual questions in the levels themselves. Otherwise, the questions are asked with Yes or No and thus are reduced to binary variables. The rules necessary for the functioning of the system have been calculated. The fuzzy logic method represents a new approach to the problems of managing complex systems, which is very difficult to describe with a certain mathematical model, as well as in systems with a large number of inputs and outputs where there are unclear interactions. Risk assessment is a major part of the ISMS process. Traditional risk calculation models are based on the application of probability and classical set theory. Here, we have converted the risk assessment into a system rating of 5 to 10 numerically or from five to ten descriptively. We perform fuzzy optimization by finding the values of the input parameters of a complex simulated system, which results in the desired output. We use the fuzzy logic controller to execute fuzzy inference rules from the fuzzy rule database in determining congestion parameters, obtaining warning information and appropriate action. Simulating the situation of an advanced system that evaluates the protection quality of such a system with fuzzy logic, we use MATLAB. The paper combines the original Visual Basic programming language and MATLAB's Fuzzy Toolbox, to solve the complex problem of assessing compliance with the ISO/IEC 27001 standard, as one of the main standards for information systems security modelling. University information systems were used, but it is also applicable to all other information systems. The evaluation has been done for several universities and it has been proven that the system evaluates correctly, but these universities must not be publicly named. There was no such approach in the use of fuzzy logic and on such systems, and that is the originality of this work.

Keywords

fuzzy; expert systems; ISO/IEC 27001; ISMS (information security management system); risk

Hrčak ID:

269483

URI

https://hrcak.srce.hr/269483

Publication date:

15.2.2022.

Visits: 1.916 *