Fuzzy Expert System of Information Security Risk Assessment on the Example of Analysis Learning Management Systems

The rapid development and application of new digital technologies has, on the one hand, opened up new opportunities for more efficient management of technological and business processes. On the other hand, this leads to a significant increase in security threats, increasing the vulnerability of businesses and organisations to cybercriminals. In recent years, the rapid growth of incidents of various kinds has shown that traditional approaches to information security (IS) are insufficient. Consequently, software product information security risk assessment has become an important task for most organisations. Several models have been proposed to help different enterprises deal with the challenges of building information security. This paper proposes a new hierarchical structured model for information security risk assessment using fuzzy logic. A new method for information security risk assessment of software is also described using the example of automated control systems or enterprise resource planning (ERP) systems (using learning management systems as an example). The proposed new risk assessment model has been software implemented using fuzzy logic in the form of 15 fuzzy machines. In a series of experiments, we have scrutinised the information security risk assessment of various software products. The proposed method should solve the problem of flexible risk assessment.