Application of the Fuzzy Set Method in the Information Security Audit Process
Abstract
Application of the Fuzzy Set Method in the Information Security Audit Process
Incoming article date: 17.02.2025The process of ensuring information security is inextricably linked with the assessment of compliance with the requirements. In the field of information protection, this process is called an information security audit. Currently, there are many international and domestic audit standards that describe various processes and methods for assessing compliance with requirements. One of the key drawbacks of these standards is the use of exclusively qualitative assessment without numerical calculations, which in turn does not allow making the procedure the most objective. The use of fuzzy logic allows providing the audit process with an appropriate quantitative assessment, while operating with understandable linguistic variables. The article analyzes existing standards and presents a conceptual model for applying the fuzzy set method in the process of information security audit.
Keywords: information security, information infrastructure, security audit, risk analysis, fuzzy sets, fuzzy logic