Document Type : Research Paper

Authors

1 M.Sc. from Alzahra University , Tehran, Iran

2 Department of Management, Faculty of Social Sciences and Economics, Alzahra University, Tehran, Iran Corresponding Author: m.ranjbarfard@alzahra.ac.ir

3 lecturer at Alzahra University

10.22054/ims.2024.76541.2401

Abstract

In this research, an expert system was designed and implemented based on the ISO/ICE27001 standard. In order to create the knowledge base of this expert system, control goals and criteria for evaluating these goals were extracted based on the ISO/ICE27001 standard, and the necessary information was collected to define the rules. Then, the approach of creating rules as well as the rules were confirmed through interviews with experts. The control objectives and evaluation criteria of the control objectives were using the Dematel technique along with the Dalala formula and WASPA method. In the next stage, the five main security objectives were chosen to continue the work due to their emphasis in the research literature. The specified goals were reviewed and confirmed during face-to-face interviews with experts. After designing the expert system, Visual Basic was used to implement the user interface and Excel 2016 was used for inference. The designed system is able to calculate the information security score according to the standard and also is able to calculate the information security score by applying the weight of the control objectives, the evaluation criteria of the control objectives and the percentage of realization of the main objectives of the information security. The resulted score is shown in three levels of critical status, average status and very good status to the user. Results of the system implementation in two Iranian organizations showed that the system with an average accuracy of 95% has the necessary accuracy and efficiency to evaluate information security.

Keywords

Main Subjects