Expert system applications for industry specific information security challenges

The paper addresses the task of studying the parameters of a corporate information security audit. It proposes an expert system database architecture based on the national information security standards and various sectoral requirements. The standards are used to propose ways to populate the expert system’s database and the system’s modus operandi. It describes the distinctive features of expert system database population in compliance with sectoral requirements, which must provide for some questions and knowledge to be available in the database, which calls for vetting of the system’s database content for a specific industry. A user interface algorithm can be used in the context of data security assessment to identify an industry-specific component, which makes it possible to quantify risks and develop recommendations to secure the information system. It also proposes an inference engine design.