Design and Implementation of a Comprehensive Information Security Risk Management Tool based on Multi-agents Systems

While there are many framework that help users in Governance, Risk, and Compliance (GRC), we know of none which actually try to automate the process by using multi agent systems. The Team of Systems’ Architecture proposes an integrated IT GRC architecture for a high level IT GRC management. This article focuses on IT Risk topic and presents a new approach for a multi-agent expert system, where managers of IT GRC can in an intelligent manner specify the IT needs following the strategic directives through a questionnaire about specific business goals. The key element that differentiates this research from the previous ones is that none of them are based on multi-agents system. The system was verified on concrete example. Future works consists on realizing a practical example of the proposed subsystem on real company systems that are involved in the research in order to overcomes obstacles and achieve IT organization objectives. General Terms Security risk assessment, risk management system, information system

[1]  Jake Kouns,et al.  Information Technology Risk Management in Enterprise Environments: A Review of Industry Practices and a Practical Guide to Risk Management Teams , 2010 .

[2]  Roxanne E. Burkey,et al.  Designing a total data solution : technology, implementation and deployment , 2000 .

[3]  Esmiralda Moradian,et al.  Approach to Solving Security Problems Using Meta-Agents in Multi Agent System , 2008, KES-AMSTA.

[4]  Nicholas R. Jennings,et al.  Intelligent agents: theory and practice , 1995, The Knowledge Engineering Review.

[5]  Sachin Shetty,et al.  Application Security in the ISO27001 Environment , 2008 .

[6]  Michael Wooldridge,et al.  Intelligent agents: theory and practice The Knowledge Engineering Review , 1995 .

[7]  Peter Norvig,et al.  Artificial Intelligence: A Modern Approach , 1995 .

[8]  N. Stella,et al.  Expert System : A Catalyst in Educational Development in Nigeria , 2011 .

[9]  Iyad Abu Doush,et al.  Multi-Agent Systems - Modeling, Control, Programming, Simulations and Applications , 2011 .

[10]  Mark Talabis,et al.  Information Security Risk Assessment Toolkit: Practical Assessments through Data Collection and Data Analysis , 2012 .

[11]  Hicham Medromi,et al.  Information Security Risk Assessment — A Practical Approach with a Mathematical Formulation of Risk , 2014 .

[12]  Alan Calder,et al.  Information Security Risk Management for ISO27001/ISO27002 , 2010 .

[13]  Mário M. Freire,et al.  SAPA: Software Agents for Prevention and Auditing of Security Faults in Networked Systems , 2005, ICOIN.

[14]  Hicham Medromi,et al.  Autonomous and Intelligent Mobile Systems based on Multi-Agent Systems , 2011 .