查看文章

Several methodologies based on the international standard ISO/IEC 27001 have been developed for modelling information security management systems within higher education. This paper transformed the ISO/IEC 27001 standard into a questionnaire, which was sent digitally to about 100 universities in Bosnia and Herzegovina, and to the EU, Norway and the USA. The questions are arranged by levels, and the levels have their numerical weights, derived from individual questions in the levels themselves. Otherwise, the questions are asked with Yes or No and thus are reduced to binary variables. The rules necessary for the functioning of the system have been calculated. The fuzzy logic method represents a new approach to the problems of managing complex systems, which is very difficult to describe with a certain mathematical model, as well as in systems with a large number of inputs and outputs where there are unclear interactions. Risk assessment is a major part of the ISMS process. Traditional risk calculation models are based on the application of probability and classical set theory. Here, we have converted the risk assessment into a system rating of 5 to 10 numerically or from five to ten descriptively. We perform fuzzy optimization by finding the values of the input parameters of a complex simulated system, which results in the desired output. We use the fuzzy logic controller to execute fuzzy inference rules from the fuzzy rule database in determining congestion parameters, obtaining warning information and appropriate action. Simulating the situation of an advanced system that evaluates the protection quality of such a system with …