Abstract

Information security auditing plays key role in providing any organization's good security level. By reason of high expenses of the audit process implementation, the automation of it through the development of the software may lead to a creation of a good alternative that will reduce costs, speed up the process of audit and improve its quality by the bringing it to compliance with international standards in information security. We suggest that fuzzy expert systems techniques can offer significant benefits when applied to this area. This paper presents some issues of the development of methodology and ontology for expert systems application concerning Information Security Audit (Expert System in Information Security Audit - ESISA).