ISSN 2630-0583 (Print)

ISSN 2630-0656 (Online)


Journal of Current Science and Technology

Journal of Current Science and Technology. Vol.8 No.1 , January - June 2018.

Fuzzy rule-based risk management under ISO/IEC27001:2013 standard for information security

Pichit Boonkrong and Chuleekorn Nuansomsri


This paper aims to identify, assess and offer management guideline of operational risk on information and communication technology (ICT) under ISO/IEC 27001:2013 standard using Mamdani fuzzy model-based management. Qualitative research methodology and research standard questionnaires were employed for collecting data from 21 surveyees related to ICT fields in January 2017. The fuzzy logic-based risk matrices were used in risk assessment. The uncertainties and imprecision of the complex risk management are better described by fuzzy rule-based reasoning. From the case study, the results show that the risk on ICT has high levels in five criteria including security policy for information, information security related to personnel, physical and environmental security, management in information security and organizational continuity management. Guidelines on risk management are also introduced as an integral part of good management.

Keywords: fuzzy set, IEC, information security, ISO, Mamdani fuzzy model, risk management

Download Full Paper.