Design and Implementation of a Comprehensive Information Security Risk Management Tool based on Multi-agents Systems

Abstract

While there are many framework that help users in Governance, Risk, and Compliance (GRC), we know of none which actually try to automate the process by using multi agent systems. The Team of Systems’ Architecture proposes an integrated IT GRC architecture for a high level IT GRC management. This article focuses on IT Risk topic and presents a new approach for a multi-agent expert system, where managers of IT GRC can in an intelligent manner specify the IT needs following the strategic directives through a questionnaire about specific business goals. The key element that differentiates this research from the previous ones is that none of them are based on multi-agents system. The system was verified on concrete example. Future works consists on realizing a practical example of the proposed subsystem on real company systems that are involved in the research in order to overcomes obstacles and achieve IT organization objectives. General Terms Security risk assessment, risk management system, information system