|Project Description: ||In order for organizations to determine the extent of a potential risk and threat associated with an IT application, they need to perform a risk assessment on such application. To perform such task, it is necessary for the assessor to obtain detailed information regarding the applications’ business purposes and what kind of data are processed and stored in each application.
This project, is an expert system that is capable of categorizing the organization’s IT applications and segregating them depending on the potential security risk into: critical, high, medium or low risk. The system will give each application an overall risk rating based on easy to understand questions to help the organization on its mission to securing its existing and all upcoming application. The knowledge base for this expert system will be acquired from two sources- personal expertise in the industry applying all the knowledge the developer gained from implementing and maintaining Information Security Management System (ISMS), as well as the work of others by following the best information security and risk standards such as ISO 27001, COBIT, and NIST as a guideline for the implementation and to determine the level of potential risk each application imposes to the organization.