| Title |
Standard-oriented architecture for AI-powered information security risk management |
| Authors |
Chalyi, Oleksii ; Driaunys, Kęstutis ; Grigaliūnas, Šarūnas ; Brūzgienė, Rasa |
| DOI |
10.3390/electronics15061282 |
| Full Text |
|
| Is Part of |
Electronics.. Basel : MDPI. 2026, vol. 15, iss. 6, art. no. 1282, p. 1-25.. ISSN 2079-9292 |
| Keywords [eng] |
artificial intelligence ; cybersecurity ; information security ; international standards ; ISRM ; risk analysis ; risk management |
| Abstract [eng] |
This paper presents a standard-oriented architecture for automating information security risk management (ISRM) using artificial intelligence. The study first evaluates eight international frameworks (including COBIT 2019, NIST SP 800-53, and ISO 31000) for automation suitability, identifying ISO/IEC 27005 as the optimal structural foundation. Based on these findings, an architecture integrating Natural Language Processing and machine learning to automate risk identification, assessment, and treatment is proposed. A core component is a decision-making module that combines expert reasoning with a Multi-LLM consensus mechanism to ensure reliability. To provide exploratory support for the proposed architecture, a comparative study using five state-of-the-art Large Language Models (ChatGPT, Gemini Advanced, Grok, Microsoft Copilot, and DeepSeek Chat) was conducted on a standardized risk identification task. The results highlight strong cross-model consensus patterns, providing exploratory evidence that LLMs may support expert-informed risk identification and reasoning tasks while acknowledging the current limitations in complex reasoning. This approach proposes a transparent architectural foundation for AI-driven ISRM whose scalability must be established through future prototype-based evaluation, thereby bridging the gap between rigid compliance standards and generative AI capabilities. |
| Published |
Basel : MDPI |
| Type |
Journal article |
| Language |
English |
| Publication date |
2026 |
| CC license |
|
