Data-driven Security Assessments for Predicting Information Security Maturity Levels

This study investigates the use of machine learning to improve Information Security Risk Assessment (ISRA), with a particular emphasis on the KAMI framework, which is adapted from ISO 27001. It compares the performance of conventional machine learning algorithms, such as Logistic Regression, Random...

Full description

Saved in:
Bibliographic Details
Published in:Journal of internet services and information security Vol. 15; no. 2; pp. 906 - 925
Main Authors: Muhammad, Alva Hendi, Hanafi, Hanafi, Ari Yuana, Kumara, Ghozali, Bahrun, Haris, Ruby
Format: Journal Article
Language:English
Published: 30.05.2025
ISSN:2182-2069, 2182-2077
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:This study investigates the use of machine learning to improve Information Security Risk Assessment (ISRA), with a particular emphasis on the KAMI framework, which is adapted from ISO 27001. It compares the performance of conventional machine learning algorithms, such as Logistic Regression, Random Forest, Decision Tree, and Support Vector Machine, with advanced boosting methods, including CatBoost, Gradient Boosting, LightGBM, and XGBoost. Findings reveal that boosting models outperform traditional classifiers, with CatBoost achieving the highest accuracy (98.45%) and balanced evaluation metrics, demonstrating strong capabilities in managing complex and imbalanced datasets. The integration of machine learning into the KAMI framework effectively addresses key cybersecurity challenges, including the analysis of unstructured data and the expansion of assessment coverage. This research highlights the practical benefits for organizations and technology providers by showing how ML-powered tools can streamline risk assessments, enhance strategic decision-making, and strengthen cybersecurity resilience. By aligning with global standards and utilizing AI, the study contributes to the advancement of efficient and scalable ISRA methodologies, paving the way for future innovation at the intersection of machine learning and cybersecurity
ISSN:2182-2069
2182-2077
DOI:10.58346/JISIS.2025.I2.060