This research investigates the possibility of utilising the implicit and explicit knowledge of cybersecurity professionals in order to help small and medium-sized businesses (SMEs) in assessing the level of security that their information and knowledge systems possess. A dominance-based rough set approach serves as the foundation for the proposed strategy, which consists of two primary stages. In order to generate three ordered decision classes, the first phase requires the construction of a set of criteria and preference models, which are guided by seasoned security specialists. Validation of this preference model is performed with the help of test data during the second step. Forty-three small and medium-sized enterprises (SMEs) and 15 cybersecurity specialists participated in the testing of the method. By taking this method, firm managers are able to better anticipate cybersecurity risks, provide a comprehensive review of information system security, and reduce the likelihood of cyberattacks.
Saad et al. (Thu,) studied this question.