<![CDATA[The pace and complexity of modern cyber-attacks expose the limits of traditional ‘impact × likelihood’ risk matrices, which compress uncertainty into coarse categories and miss inter-dependent threat dynamics. We propose a three-layer multi-fuzzy inference system (MFIS) that models general infrastructure vulnerabilities and access-control weaknesses separately, then fuses them into a single, continuous 0-25 risk score. The framework was validated on three representative scenarios—catastrophic/continuous, serious/frequent, and minor/few attacks—encompassing sixteen threat criteria. Compared with a crisp 5 × 5 matrix, MFIS cut mean-absolute error and root-mean-square error by 90 to 99% and reproduced expert-panel judgments to within 0.55 points across all scenarios. Nine independent practitioners rated the prototype highly on usability (100% agreement), credibility (100%) and actionability (100%), with 78% willing to recommend adoption. These results demonstrate that MFIS delivers fine-grained, expert-aligned assessments without adding operational complexity, making it a viable drop-in replacement for time- or resource-constrained organizations. By capturing partial memberships and cross-domain interactions, MFIS offers a more faithful, adaptive and explainable basis for prioritizing cyber-defense investments and can be extended to emerging threat domains with modest rule-base updates.]]>
Copyrights © 2025
