Maher Mohamed Gamal, Dr. Bahaa Hasan & Dr. Abdel Fatah Hegazy International Journal of Computer Science and Security (IJCSS), Volume (4) : Issue (6) 505 A Security Analysis Framework Powered by an Expert System Maher Mohamed Gamal mahergamal@gmail.com Computer Science Arab Academy of Science, Technology and Maritime Transport Cairo, Egypt Dr. Bahaa Hasan bahaa.hasan@asc-egypt.org Chairman & CEO of Arab Security Consultants (ASC) Cairo, Egypt Dr. Abdel Fatah Hegazy ahegazy@aast.edu Computer Science Arab Academy of Science, Technology and Maritime Transport Cairo, Egypt Abstract Today's IT systems are facing a major challenge in confronting the fast rate of emerging security threats. Although many security tools are being employed within organizations in order to standup to these threats, the information revealed is very inferior in providing a rich understanding to the consequences of the discovered vulnerabilities. We believe expert systems can play an important role in capturing any security expertise from various sources in order to provide the informative deductions we are looking for from the supplied inputs. Throughout this research effort, we have built the Open Security Knowledge Engineered (OpenSKE) framework 1, which is a security analysis framework built around an expert system in order to reason over the security information collected from external sources. Our implementation has been published online in order to facilitate and encourage online collaboration to increase the practical research within the field of security analysis. Keywords: Security Analysis, Expert System, Vulnerability Analysis, Security Framework, Attacks. 1. INTRODUCTION Probably any organization today will probably need to benefit from the productivity that computers bring by to many applications within the organization's field. Unfortunately, with this productivity, comes a great risk of being prone to computer security attacks due to any existing vulnerable or misconfigured software. This has led organizations today to leverage various security tools in order to keep up with the continuous threats to their valuable assets and services. Various security tools such as port scanners, anti-viruses, intrusion detection systems and similar programs have all proved their usefulness by providing network administrators with the necessary information in order to identify their systems' defects.