Resumen
This paper proposes a novel approach of knowledge base formation for expert systems, dedicated to IT security risk analysis, using attack trees as a source of information. Automating the conversion of attack trees to a format that expert systems can use can be applied for minimizing time expenses while creating the knowledge base of an expert system and keeping it up to date, and for further applications as a risk assessment tool by small?medium enterprises.