The dissertation consists of an introduction, five main chapters, and general conclusions. The first chapter introduces ES for information security risk assessment, discusses the existing methods of forming and updating the ES knowledge base, and identifies potential sources of information security knowledge. The second chapter presents an approach to transforming ontologies into ES knowledge base rules. The third chapter presents a method for automatically transferring information from website (WEB) sources to the ES knowledge base. The fourth chapter presents an approach to transforming attack trees into ES knowledge base rules, which allows the ES knowledge base to be expanded with the risks of cyberattacks. The proposed methods are implemented and tested by importing the developed rules into Java Expert System Shell (JESS)-based ES. The fifth chapter describes the developed ES prototype for small and medium-sized enterprises (SMEs), whose knowledge base is created by applying the proposed automation methods.