Security Ontologies: Improving Quantitative Risk Analysis
HICSS '07 Proceedings of the 40th Annual Hawaii International Conference on System Sciences
Information Security Fortification by Ontological Mapping of the ISO/IEC 27001 Standard
PRDC '07 Proceedings of the 13th Pacific Rim International Symposium on Dependable Computing
SP 800-12. An Introduction to Computer Security: the NIST Handbook
SP 800-12. An Introduction to Computer Security: the NIST Handbook
Proceedings of the 3rd international conference on Security of information and networks
Hi-index | 0.00 |
Compared to the last decades, we have recently seen more and more governmental applications which are provided via the Internet directly to the citizens. Due to the long history of IT systems in the governmental sector and the connection of these legacy systems to newer technologies, most governmental institutions are faced with a heterogeneous IT environment. More and more governmental duties and responsibilities rely solely on IT systems which have to be highly dependable to ensure the proper operation of these governmental services. An increasing amount of software vulnerabilities and the generally heightened physical threat level due to terror attacks and natural disasters demand for a holistic IT security approach which captures, manages, and secures the entire governmental IT infrastructure. Our contribution is (1) a novel inventory solution, (2) a mechanism to embed the virtual IT infrastructure data into a physical model provided by our security ontology, and (3) a methodology to automatically identify threatened assets and to reason on the current security status based on formal threat definitions taking software configurations and physical locations into account. A prototypical implementation of the aforementioned concepts shows how these concepts help governmental institutions to secure their IT infrastructure in a holistic and systematic way to fortify their IT systems in an appropriate way against current and future threats.