Ontology-based security assessment for software products
Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies
OVM: an ontology for vulnerability management
Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies
An information security ontology incorporating human-behavioural implications
Proceedings of the 2nd international conference on Security of information and networks
Basis for an integrated security ontology according to a systematic review of existing proposals
Computer Standards & Interfaces
Hi-index | 0.00 |
priately counteract occurring threats has increasingly become a crucial success factor. Traditional business process management provides concepts for the economical optimization of processes, while risk management focuses on the design of robust business processes. While aiming at the same goal, namely the improve- ment of business, the approaches how to reach this vary, due to a different understanding of improvement. Following this, op- timizing recommendations of business process management and risk management may be contradictory. Therefore, we proposed a unified method, integrating both points of views to enable risk-aware business process management and optimization. In this paper, we briefly describe the ROPE (Risk-Oriented Process Evaluation) methodology and the Security Ontology concept, which provides a solid knowledge base for an applicable and holistic company specific IT security approach. This heavy-weight ontology provides structured knowledge regarding the relations between threats, safeguards, and assets, which are crucial for modeling processes in ROPE. We show how the integration of the Security Ontology's knowledge base enhances the applicability of the ROPE methodology leading to improved risk-aware business process management.