Formalizing information security knowledge

Authors:
Stefan Fenz;Andreas Ekelhart
Affiliations:
Vienna University of Technology, Vienna, Austria;Secure Business Austria, Vienna, Austria
Venue:
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
Year:
2009

Citing 21
Cited 11

Information systems security design methods: implications for information systems development

ACM Computing Surveys (CSUR)
Toward principles for the design of ontologies used for knowledge sharing

International Journal of Human-Computer Studies - Special issue: the role of formal ontology in the information technology
Coping with systems risk: security planning models for management decision making

MIS Quarterly
Ontology in information security: a useful theoretical foundation and methodological tool

Proceedings of the 2001 workshop on New security paradigms
Information Security Risk Analysis

Information Security Risk Analysis
What Is Computer Security?

IEEE Security and Privacy
Enemy at the gate: threats to information security

Communications of the ACM - Program compaction
The description logic handbook: theory, implementation, and applications

The description logic handbook: theory, implementation, and applications
Security Engineering with Patterns: Origins, Theoretical Models, and New Applications

Security Engineering with Patterns: Origins, Theoretical Models, and New Applications
OntoKhoj: a semantic web portal for ontology searching, ranking and classification

WIDM '03 Proceedings of the 5th ACM international workshop on Web information and data management
Basic Concepts and Taxonomy of Dependable and Secure Computing

IEEE Transactions on Dependable and Secure Computing
An ontology for secure e-government applications

ARES '06 Proceedings of the First International Conference on Availability, Reliability and Security
A knowledge architecture for IT security

Communications of the ACM - Creating a science of games
Enabling experts to build knowledge bases from science textbooks

Proceedings of the 4th international conference on Knowledge capture
AMBRA: automated model-based risk analysis

Proceedings of the 2007 ACM workshop on Quality of protection
Synergy between data warehousing and knowledge management: three industries reviewed

International Journal of Information Technology and Management
Grand Challenges in Information Security: Process and Output

IEEE Security and Privacy
Review: Knowledge management and knowledge management systems: conceptual foundations and research issues

MIS Quarterly
Security ontology for annotating resources

OTM'05 Proceedings of the 2005 OTM Confederated international conference on On the Move to Meaningful Internet Systems: CoopIS, COA, and ODBASE - Volume Part II
SP 800-12. An Introduction to Computer Security: the NIST Handbook

SP 800-12. An Introduction to Computer Security: the NIST Handbook
SP 800-30. Risk Management Guide for Information Technology Systems

SP 800-30. Risk Management Guide for Information Technology Systems

How to determine threat probabilities using ontologies and Bayesian networks

Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies
Multi-aspect security configuration assessment

Proceedings of the 2nd ACM workshop on Assurable and usable security configuration
Ontology-based generation of IT-security metrics

Proceedings of the 2010 ACM Symposium on Applied Computing
Threat agents: a necessary component of threat analysis

Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research
Ontological approach toward cybersecurity in cloud computing

Proceedings of the 3rd international conference on Security of information and networks
A collaborative ontology development tool for information security managers

Proceedings of the 4th Symposium on Computer Human Interaction for the Management of Information Technology
An ontology- and Bayesian-based approach for determining threat probabilities

Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Basis for an integrated security ontology according to a systematic review of existing proposals

Computer Standards & Interfaces
An ontology-based approach for constructing Bayesian networks

Data & Knowledge Engineering
Policy-Based vulnerability assessment for virtual organisations

CSS'12 Proceedings of the 4th international conference on Cyberspace Safety and Security
Ontology-based representation of reusable security requirements for developing secure web applications

International Journal of Internet Technology and Secured Transactions

Quantified Score

Hi-index	0.01

Visualization

Abstract

Unified and formal knowledge models of the information security domain are fundamental requirements for supporting and enhancing existing risk management approaches. This paper describes a security ontology which provides an ontological structure for information security domain knowledge. Besides existing best-practice guidelines such as the German IT Grundschutz Manual also concrete knowledge of the considered organization is incorporated. An evaluation conducted by an information security expert team has shown that this knowledge model can be used to support a broad range of information security risk management approaches.