An analysis of security incidents on the Internet 1989-1995
An analysis of security incidents on the Internet 1989-1995
Threat Modeling
| Hi-index | 0.00 |
We have developed a new security incident ontology that considers organizations and their systems in their entirety, rather than software alone. This includes the corresponding defensive classes to the offensive incident categories, as adverse events should also be considered from the defender's viewpoint taking its goals and specific circumstances into account. We have created a three-layer security architecture comprising the social, logical and physical levels that allows the planning of comprehensive defensive measures with complete and reinforcing attack surfaces that span all levels. These ideas allow a holistic analysis of incidents, including human and physical factors, rather than from a technical viewpoint alone, that can give comprehensive defense-in-depth to prevent, detect or recover from incidents. We will use OWL to give a well-defined semantics to the ontology, which could be used to give a formal basis to security incidents.