A collaborative ontology development tool for information security managers

Authors:
John C. Mace;Simon Parkin;Aad van Moorsel
Affiliations:
Newcastle University, Newcastle upon Tyne, United Kingdom;Newcastle University, Newcastle upon Tyne, United Kingdom;Newcastle University, Newcastle upon Tyne, United Kingdom
Venue:
Proceedings of the 4th Symposium on Computer Human Interaction for the Management of Information Technology
Year:
2010

Citing 7
Cited 2

Enterprise resource planning systems: systems, life cycle, electronic commerce, and risk

Enterprise resource planning systems: systems, life cycle, electronic commerce, and risk
Toward a Security Ontology

IEEE Security and Privacy
Collaborative knowledge capture in ontologies

Proceedings of the 3rd international conference on Knowledge capture
Information Security Fortification by Ontological Mapping of the ISO/IEC 27001 Standard

PRDC '07 Proceedings of the 13th Pacific Rim International Symposium on Dependable Computing
Formalizing information security knowledge

Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
An information security ontology incorporating human-behavioural implications

Proceedings of the 2nd international conference on Security of information and networks
OntoWiki – a tool for social, semantic collaboration

ISWC'06 Proceedings of the 5th international conference on The Semantic Web

A stealth approach to usable security: helping IT security managers to identify workable security solutions

Proceedings of the 2010 workshop on New security paradigms
GROUP workshop proposal: collaboration in managing computer systems

Proceedings of the 17th ACM international conference on Supporting group work

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper explores the need for a collaborative development tool to allow information security experts to capture their interrelated knowledge in an ontology. Such a tool would enable organisations to make more informed security policy decisions around shared security issues. However, population of ontologies can be time-consuming and error-prone, and current collaborative ontology editing tools require a familiarity with ontology concepts. We present a Web-oriented tool which simplifies ontology population for information security experts, allowing them to develop ontology content without the need to understand ontology concepts. To understand how organisations manage information security knowledge within policies, we consulted two information security managers in large organisations. The Web-Protégé collaborative ontology editor was then modified to create a tool with an appropriate knowledge ontology structure that meets their requirements. The same information security managers then evaluated the tool, judging it to be accessible and potentially useful in policy decision-making.