An ontology-based approach to information systems security management

Authors:
Bill Tsoumas;Stelios Dritsas;Dimitris Gritzalis
Affiliations:
Dept. of Informatics, Athens University of Economics and Business, Athens, Greece;Dept. of Informatics, Athens University of Economics and Business, Athens, Greece;Dept. of Informatics, Athens University of Economics and Business, Athens, Greece
Venue:
MMM-ACNS'05 Proceedings of the Third international conference on Mathematical Methods, Models, and Architectures for Computer Network Security
Year:
2005

Citing 10
Cited 4

Integrated management of networked systems: concepts, architectures, and their operational application

Integrated management of networked systems: concepts, architectures, and their operational application
A collaborative approach to ontology design

Communications of the ACM - Ontology: different ways of representing the same concept
Ontology in information security: a useful theoretical foundation and methodological tool

Proceedings of the 2001 workshop on New security paradigms
KAON - Towards a Large Scale Semantic Web

EC-WEB '02 Proceedings of the Third International Conference on E-Commerce and Web Technologies
The Ponder Policy Specification Language

POLICY '01 Proceedings of the International Workshop on Policies for Distributed Systems and Networks
Ontobroker: Ontology Based Access to Distributed and Semi-Structured Information

DS-8 Proceedings of the IFIP TC2/WG2.6 Eighth Working Conference on Database Semantics- Semantic Issues in Multimedia Systems
A Policy Language for a Pervasive Computing Environment

POLICY '03 Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks
Toward a Security Ontology

IEEE Security and Privacy
Implementation of the CIM Policy Model Using PONDER

POLICY '04 Proceedings of the Fifth IEEE International Workshop on Policies for Distributed Systems and Networks
Evolving GATE to meet new challenges in language engineering

Natural Language Engineering

Secure information sharing between heterogeneous embedded devices

Proceedings of the Fourth European Conference on Software Architecture: Companion Volume
Ontological approach toward cybersecurity in cloud computing

Proceedings of the 3rd international conference on Security of information and networks
Toward risk assessment as a service in cloud environments

HotCloud'10 Proceedings of the 2nd USENIX conference on Hot topics in cloud computing
An ontology-based approach for occupational health

Proceedings of the 15th WSEAS international conference on Computers

Quantified Score

Hi-index	0.00

Visualization

Abstract

Complexity of modern information systems (IS), impose novel security requirements. On the other hand, the ontology paradigm aims to support knowledge sharing and reuse in an explicit and mutually agreed manner. Therefore, in this paper we set the foundations for establishing a knowledge-based, ontology-centric framework with respect to the security management of an arbitrary IS. We demonstrate that the linking between high-level policy statements and deployable security controls is possible and the implementation is achievable. This framework may support critical security expert activities with respect to security requirements identification and selection of certain controls and countermeasures. In addition, we present a structured approach for establishing a security management framework and identify its critical parts. Our security ontology is being represented in a neutral manner, based on well-known security standards, extending widely used information systems modeling approaches.