Security ontology: simulating threats to corporate assets

Authors:
Andreas Ekelhart;Stefan Fenz;Markus D. Klemen;Edgar R. Weippl
Affiliations:
Secure Business Austria — Security Research, Vienna, Austria;Secure Business Austria — Security Research, Vienna, Austria;Secure Business Austria — Security Research, Vienna, Austria;Secure Business Austria — Security Research, Vienna, Austria
Venue:
ICISS'06 Proceedings of the Second international conference on Information Systems Security
Year:
2006

Citing 4
Cited 6

A taxonomy of computer program security flaws

ACM Computing Surveys (CSUR)
Toward a Security Ontology

IEEE Security and Privacy
Ontological Engineering

Ontological Engineering
Basic Concepts and Taxonomy of Dependable and Secure Computing

IEEE Transactions on Dependable and Secure Computing

Security issues for the use of semantic web in e-commerce

BIS'07 Proceedings of the 10th international conference on Business information systems
Basis for an integrated security ontology according to a systematic review of existing proposals

Computer Standards & Interfaces
On the evolution of quality conceptualization techniques

The evolution of conceptual modeling
An ontology-based approach for occupational health

Proceedings of the 15th WSEAS international conference on Computers
Towards a framework for governance architecture management in cloud environments: A semantic perspective

Future Generation Computer Systems
Ontology-based representation of reusable security requirements for developing secure web applications

International Journal of Internet Technology and Secured Transactions

Quantified Score

Hi-index	0.00

Visualization

Abstract

Threat analysis and mitigation, both essential for corporate security, are time consuming, complex and demand expert knowledge. We present an approach for simulating threats to corporate assets, taking the entire infrastructure into account. Using this approach effective countermeasures and their costs can be calculated quickly without expert knowledge and a subsequent security decisions will be based on objective criteria. The ontology used for the simulation is based on Landwehr's [ALRL04] taxonomy of computer security and dependability.