Ontology-Based business knowledge for simulating threats to corporate assets

Authors:
Andreas Ekelhart;Stefan Fenz;Markus D. Klemen;A. Min Tjoa;Edgar R. Weippl
Affiliations:
Secure Business Austria – Security Research, Vienna, Austria;Secure Business Austria – Security Research, Vienna, Austria;Secure Business Austria – Security Research, Vienna, Austria;Secure Business Austria – Security Research, Vienna, Austria;Secure Business Austria – Security Research, Vienna, Austria
Venue:
PAKM'06 Proceedings of the 6th international conference on Practical Aspects of Knowledge Management
Year:
2006

Citing 3
Cited 0

Information Security Risk Analysis

Information Security Risk Analysis
Toward a Security Ontology

IEEE Security and Privacy
Basic Concepts and Taxonomy of Dependable and Secure Computing

IEEE Transactions on Dependable and Secure Computing

Quantified Score

Hi-index	0.00

Visualization

Abstract

We propose a security ontology, to provide a solid base for an applicable and holistic IT-Security approach for SMEs, enabling low-cost threat analysis. Based on the taxonomy of computer security and dependability by Landwehr [ALRL04] and the threat classification according to Peltier [Pel01], a heavy-weight ontology can be used to organize and systematically structure knowledge on threats, safeguards, and assets. The ontology is used in an organization to capture business knowledge required for and created during a security risk analysis where instances of concepts are added to the ontology to allow the simulation of different attack and disaster scenarios. Each scenario can be replayed with a different protection profile as to evaluate the effectiveness and the cost/benefit ratio of individual safeguards.