24 research outputs found
Semantics for incident identification and resolution reports
In order to achieve a safe and systematic treatment of security protocols, organizations release a number of technical
briefings describing how to detect and manage security incidents. A critical issue is that this document set may suffer from
semantic deficiencies, mainly due to ambiguity or different granularity levels of description and analysis. An approach to
face this problem is the use of semantic methodologies in order to provide better Knowledge Externalization from incident
protocols management. In this article, we propose a method based on semantic techniques for both, analyzing and specifying
(meta)security requirements on protocols used for solving security incidents. This would allow specialist getting better
documentation on their intangible knowledge about them.Ministerio de Economía y Competitividad TIN2013-41086-
Towards a new generation of security requirements definition methodology using ontologies
International audienceIn recent years, security in Information Systems (IS) has become an important issue, and needs to be taken into account in all stages of IS development, including the early phase of Requirement Engineering (RE). Recent studies proposed some useful approaches for security requirements definition but analysts still suffer from a considerable lack of knowledge about security and domain field. Ontologies are known to be wide sources of knowledge. We propose in this research to include ontologies into the requirements engineering process. Ontologies are factors in achieving success in requirements elicitation of high quality
An overview of security ontologies
This paper presents an overview of ontologies in Information Systems Security.
Information Systems Security is a broad and dynamic area that clearly benefits from the formalizations of concepts provided by ontologies. After a very short presentation of ontologies and Semantic Web, several works in Security Ontologies targeting different aspects of security engineering are presented together with another study that compares
several publicly available security ontologies
Cyber Threat Intelligence Model: An Evaluation of Taxonomies, Sharing Standards, and Ontologies within Cyber Threat Intelligence
Cyber threat intelligence is the provision of evidence-based knowledge about
existing or emerging threats. Benefits of threat intelligence include increased
situational awareness and efficiency in security operations and improved
prevention, detection, and response capabilities. To process, analyze, and
correlate vast amounts of threat information and derive highly contextual
intelligence that can be shared and consumed in meaningful times requires
utilizing machine-understandable knowledge representation formats that embed
the industry-required expressivity and are unambiguous. To a large extend, this
is achieved by technologies like ontologies, interoperability schemas, and
taxonomies. This research evaluates existing cyber-threat-intelligence-relevant
ontologies, sharing standards, and taxonomies for the purpose of measuring
their high-level conceptual expressivity with regards to the who, what, why,
where, when, and how elements of an adversarial attack in addition to courses
of action and technical indicators. The results confirmed that little emphasis
has been given to developing a comprehensive cyber threat intelligence ontology
with existing efforts not being thoroughly designed, non-interoperable and
ambiguous, and lacking semantic reasoning capability
Model Driven Information Security Management - Evaluating and Applying the Meta Model of ISO 27001
Information technology has had a significant impact on business operations and allowed the emergence of new business models. These IT-enabled processes and businesses however depend on secure information systems which need to be managed. The management of information systems security (ISS) is a highly dynamic and complex task due to constant change in the information technology domain. In this paper we propose the use of a meta model to aid ISS managers in setting up a holistic information security management system (ISMS). For this we describe how an adapted meta model of ISO 27001, a security standard for ISMS, can be used to aid with general phases of ISS management. We demonstrate how models can support ISS managers in their endeavors. The paper concludes with a pragmatic evaluation by providing an example of how such a meta model can be operationalized for vulnerability identification, before discussing potential future research
Automated Expert System Knowledge Base Development Method for Information Security Risk Analysis
Information security risk analysis is a compulsory requirement both from the side of regulating documents and information security management decision making process. Some researchers propose using expert systems (ES) for process automation, but this approach requires the creation of a high-quality knowledge base. A knowledge base can be formed both from expert knowledge or information collected from other sources of information. The problem of such approach is that experts or good quality knowledge sources are expensive. In this paper we propose the problem solution by providing an automated ES knowledge base development method. The method proposed is novel since unlike other methods it does not integrate ontology directly but utilizes automated transformation of existing information security ontology elements into ES rules: The Web Ontology Rule Language (OWL RL) subset of ontology is segregated into Resource Description Framework (RDF) triplets, that are transformed into Rule Interchange Format (RIF); RIF rules are converted into Java Expert System Shell (JESS) knowledge base rules. The experiments performed have shown the principal method applicability. The created knowledge base was later verified by performing comparative risk analysis in a sample company
Ontology in Information Security
The past several years we have witnessed that information has become the most precious asset, while protection and security of information is becoming an ever greater challenge due to the large amount of knowledge necessary for organizations to successfully withstand external threats and attacks. This knowledge collected from the domain of information security can be formally described by security ontologies. A large number of researchers during the last decade have dealt with this issue, and in this paper we have tried to identify, analyze and systematize the relevant papers published in scientific journals indexed in selected scientific databases, in period from 2004 to 2014. This paper gives a review of literature in the field of information security ontology and identifies a total of 52 papers systematized in three groups: general security ontologies (12 papers), specific security ontologies (32 papers) and theoretical works (8 papers). The papers were of different quality and level of detail and varied from presentations of simple conceptual ideas to sophisticated frameworks based on ontology