Ontology in Information Security

The past several years we have witnessed that information has become the most precious asset, while protection and security of information is becoming an ever greater challenge due to the large amount of knowledge necessary for organizations to successfully withstand external threats and attacks. This knowledge collected from the domain of information security can be formally described by security ontologies. A large number of researchers during the last decade have dealt with this issue, and in this paper we have tried to identify, analyze and systematize the relevant papers published in scientific journals indexed in selected scientific databases, in period from 2004 to 2014. This paper gives a review of literature in the field of information security ontology and identifies a total of 52 papers systematized in three groups: general security ontologies (12 papers), specific security ontologies (32 papers) and theoretical works (8 papers). The papers were of different quality and level of detail and varied from presentations of simple conceptual ideas to sophisticated frameworks based on ontology

Back to practice, a decade of research in E-government

E-government is a multidisciplinary field of research based initially on empirical insights from practice. Efforts to theoretically found the field have opened perspectives from multiple research domains. The goal of this chapter is to review evolution of the e-government field from an institutional and an academic point of view. Our position is that e-government is an emergent multidisciplinary field of research in which focus on practice is a prominent characteristic. Each chapter of the book is then briefly presented and is positioned according to a vision of the e-government domain of research.E-government, Case study, E-administration, Public domain

Run-time risk management in adaptive ICT systems

We will present results of the SERSCIS project related to risk management and mitigation strategies in adaptive multi-stakeholder ICT systems. The SERSCIS approach involves using semantic threat models to support automated design-time threat identification and mitigation analysis. The focus of this paper is the use of these models at run-time for automated threat detection and diagnosis. This is based on a combination of semantic reasoning and Bayesian inference applied to run-time system monitoring data. The resulting dynamic risk management approach is compared to a conventional ISO 27000 type approach, and validation test results presented from an Airport Collaborative Decision Making (A-CDM) scenario involving data exchange between multiple airport service providers

DevOps Ontology - An ontology to support the understanding of DevOps in the academy and the software industry

Currently, the degree of knowledge about what DevOps really means and what it entails is still limited. This can result in an informal and even incorrect implementation in many cases. Although several proposals related to DevOps adoption can be found, confusion is not uncommon and terminology conflict between the proposals is still evident. This article proposes DevOps Ontology, a semi-formal ontology that proposes a generic, consistent, and clear language to enable the dissemination of information related to implementing DevOps in software development. The ontology presented in this article facilitates the understanding of DevOps by identifying the relationships between software process elements and the agile principles/values that may be related to them. The DevOps Ontology has been defined considering the following aspects: the REFSENO formalism that uses the representation in UML was used and the language OWL language using Prótegé and HermiT Reasoner to evaluate the consistency of its structure. Likewise, it was satisfactorily evaluated in three application cases: a theoretical validation; instantiation of the continuous integration and deployment practices proposed by the company GitLab. Furthermore, a mobile app was created to retrieve information from the DevOps Ontology using the SPARQL protocol and RDF language. The app also evaluated the Ontology’s proficiency in responding to knowledge-based questions using SPARQL. The results showed that DevOps Ontology is consistent, complete, and concise, i.e.: to say: the consistency could be observed in the ability to be able to infer knowledge from the ontology, ensuring that the ontology is complete by checking for any incompleteness and verifying that all necessary definitions and inferences are well-established. Additionally, the ontology was assessed for conciseness to ensure that it doesn't contain redundant or unnecessary definitions. Furthermore, it has the potential for improvement by incorporating new concepts and relationships as needed. The newly suggested ontology creates a set of terms that provide a systematic and structured approach to organizing the existing knowledge in the field. This helps to minimize the confusion, inconsistency, and heterogeneity of the terminologies and concepts in the area of interest

A framework for deriving semantic web services

Web service-based development represents an emerging approach for the development of distributed information systems. Web services have been mainly applied by software practitioners as a means to modularize system functionality that can be offered across a network (e.g., intranet and/or the Internet). Although web services have been predominantly developed as a technical solution for integrating software systems, there is a more business-oriented aspect that developers and enterprises need to deal with in order to benefit from the full potential of web services in an electronic market. This ‘ignored’ aspect is the representation of the semantics underlying the services themselves as well as the ‘things’ that the services manage. Currently languages like the Web Services Description Language (WSDL) provide the syntactic means to describe web services, but lack in providing a semantic underpinning. In order to harvest all the benefits of web services technology, a framework has been developed for deriving business semantics from syntactic descriptions of web services. The benefits of such a framework are two-fold. Firstly, the framework provides a way to gradually construct domain ontologies from previously defined technical services. Secondly, the framework enables the migration of syntactically defined web services toward semantic web services. The study follows a design research approach which (1) identifies the problem area and its relevance from an industrial case study and previous research, (2) develops the framework as a design artifact and (3) evaluates the application of the framework through a relevant scenario

XML-based approaches for the integration of heterogeneous bio-molecular data

Background: The today's public database infrastructure spans a very large collection of heterogeneous biological data, opening new opportunities for molecular biology, bio-medical and bioinformatics research, but raising also new problems for their integration and computational processing. Results: In this paper we survey the most interesting and novel approaches for the representation, integration and management of different kinds of biological data by exploiting XML and the related recommendations and approaches. Moreover, we present new and interesting cutting edge approaches for the appropriate management of heterogeneous biological data represented through XML. Conclusion: XML has succeeded in the integration of heterogeneous biomolecular information, and has established itself as the syntactic glue for biological data sources. Nevertheless, a large variety of XML-based data formats have been proposed, thus resulting in a difficult effective integration of bioinformatics data schemes. The adoption of a few semantic-rich standard formats is urgent to achieve a seamless integration of the current biological resources. </p

Using Semantic Web technologies in the development of data warehouses: A systematic mapping

The exploration and use of Semantic Web technologies have attracted considerable attention from researchers examining data warehouse (DW) development. However, the impact of this research and the maturity level of its results are still unclear. The objective of this study is to examine recently published research articles that take into account the use of Semantic Web technologies in the DW arena with the intention of summarizing their results, classifying their contributions to the field according to publication type, evaluating the maturity level of the results, and identifying future research challenges. Three main conclusions were derived from this study: (a) there is a major technological gap that inhibits the wide adoption of Semantic Web technologies in the business domain;(b) there is limited evidence that the results of the analyzed studies are applicable and transferable to industrial use; and (c) interest in researching the relationship between DWs and Semantic Web has decreased because new paradigms, such as linked open data, have attracted the interest of researchers.This study was supported by the Universidad de La Frontera, Chile, PROY. DI15-0020. Universidad de la Frontera, Chile, Grant Numbers: DI15-0020 and DI17-0043

Understanding and Specifying Information Security Needs to Support the Delivery of High Quality Security Services

In this paper we present an approach for specifying and prioritizing information security requirements in organizations. It is important to prioritize security requirements since hundred per cent security is\ud not achievable and the limited resources available should be directed to satisfy the most important ones. We propose to explicitly link security requirements with the organization’s business vision, i.e. to provide business\ud rationale for security requirements. The rationale is then used as a basis for comparing the importance of different security requirements.\ud Furthermore we discuss how to integrate the aforementioned solution concepts into a service level management process for security services, which is an important step in IT Governance. We validate our approach by way of a focus group session