1 research outputs found
The Security Assessment Domain: A Survey of Taxonomies and Ontologies
The use of ontologies and taxonomies contributes by providing means to define
concepts, minimize the ambiguity, improve the interoperability and manage
knowledge of the security domain. Thus, this paper presents a literature survey
on ontologies and taxonomies concerning the Security Assessment domain. We
carried out it to uncover initiatives that aim at formalizing concepts from the
Information Security and Test and Assessment fields of research. We applied a
systematic review approach in seven scientific databases. 138 papers were
identified and divided into categories according to their main contributions,
namely: Ontology, Taxonomy and Survey. Based on their contents, we selected 47
papers on ontologies, 22 papers on taxonomies, and 11 papers on surveys. A
taxonomy has been devised to be used in the evaluation of the papers.
Summaries, tables, and a preliminary analysis of the selected works are
presented. Our main contributions are: 1) an updated literature review,
describing key characteristics, results, research issues, and application
domains of the papers; and 2) the taxonomy for the evaluation process. We have
also detected gaps in the Security Assessment literature that could be the
subject of further studies in the field. This work is meant to be useful for
security researchers who wish to adopt a formal approach in their methods and
techniques