2 research outputs found
A decision support system for corporations cyber security risk management
This thesis presents a decision aiding system named C3-SEC (Contex-aware Corporative
Cyber Security), developed in the context of a master program at Polytechnic Institute of
Leiria, Portugal. The research dimension and the corresponding software development
process that followed are presented and validated with an application scenario and case study
performed at Universidad de las Fuerzas Armadas ESPE – Ecuador.
C3-SEC is a decision aiding software intended to support cyber risks and cyber threats
analysis of a corporative information and communications technological infrastructure. The
resulting software product will help corporations Chief Information Security Officers
(CISO) on cyber security risk analysis, decision-making and prevention measures for the
infrastructure and information assets protection.
The work is initially focused on the evaluation of the most popular and relevant tools
available for risk assessment and decision making in the cyber security domain. Their
properties, metrics and strategies are studied and their support for cyber security risk
analysis, decision-making and prevention is assessed for the protection of organization's
information assets.
A contribution for cyber security experts decision support is then proposed by the means of
reuse and integration of existing tools and C3-SEC software. C3-SEC extends existing tools
features from the data collection and data analysis (perception) level to a full context-ware
reference model.
The software developed makes use of semantic level, ontology-based knowledge
representation and inference supported by widely adopted standards, as well as cyber
security standards (CVE, CPE, CVSS, etc.) and cyber security information data sources
made available by international authorities, to share and exchange information in this
domain. C3-SEC development follows a context-aware systems reference model addressing
the perception, comprehension, projection and decision/action layers to create corporative
scale cyber security situation awareness
Automatic knowledge exchange between ontologies and semantic graphs
The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.This paper presents an innovative knowledge management approach for the validation and transfer
of knowledge between semantic networks or ontologies and a target ontology represented in OWL
format. This process has been designed for addressing the quality improvement of ontologies
automatically created by learning techniques. The knowledge transfer process is a semi-automatic
computer aided method to assist the domain expert to improve the target ontology.
To validate our proposal, we have used an automatically generated target ontology. We used
knowledge transfer from the well-known Babelnet semantic graph and a manually generated
ontology to improve the quality of the target ontology. Finally, to show the suitability of our
proposal in the ontology fixing process, we compare the improved target ontology resulting from
the application of the proposed validation and knowledge transfer techniques with its original
version. We developed an example of our proposal in our OntologyFixer tool which is available
on a GitHub repository (https://github.com/gabyluna/OntologyFixer/tree/ontofixer_v2)