An Ontology Approach in Designing Security Information Systems to Support Organizational Security Risk Knowledge

Teresa Pereira, Henrique Santos

Abstract

Organizations increasingly demand faster and flexible operations promoted by information and communication technologies, particularly on the Internet and the newer technologies, such as the internet-enabled services, mobile and wireless devices and networks, with a complete disregard of their security vulnerabilities and underestimating risks that this new technologies impose. A proper information security risk management is difficult and becomes crucial to ensure the daily operational activities of organizations as well as to promote competition and to create new business opportunities. Moreover there is a lack of formal and flexible models to support a proper information security risk management process. This paper presents an ontology developed in the security domain aimed to support organizations to deal with huge security information issues and therefore implement a proper management to facilitate the decision-making regarding their security needs.

References

  1. Alberts, C., Dorofee, A., Managing Information Security Risks: The OCTAVE (SM) Approach. 1st ed. Addison Wesley.
  2. Bishop, M., 2004. Introduction to Computer Security. 2nd ed. Addison-Wesley Professional.
  3. Blanco, C., Lasheras, J., Fernández-Medina, E., ValenciaGarcía, R., Toval, A. “Basis for an integrated security ontology according to a systematic review of existing proposals”, Computer Standards & Interfaces, 33 (4), 2007, pp. 372-388.
  4. Common criteria for information technology security evaluation, Part I: introduction and general model, version 3.1, revision 1, CCMB-2006-09-001, September 2006.
  5. Donner, M. “Toward a security ontology”. IEEE Computer Society, 1(3), 2003, pp. 6-7.
  6. Ekelhart, A., Fenz, S., Neubauer, T. “Ontology-based decision support for information security risk management”, In: R. Ege, W. Quattrociocchi, D. Dragomirescu, O. Dini, eds. Proc. The Fourth International Conference on Systems (ICONS 2009), Gosier, Guadeloupe/France. IEEE Computer Society, 1-6 March 2009, pp. 80-85.
  7. Hoo, K. J. S. “How much is enough? A risk-management approach to computer security”, Workshop on Economics and Information Security, 16-17 May 2002 University of California, Berkeley.
  8. ISO/IEC, 2009. ISO/IEC 2nd WD 27002 (revision) - Information technology - Security techniques - Code of practice for information security management. ISO copyright office: Geneva, Switzerland.
  9. ISO/IEC_JTC1, 2008. ISO/IEC FDIS 27005 Information Technology - Security Techniques - Information Security Risk Management. ISO copyright office: Geneva, Switzerland.
  10. Onwubiko, C., Lenaghan, A. P. “Challenges and complexities of managing information security”, International Journal of Electronic Security and Digital Forensics, 2(3), 2009, pp. 306-321.
  11. OECD, OECD Guidelines for the security of information systems and networks: Towards a culture of security. 2002, Paris.
  12. Pfleeger, C., Shari, L. Security in Computing, 4th ed. Prentice Hall PTR, 2007.
  13. Santos, H. ISO/IEC 27001. A norma das norma em Segurança da informação, 2006.
  14. Smith, M. K., Welty, C., McGuinness, D. L., “OWL Web Ontology Language Guide. W3C Recommendation 10 February 2004” [on-line], W3C, 2004. Available from: http://www.w3.org/TR/owl-guide/. [Accessed 20 May 2010].
  15. Tsoumas, B. and Gritzalis, D. “Towards an Ontologybased security management”. Proc. 20th International Conference on Advanced Information Networking and Applications, IEEE Computer Society, 18-20 April 2006 Vienna. Vienna University of Technology.
Download


Paper Citation


in Harvard Style

Pereira T. and Santos H. (2012). An Ontology Approach in Designing Security Information Systems to Support Organizational Security Risk Knowledge . In Proceedings of the International Conference on Knowledge Engineering and Ontology Development - Volume 1: SSEO, (IC3K 2012) ISBN 978-989-8565-30-3, pages 461-466. DOI: 10.5220/0004180004610466


in Bibtex Style

@conference{sseo12,
author={Teresa Pereira and Henrique Santos},
title={An Ontology Approach in Designing Security Information Systems to Support Organizational Security Risk Knowledge},
booktitle={Proceedings of the International Conference on Knowledge Engineering and Ontology Development - Volume 1: SSEO, (IC3K 2012)},
year={2012},
pages={461-466},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0004180004610466},
isbn={978-989-8565-30-3},
}


in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Knowledge Engineering and Ontology Development - Volume 1: SSEO, (IC3K 2012)
TI - An Ontology Approach in Designing Security Information Systems to Support Organizational Security Risk Knowledge
SN - 978-989-8565-30-3
AU - Pereira T.
AU - Santos H.
PY - 2012
SP - 461
EP - 466
DO - 10.5220/0004180004610466