Towards an Ontology for Enterprise Level Information Security Policy Analysis
Debashis Mandal, Chandan Mazumdar
2021
Abstract
Securing the information and ICT assets in an enterprise is a vital as well as a challenging task because of the increase in cyber-attacks. Information Security policies are designed for an enterprise to prevent security breaches. An enterprise needs to adhere to and abide by the policies for its disciplined functioning. Analysis of the policies is necessary to find their applicability, conflict detection, revision and compliance checking for the enterprise. To analyze the policies, it is necessary to decompose them into its constituent parts. This decomposition is facilitated by ontologies. An in-depth analysis of the policy decomposition show that the published information security ontologies are grossly inadequate for any policy analysis application. In this paper we present an approach for development of an ontology specifically for information security policy analysis. The structure of the ontology and its implementation are presented and the importance of this ontology in information security policy analysis is established.
DownloadPaper Citation
in Harvard Style
Mandal D. and Mazumdar C. (2021). Towards an Ontology for Enterprise Level Information Security Policy Analysis.In Proceedings of the 7th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-491-6, pages 492-499. DOI: 10.5220/0010248004920499
in Bibtex Style
@conference{icissp21,
author={Debashis Mandal and Chandan Mazumdar},
title={Towards an Ontology for Enterprise Level Information Security Policy Analysis},
booktitle={Proceedings of the 7th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2021},
pages={492-499},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0010248004920499},
isbn={978-989-758-491-6},
}
in EndNote Style
TY - CONF
JO - Proceedings of the 7th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Towards an Ontology for Enterprise Level Information Security Policy Analysis
SN - 978-989-758-491-6
AU - Mandal D.
AU - Mazumdar C.
PY - 2021
SP - 492
EP - 499
DO - 10.5220/0010248004920499