Security Ontologies: Improving Quantitative Risk Analysis

IT-security has become a much diversified field and small and medium sized enterprises (SMEs), in particular, do not have the financial ability to implement a holistic IT-security approach. We thus propose a security ontology, to provide a solid base for an applicable and holistic IT-security approa...

Full description

Saved in:
Bibliographic Details
Main Authors: Ekelhart, A., Fenz, S., Klemen, M., Weippl, E.
Format: Conference Proceeding
Language:English
Subjects:
Computational modeling
Computer security
Ontologies
Protection
Risk analysis
Risk management
Solids
Taxonomy
Terminology
Vocabulary
Citations: Items that cite this one
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:IT-security has become a much diversified field and small and medium sized enterprises (SMEs), in particular, do not have the financial ability to implement a holistic IT-security approach. We thus propose a security ontology, to provide a solid base for an applicable and holistic IT-security approach for SMEs, enabling low-cost risk management and threat analysis. Based on the taxonomy of computer security and dependability by Landwehr, a heavy-weight ontology can be used to organize and systematically structure knowledge on threats, safeguards, and assets. Using this ontology, each threat scenario can be simulated with a different protection profile as to evaluate the effectiveness and the cost/benefit ratio of individual safeguards
ISSN:2572-6862
DOI:10.1109/HICSS.2007.478