Formalizing information security knowledge

12 years 9 months ago
Formalizing information security knowledge
Unified and formal knowledge models of the information security domain are fundamental requirements for supporting and enhancing existing risk management approaches. This paper describes a security ontology which provides an ontological structure for information security domain knowledge. Besides existing best-practice guidelines such as the German IT Grundschutz Manual also concrete knowledge of the considered organization is incorporated. An evaluation conducted by an information security expert team has shown that this knowledge model can be used to support a broad range of information security risk management approaches. Categories and Subject Descriptors I.2.4 [Knowledge Representation Formalisms and Methods]: Representations (procedural and rule-based) General Terms Security Keywords Security ontology, information security, risk management
Stefan Fenz, Andreas Ekelhart
Added 23 Nov 2009
Updated 23 Nov 2009
Type Conference
Year 2009
Where CCS
Authors Stefan Fenz, Andreas Ekelhart
Comments (0)