Abstract | ||
---|---|---|
Complexity of modern information systems (IS), impose novel security requirements. On the other hand, the ontology paradigm aims to support knowledge sharing and reuse in an explicit and mutually agreed manner. Therefore, in this paper we set the foundations for establishing a knowledge-based, ontology-centric framework with respect to the security management of an arbitrary IS. We demonstrate that the linking between high-level policy statements and deployable security controls is possible and the implementation is achievable. This framework may support critical security expert activities with respect to security requirements identification and selection of certain controls and countermeasures. In addition, we present a structured approach for establishing a security management framework and identify its critical parts. Our security ontology is being represented in a neutral manner, based on well-known security standards, extending widely used information systems modeling approaches. |
Year | DOI | Venue |
---|---|---|
2005 | 10.1007/11560326_12 | MMM-ACNS |
Keywords | Field | DocType |
ontology-based approach,security management,well-known security standard,deployable security control,ontology-centric framework,security ontology,novel security requirement,information systems security management,security requirements identification,critical part,security management framework,critical security expert activity,knowledge base,security policy,information system | Security convergence,Security testing,Security controls,Computer security,Computer science,Security service,Cloud computing security,Security information and event management,Computer security model,Security management | Conference |
Volume | ISSN | ISBN |
3685 | 0302-9743 | 3-540-29113-X |
Citations | PageRank | References |
13 | 1.33 | 17 |
Authors | ||
3 |
Name | Order | Citations | PageRank |
---|---|---|---|
Bill Tsoumas | 1 | 147 | 9.61 |
Stelios Dritsas | 2 | 139 | 11.96 |
Dimitris Gritzalis | 3 | 955 | 99.85 |