Advertisement

Ontology-Based Business Knowledge for Simulating Threats to Corporate Assets

  • Andreas Ekelhart
  • Stefan Fenz
  • Markus D. Klemen
  • A. Min Tjoa
  • Edgar R. Weippl
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4333)

Abstract

We propose a security ontology, to provide a solid base for an applicable and holistic IT-Security approach for SMEs, enabling low-cost threat analysis. Based on the taxonomy of computer security and dependability by Landwehr [ALRL04] and the threat classification according to Peltier [Pel01], a heavy-weight ontology can be used to organize and systematically structure knowledge on threats, safeguards, and assets. The ontology is used in an organization to capture business knowledge required for and created during a security risk analysis where instances of concepts are added to the ontology to allow the simulation of different attack and disaster scenarios. Each scenario can be replayed with a different protection profile as to evaluate the effectiveness and the cost/benefit ratio of individual safeguards.

Keywords

Infrastructure Element Disaster Scenario Entire Building Security Ontology Outage Cost 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. [ALRL04]
    Avizienis, A., Laprie, J.-C., Randell, B., Landwehr, C.E.: Basic concepts and taxonomy of dependable and secure computing. IEEE Trans. Dependable Sec. Comput. 1(1), 11–33 (2004)CrossRefGoogle Scholar
  2. [COB06]
    Cobit (2006), http://www.isaca.org/
  3. [Don03]
    Donner, M.: Toward a security ontology. IEEE Security and Privacy 1(3), 6–7 (2003)Google Scholar
  4. [Hau00]
    Hauser, H.E.: Smes in germany, facts and figures 2000. Institut für Mittelstandsforschung, Bonn (2000)Google Scholar
  5. [ISO06]
    Iso17799 (2006), http://www.iso.org/
  6. [OWL04]
    Owl web ontology language (2004), http://www.w3.org/TR/owl-features/
  7. [Pel01]
    Peltier, T.R.: Information Security Risk Analysis Boca Raton. Auerbach Publications, Boca Raton, Florida (2001)Google Scholar
  8. [Pro05]
    The protege ontology editor and knowledge acquisition system (2005), http://protege.stanford.edu/
  9. [SPA06]
    Sparql query language for rdf (2006), http://www.w3.org/TR/rdf-sparql-query/

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Andreas Ekelhart
    • 1
  • Stefan Fenz
    • 1
  • Markus D. Klemen
    • 1
  • A. Min Tjoa
    • 1
  • Edgar R. Weippl
    • 1
  1. 1.Secure Business Austria – Security ResearchViennaAustria

Personalised recommendations