Abstract
We propose a security ontology, to provide a solid base for an applicable and holistic IT-Security approach for SMEs, enabling low-cost threat analysis. Based on the taxonomy of computer security and dependability by Landwehr [ALRL04] and the threat classification according to Peltier [Pel01], a heavy-weight ontology can be used to organize and systematically structure knowledge on threats, safeguards, and assets. The ontology is used in an organization to capture business knowledge required for and created during a security risk analysis where instances of concepts are added to the ontology to allow the simulation of different attack and disaster scenarios. Each scenario can be replayed with a different protection profile as to evaluate the effectiveness and the cost/benefit ratio of individual safeguards.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Avizienis, A., Laprie, J.-C., Randell, B., Landwehr, C.E.: Basic concepts and taxonomy of dependable and secure computing. IEEE Trans. Dependable Sec. Comput. 1(1), 11–33 (2004)
Cobit (2006), http://www.isaca.org/
Donner, M.: Toward a security ontology. IEEE Security and Privacy 1(3), 6–7 (2003)
Hauser, H.E.: Smes in germany, facts and figures 2000. Institut für Mittelstandsforschung, Bonn (2000)
Iso17799 (2006), http://www.iso.org/
Owl web ontology language (2004), http://www.w3.org/TR/owl-features/
Peltier, T.R.: Information Security Risk Analysis Boca Raton. Auerbach Publications, Boca Raton, Florida (2001)
The protege ontology editor and knowledge acquisition system (2005), http://protege.stanford.edu/
Sparql query language for rdf (2006), http://www.w3.org/TR/rdf-sparql-query/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ekelhart, A., Fenz, S., Klemen, M.D., Tjoa, A.M., Weippl, E.R. (2006). Ontology-Based Business Knowledge for Simulating Threats to Corporate Assets. In: Reimer, U., Karagiannis, D. (eds) Practical Aspects of Knowledge Management. PAKM 2006. Lecture Notes in Computer Science(), vol 4333. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11944935_4
Download citation
DOI: https://doi.org/10.1007/11944935_4
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-49998-5
Online ISBN: 978-3-540-49999-2
eBook Packages: Computer ScienceComputer Science (R0)