skip to main content
10.1145/1852666.1852731acmotherconferencesArticle/Chapter ViewAbstractPublication PagescsiirwConference Proceedingsconference-collections
research-article

Ontologies for modeling enterprise level security metrics

Published: 21 April 2010 Publication History

Abstract

Currently, it is difficult to answer simple questions such as "are we more secure than yesterday" or "how should we invest our limited security budget." Decision makers in other areas of business and engineering often use metrics for determining whether a projected return on investment justifies its costs. Spending for new cyber-security measures is such an investment. Therefore, security metrics [1] that can quantify the overall risk in an enterprise system are essential in making sensible decisions in security management.

Supplementary Material

Supplemental material. (a58-singhal_slides.pdf)

References

[1]
Jaquith, Security Metrics: Replacing Fear, Uncertainty, and Doubt, Addison Wesley, 2007.
[2]
W3C (2004) OWL Web Ontology Language Overview. http://www.w3.org/TR/owl-features
[3]
"The protégé ontology editor and knowledge acquisition system", http://protege.stanford.edy/ 2005.
[4]
Kim, J. Luo and M. Kang, "Security Ontology for Annotating Resources, 4th International Conference on Ontologies, Databases and Applications 2005, Cyprus.
[5]
G. Denker, Kagal L., and Finnin T., "Security in the Semantic Web using OWL, Information Security Technical Report, 2005, 10(1): pp. 51--58.
[6]
G. Dobson and P. Sawyer, "Revisiting Ontology-Based Requirements Engineering in the Age of Semantic Web", Workshop on Dependable Requirements Engineering of Computerized Systems, Institute of Energy Technology, Halden 2006.
[7]
J. Undercoffer, A. Joshi, and J. Pinkston, Modeling Computer Attacks: An Ontology for Intrusion Detection in the Sixth International Symposium on Recent Advances in Intrusion Detection, 2003.

Cited By

View all
  • (2022)Comprehensive Comparison of Security Measurement ModelsJournal of Applied Security Research10.1080/19361610.2021.198108918:3(333-401)Online publication date: 10-Feb-2022
  • (2021)Towards an Automatic Approach to the Design of A Generic Ontology for Information Security2021 Reconciling Data Analytics, Automation, Privacy, and Security: A Big Data Challenge (RDAAPS)10.1109/RDAAPS48126.2021.9452006(1-8)Online publication date: 18-May-2021
  • (2021)An Ontology for Privacy Requirements via a Systematic Literature ReviewJournal on Data Semantics10.1007/s13740-020-00116-59:4(123-149)Online publication date: 7-Jan-2021
  • Show More Cited By

Index Terms

  1. Ontologies for modeling enterprise level security metrics

      Recommendations

      Comments

      Information & Contributors

      Information

      Published In

      cover image ACM Other conferences
      CSIIRW '10: Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research
      April 2010
      257 pages
      ISBN:9781450300179
      DOI:10.1145/1852666
      Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      Published: 21 April 2010

      Permissions

      Request permissions for this article.

      Check for updates

      Author Tags

      1. attack graphs
      2. security metrics
      3. security risk

      Qualifiers

      • Research-article

      Conference

      CSIIRW '10

      Contributors

      Other Metrics

      Bibliometrics & Citations

      Bibliometrics

      Article Metrics

      • Downloads (Last 12 months)9
      • Downloads (Last 6 weeks)1
      Reflects downloads up to 20 Jan 2025

      Other Metrics

      Citations

      Cited By

      View all
      • (2022)Comprehensive Comparison of Security Measurement ModelsJournal of Applied Security Research10.1080/19361610.2021.198108918:3(333-401)Online publication date: 10-Feb-2022
      • (2021)Towards an Automatic Approach to the Design of A Generic Ontology for Information Security2021 Reconciling Data Analytics, Automation, Privacy, and Security: A Big Data Challenge (RDAAPS)10.1109/RDAAPS48126.2021.9452006(1-8)Online publication date: 18-May-2021
      • (2021)An Ontology for Privacy Requirements via a Systematic Literature ReviewJournal on Data Semantics10.1007/s13740-020-00116-59:4(123-149)Online publication date: 7-Jan-2021
      • (2020)Analysing Information Security Risk OntologiesInternational Journal of Systems and Software Security and Protection10.4018/IJSSSP.202001010111:1(1-16)Online publication date: 1-Jan-2020
      • (2020)AVARCIBER: a framework for assessing cybersecurity risksCluster Computing10.1007/s10586-019-03034-9Online publication date: 1-Jan-2020
      • (2020)A Holistic Approach for Privacy Requirements Analysis: An Industrial Case StudyVisual Privacy Management10.1007/978-3-030-59944-7_2(22-53)Online publication date: 14-Oct-2020
      • (2018)Review into State of the Art of Vulnerability Assessment using Artificial IntelligenceGuide to Vulnerability Analysis for Computer Networks and Systems10.1007/978-3-319-92624-7_1(3-32)Online publication date: 5-Sep-2018
      • (2017)Security Vulnerability Analysis using Ontology-based Attack Graphs2017 14th IEEE India Council International Conference (INDICON)10.1109/INDICON.2017.8488002(1-5)Online publication date: Dec-2017
      • (2017)Towards an Ontology for Privacy Requirements via a Systematic Literature ReviewConceptual Modeling10.1007/978-3-319-69904-2_16(193-208)Online publication date: 21-Oct-2017
      • (2017)A Survey of Security Assessment OntologiesRecent Advances in Information Systems and Technologies10.1007/978-3-319-56535-4_17(166-173)Online publication date: 28-Mar-2017
      • Show More Cited By

      View Options

      Login options

      View options

      PDF

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader

      Media

      Figures

      Other

      Tables

      Share

      Share

      Share this Publication link

      Share on social media