Title :
Ontology Based Modeling for Information Security Management
Author :
Saha, Partha ; Parameswaran, Nandan ; Ray, Pradeep ; Mahanti, Ambuj
Author_Institution :
Manage. Inf. Syst. Group, Indian Inst. of Manage., Calcutta, Kolkata, India
Abstract :
Interconnected network centric environment is governed by a complex web of regulatory standards across wide geographical boundaries. With increasing trend of globalization and e-governance initiatives sweeping across different industrial sectors the multi-national corporations are forced to conform to multiple government regulations demanded by numerous stakeholders comprising regulatory authorities, legal entities, consumer forum and partners. In a heterogeneous, multi-regulated, multi-disciplined and global environment, corporations are often required to adhere to more than one standard and best practice method. Compliance auditing (CA) is the process that identifies and analyses any misalignment and non-compliance of the organization´s rules and policies vis-a-vis government regulations. A distinct challenge in compliance auditing is the repetitive, resource intensive process of identifying non-compliant organizational issues based on company policies, controls or industrial standards. In this paper, we propose a framework for building a multi-agent information model that captures the notion of compliance semantics and presents it using ontology. We further present a methodology for computing the compliance metric of organizational practices with regulatory standards/ requirements capturing the relevance of the ontological concepts using fuzzy weights for estimating the compliance.
Keywords :
business data processing; fuzzy set theory; ontologies (artificial intelligence); organisational aspects; public administration; security of data; standards; best practice method; compliance auditing; e-governance initiatives; fuzzy weights; geographical boundaries; globalization; industrial sectors; information security management; interconnected network centric environment; multiagent information model; multinational corporations; noncompliant organizational issues; ontology based modeling; organization rules; regulatory authorities; regulatory standards; vis-a-vis government regulations; Calculus; Information security; Measurement; Organizations; Risk management; Standards organizations; Agent Based System; Compliance Measurement; IT Governance; Information Securiy; Ontology; Semantic Modelling;
Conference_Titel :
Dependable, Autonomic and Secure Computing (DASC), 2011 IEEE Ninth International Conference on
Conference_Location :
Sydney, NSW
Print_ISBN :
978-1-4673-0006-3
DOI :
10.1109/DASC.2011.37