Title :
Security Ontologies: Improving Quantitative Risk Analysis
Author :
Ekelhart, Andreas ; Fenz, Stefan ; Klemen, Markus ; Weippl, Edgar
Author_Institution :
Secure Bus. Austria-Security Res., Vienna
Abstract :
IT-security has become a much diversified field and small and medium sized enterprises (SMEs), in particular, do not have the financial ability to implement a holistic IT-security approach. We thus propose a security ontology, to provide a solid base for an applicable and holistic IT-security approach for SMEs, enabling low-cost risk management and threat analysis. Based on the taxonomy of computer security and dependability by Landwehr, a heavy-weight ontology can be used to organize and systematically structure knowledge on threats, safeguards, and assets. Using this ontology, each threat scenario can be simulated with a different protection profile as to evaluate the effectiveness and the cost/benefit ratio of individual safeguards
Keywords :
ontologies (artificial intelligence); risk analysis; security of data; small-to-medium enterprises; IT-security; quantitative risk analysis; risk management; security ontology; small and medium sized enterprise; Computational modeling; Computer security; Ontologies; Protection; Risk analysis; Risk management; Solids; Taxonomy; Terminology; Vocabulary;
Conference_Titel :
System Sciences, 2007. HICSS 2007. 40th Annual Hawaii International Conference on
Conference_Location :
Waikoloa, HI
Electronic_ISBN :
1530-1605
DOI :
10.1109/HICSS.2007.478
