Skip to main content

Ontologies for information security management and governance

Buy Article:

$38.33 plus tax (Refund Policy)

Purpose ‐ This paper aims to show the difficulties involved in dealing with the quantity, diversity and the lack of semantics security information. It seeks to propose the use of ontologies to tackle the problem. Design/methodology/approach ‐ The paper describes the general methodology to create security ontologies and illustrates the case with the design and validation of two ontologies: system vulnerabilities and security incidents. Findings ‐ Two examples of ontologies, one related to systems vulnerability and the other related to security incidents (designed to illustrate this proposal) are described. The portability/reusability propriety is demonstrated, inferring that the information structured at lower levels (by security management tools and people) can be successfully used and understood at higher levels (by security governance tools and people). Research limitations/implications ‐ Work in the area of managing privacy policies, risk assessment and mitigation management, as well as CRM, business alignment and business intelligence, could be greatly eased by using an ontology to properly define the concepts involved in the area. Practical implications ‐ Ontologies can facilitate the interoperability among different security tools, creating a unique way to represent security data and allow the security data from any security tool (for instance, Snort) to be mapped into an ontology, such as the security incident one described in the paper. An example showing how the two ontologies could be plugged into a high level decision-making system is described at the end. Originality/value ‐ Although several previous papers examined the value of using ontologies to represent security information, this one looks at their properties for a possible integrated use of management and governance tools.
No Reference information available - sign in for access.
No Citation information available - sign in for access.
No Supplementary Data.
No Article Media
No Metrics

Keywords: Data security; Governance; Knowledge management

Document Type: Research Article

Publication date: 2008-06-06

  • Access Key
  • Free content
  • Partial Free content
  • New content
  • Open access content
  • Partial Open access content
  • Subscribed content
  • Partial Subscribed content
  • Free trial content
Cookie Policy
Cookie Policy
Ingenta Connect website makes use of cookies so as to keep track of data that you have filled in. I am Happy with this Find out more