Singhal, A.
and Singapogu, S.
(2012),
Security Ontologies for Modeling Enterprise Level Risk Assessment, ACSAC 2012 Works-in-Progess, Orlando, FL, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=918926
(Accessed April 16, 2024)
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Security Ontologies for Modeling Enterprise Level Risk Assessment
Published
Author(s)
, Samuel Singapogu
Abstract
A unified formal knowledge model of information security domain is essential to support a risk management approach. IT Applications are increasingly exposed to a variety of information security threats. Often wrong decisions are made due to insufficient knowledge about the security domain, threats, possible countermeasures and the company's assets. In this paper, we have developed an Ontology for Modeling Enterprise Level Security Risk using RDF (Resource Description Framework) and OWL (Web Ontology Language). Knowledge of threats and corresponding countermeasures is integrated into this ontology framework. This ontology was applied to a test network for image management application and results are presented in this paper. The ontology was used to generate reports about enterprise level security. A unified formal knowledge model of information security domain is essential to supporting risk management.Proceedings Title
ACSAC 2012 Works-in-Progess
Conference Dates
December 3-7, 2012
Conference Location
Orlando, FL
Conference Title
2012 Annual Computer Security Applications Conference
Pub Type
Conferences
Download Paper
Keywords
countermeasures, OWL, security metrics, security risk, threats
Citation
Created December 7, 2012, Updated February 19, 2017