Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Security Ontologies for Modeling Enterprise Level Risk Assessment

Published

Author(s)

Anoop Singhal, Samuel Singapogu

Abstract

A unified formal knowledge model of information security domain is essential to support a risk management approach. IT Applications are increasingly exposed to a variety of information security threats. Often wrong decisions are made due to insufficient knowledge about the security domain, threats, possible countermeasures and the company's assets. In this paper, we have developed an Ontology for Modeling Enterprise Level Security Risk using RDF (Resource Description Framework) and OWL (Web Ontology Language). Knowledge of threats and corresponding countermeasures is integrated into this ontology framework. This ontology was applied to a test network for image management application and results are presented in this paper. The ontology was used to generate reports about enterprise level security. A unified formal knowledge model of information security domain is essential to supporting risk management.
Proceedings Title
ACSAC 2012 Works-in-Progess
Conference Dates
December 3-7, 2012
Conference Location
Orlando, FL
Conference Title
2012 Annual Computer Security Applications Conference

Keywords

countermeasures, OWL, security metrics, security risk, threats

Citation

Singhal, A. and Singapogu, S. (2012), Security Ontologies for Modeling Enterprise Level Risk Assessment, ACSAC 2012 Works-in-Progess, Orlando, FL, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=918926 (Accessed December 4, 2024)

Issues

If you have any questions about this publication or are having problems accessing it, please contact reflib@nist.gov.

Created December 7, 2012, Updated February 19, 2017