Abstract
Due to a rapid growth in the use of electronic data processing and networking, an information security management system with a holistic and widespread view becomes more and more important for any kind of organization. The fundamental challenge for such systems is the representation and management of information security knowledge. While information security ontologies already exist, no methods have been proposed to map existing best-practice guidelines or information security standards to an existing ontology. Therefore, this paper presents a method for mapping the information security knowledge of the French EBIOS standard and the German IT Grundschutz Manual to a OWL-DL security ontology. Applying the introduced method allows to reuse existing information security knowledge bases and to map them to open and standardized data structures which can be easily reused by organizations and developers to support their existing information security management systems.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
BERR. 2008 information security breaches survey. Technical report, Department for Business Enterprise and Regulatory Reform (BERR) (April 2008)
Brank, J., Grobelnik, M., Mladenić, D.: A survey of ontology evaluation techniques. In: SIKDD 2005 at Multiconference IS 2005 (2005)
Brewster, C., Alani, H., Dasmahapatra, S., Wilks, Y.: Data driven ontology evaluation. In: International Conference on Language Resources and Evaluation (2004)
BSI. IT Grundschutz Manual (2004)
DCSSI. Expression des Besoins et Identification des Objectifs de Sécurité (EBIOS) - Section 2 - Approach. General Secretariat of National Defence Central Information Systems Security Division (DCSSI) (February 2004)
Fenz, S., Ekelhart, A.: Formalizing information security knowledge. In: ASIACCS 2009: Proceedings of the 2009 ACM symposium on Information, computer and communications security. ACM, New York (2009)
Herzog, A., Shahmehri, N., Duma, C.: An ontology of information security. International Journal of Information Security and Privacy 1(4), 1–23 (2007)
NIST. An Introduction to Computer Security - The NIST Handbook. Technical report, NIST (National Institute of Standards and Technology), Special Publication 800-12 (October 1995)
Patel, C., Supekar, K., Lee, Y., Park, E.: Ontokhoj: a semantic web portal for ontology searching, ranking and classification. In: WIDM 2003: Proceedings of the 5th ACM international workshop on Web information and data management, pp. 58–61. ACM Press, New York (2003)
PITAC. Cyber security: A crisis of prioritization - report to the president. Technical report, President’s Information Technology Advisory Committee (February 2005)
PWC. 2006 information security breaches survey 2006. Technical report, PriceWaterhouseCoopers (2006)
Schumacher, M.: Security Engineering with Patterns - Origins, Theoretical Model, and New Applications. Springer, Heidelberg (2003)
Uschold, M., Grüninger, M.: Ontologies: Principles, methods and applications. Knowledge Engineering Review 11(2), 93–155 (1996)
W3C. OWL - web ontology language (February 2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Fenz, S., Pruckner, T., Manutscheri, A. (2009). Ontological Mapping of Information Security Best-Practice Guidelines. In: Abramowicz, W. (eds) Business Information Systems. BIS 2009. Lecture Notes in Business Information Processing, vol 21. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-01190-0_5
Download citation
DOI: https://doi.org/10.1007/978-3-642-01190-0_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-01189-4
Online ISBN: 978-3-642-01190-0
eBook Packages: Computer ScienceComputer Science (R0)