Formalizing information security knowledge

Proceedings of the 4th International Symposium on ACM Symposium on Information, Computer and Communications Security, ASIACCS'09

Volumn , Issue , 2009, Pages 183-194

  Fenz, Stefan ^a   Ekelhart, Andreas ^b  

^a VIENNA UNIVERSITY OF TECHNOLOGY   (Austria)

^b Secure Business Austria   (Austria)

Author keywords

Information security; Risk management; Security ontology

Indexed keywords

FORMAL KNOWLEDGE; INFORMATION SECURITY; KNOWLEDGE MODEL; ONTOLOGICAL STRUCTURES;

RISK MANAGEMENT;

ONTOLOGY;

EID: 74049147592     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1533057.1533084     Document Type: Conference Paper

References (42)

1. M. Aime, A. Atzeni, and P. Pomi. AMBRA: automated model-based risk analysis. In QoP '07: Proceedings of the 2007 ACM workshop on Quality of protection, pages 43-48, New York, NY, USA, 2007. ACM.
2. M. Alavi and D. E. Leidner. Review: Knowledge management and knowledge management systems: Conceptual foundations and research issues. MIS Quarterly, 25 (1):107-136, 2001.
3. A. Avizienis, J.-C. Laprie, B. Randell, and C. Landwehr. Basic concepts and taxonomy of dependable and secure computing. IEEE Transactions on Dependable and Secure Computing, 1 (1):11-33, January-March 2004.
4. F. Baader, D. Calvanese, D. McGuinness, D. Nardi, and P. Patel-Schneider. The Description Logic Handbook: Theory, Implementation and Applications. Cambridge University Press, January 2003.
5. F. Baader, I. Horrocks, and U. Sattler. Mechanizing Mathematical Reasoning, volume 2605/2005 of Lecture Notes in Computer Science, chapter Description Logics as Ontology Languages for the Semantic Web, pages 228-248. Springer Berlin/Heidelberg, 2005.
6. R. Baskerville. Information systems security design methods: Implications for information systems development. ACM Computing Surveys, 25 (4):375-414, December 1993.
7. M. Bishop. Computer security - art and science. Addison Wesley, 2003.
8. M. Bishop. What is computer security? IEEE Security and Privacy, 1 (1):67-69, 2003.
9. J. Brank, M. Grobelnik, and D. Mladenić. A survey of ontology evaluation techniques. In SIKDD 2005 at Multiconference IS 2005, 2005.
10. C. Brewster, H. Alani, S. Dasmahapatra, and Y. Wilks. Data driven ontology evaluation. In International Conference on Language Resources and Evaluation, 2004.
11. BSI. IT Grundschutz Manual, 2004.
12. V. K. Chaudhri, B. E. John, S. Mishra, J. Pacheco, B. Porter, and A. Spaulding. Enabling experts to build knowledge bases from science textbooks. In K-CAP '07: Proceedings of the 4th international conference on Knowledge capture, pages 159-166, New York, NY, USA, 2007. ACM.
13. DCSSI. EBIOS - Section 2 - Approach. February 2004.
14. G. Denker, L. Kagal, T. W. Finin, M. Paolucci, and K. P. Sycara. Security for DAML web services: Annotation and matchmaking. In International Semantic Web Conference, pages 335-350, 2003.
15. ENISA. Risk management: implementation principles and inventories for risk management/risk assessment methods and tools. Technical report, European Network and Information Security Agency, June 2006.
16. T. Gruber. Toward principles for the design of ontologies used for knowledge sharing. International Journal of Humam-Computer Studies, 43 (5-6):907-928, 1995.
17. A. Herzog, N. Shahmehri, and C. Duma. An ontology of information security. International Journal of Information Security and Privacy, 1 (4):1-23, October-December 2007.
18. I. Horrocks, P. Patel-Schneider, and F. van Harmelen. From SHIQ and RDF to OWL: The making of a web ontology language. Journal of Web Semantics, 1 (1):7-26, 2003.
19. ISO/IEC. ISO/IEC 27001:2005, Information technology - Security techniques - Information security management systems - Requirements, 2005.
20. P. Jrvinen. Research questions guiding selection of an appropriate research method. In Proceedings of the 8th European Conference on Information Systems, Trends in Information and Communication Systems for the 21st Century, ECIS 2000, Vienna, Austria, July 3-5, 2000, 2000.
21. C. Jung, I. Han, and B. Suh. Risk analysis for electronic commerce using case-based reasoning. International Journal of Intelligent Systems in Accounting, Finance & Management, 8:61-73, 1999.
22. M. Karyda, T. Balopoulos, L. Gymnopoulos, S. Kokolakis, C. Lambrinoudakis, S. Gritzalis, and S. Dritsas. An ontology for secure e-government applications. In ARES '06: Proceedings of the First International Conference on Availability, Reliability and Security (ARES'06), pages 1033-1037, Washington, DC, USA, 2006. IEEE Computer Society.
23. S. Kesh and P. Ratnasingam. A knowledge architecture for it security. Communications of the ACM, 50 (7):103-108, 2007.
24. A. Kim, J. Luo, and M. Kang. Security ontology for annotating resources. In OTM Conferences (2), pages 1483-1499, 2005.
25. R. Likert. A technique for the measurement of attitudes. Archives of Psychology, 140:1-55, 1932.
26. L. A. F. Martimiano and E. dos Santos Moreira. An OWL-based security incident ontology, 2005.
27. D. J. McManus and C. A. Snyder. Synergy between data warehousing and knowledge management; three industries reviewed. International Journal of Information Technology and Management, 2 (1-2):85-99, 2003.
28. NIST. An Introduction to Computer Security - The NIST Handbook. Technical report, NIST (National Institute of Standards and Technology), October 1995. Special Publication 800-12.
29. C. Patel, K. Supekar, Y. Lee, and E. Park. Ontokhoj: a semantic web portal for ontology searching, ranking and classification. In WIDM '03: Proceedings of the 5th ACM international workshop on Web information and data management, pages 58-61, New York, NY, USA, 2003. ACM Press.
30. T. Peltier. Information Security Risk Analysis. Auerbach Publications, Boca Raton, Florida, 2001. ISBN: 0-8493-0880-1.
31. PITAC. Cyber security: A crisis of prioritization - report to the president. Technical report, President's Information Technology Advisory Committee, February 2005.
32. V. Raskin, C. F. Hempelmann, K. E. Triezenberg, and S. Nirenburg. Ontology in information security: a useful theoretical foundation and methodological tool. In NSPW '01: Proceedings of the 2001 workshop on New security paradigms, pages 53-59, New York, NY, USA, 2001. ACM Press.
33. M. Schumacher. Security Engineering with Patterns - Origins, Theoretical Model, and New Applications. Springer, 2003.
34. R. Shirey. RFC 2828 - internet security glossary, May 2000.
35. S. Smith and E. Spafford. Grand challenges in information security: Process and output. IEEE Security & Privacy, 2 (1):69-71, 2004.
36. G. Stoneburner, A. Goguen, and A. Feringa. Risk management guide for information technology systems. NIST Special Publication 800-30, National Institute of Standards and Technology (NIST), Gaithersburg, MD 20899-8930, July 2002.
37. D. Straub and R. Welke. Coping with systems risk: Security planning models for management decision making. MIS Quarterly, 22 (4):441-469, December 1998.
38. United Nations. United Nations Standard Products and Services Code, 2006.
39. M. Uschold and M. Grninger. Ontologies: Principles, methods and applications. Knowledge Engineering Review, 11 (2):93-155, 1996.
40. W3C. OWL - web ontology language, February 2004.
41. W3C. SPARQL - query language for RDF, 2007.
42. M. Whitman. Enemy at the gate: threats to information security. Communications of the ACM, 46 (8):91-95, 2003.