Security Ontology: Simulating Threats to Corporate Assets

Ekelhart, Andreas; Fenz, Stefan; Klemen, Markus D.; Weippl, Edgar R.

doi:10.1007/11961635_17

Andreas Ekelhart¹⁸,
Stefan Fenz¹⁸,
Markus D. Klemen¹⁸ &
…
Edgar R. Weippl¹⁸

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 4332))

Included in the following conference series:

International Conference on Information Systems Security

1080 Accesses
16 Citations

Abstract

Threat analysis and mitigation, both essential for corporate security, are time consuming, complex and demand expert knowledge. We present an approach for simulating threats to corporate assets, taking the entire infrastructure into account. Using this approach effective countermeasures and their costs can be calculated quickly without expert knowledge and a subsequent security decisions will be based on objective criteria. The ontology used for the simulation is based on Landwehr’s [ALRL04] taxonomy of computer security and dependability.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Avizienis, A., Laprie, J.-C., Randell, B., Landwehr, C.E.: Basic concepts and taxonomy of dependable and secure computing. IEEE Trans. Dependable Sec. Comput. 1(1), 11–33 (2004)
Article Google Scholar
It-grundschutzhandbuch (2004), http://www.bsi.de/gshb/deutsch/download/GSHB2004.pdf
Cobit (2006), http://www.isaca.org/
Donner, M.: Toward a security ontology. IEEE Security and Privacy 1(3), 6–7 (2003)
Google Scholar
eclass (2006), http://www.eclass.de/
Gómez-Pérez, A., Fernández-López, M., Corcho, O.: Ontological Engineering, 1st edn. Springer, London (2004)
Google Scholar
Iso17799 (2006), http://www.iso.org/
Landwehr, C.E., Bull, A.R., McDermott, J.P., Choi, W.S.: A taxonomy of computer program security flaws. ACM Comput. Surv. 26(3), 211–254 (1994)
Article Google Scholar
Owl web ontology language (2004), http://www.w3.org/TR/owl-features/
The protege ontology editor and knowledge acquisition system (2005), http://protege.stanford.edu/

Download references

Author information

Authors and Affiliations

Secure Business Austria — Security Research, Favoritenstraße 16, A-1040, Vienna, Austria
Andreas Ekelhart, Stefan Fenz, Markus D. Klemen & Edgar R. Weippl

Authors

Andreas Ekelhart
View author publications
You can also search for this author in PubMed Google Scholar
Stefan Fenz
View author publications
You can also search for this author in PubMed Google Scholar
Markus D. Klemen
View author publications
You can also search for this author in PubMed Google Scholar
Edgar R. Weippl
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Indian Statistical Institute, Computer and Statistical Service Center, 203, B.T. Road, 700108, Kolkata, India
Aditya Bagchi
MSIS Department and CIMIC, Rutgers University, USA
Vijayalakshmi Atluri

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Ekelhart, A., Fenz, S., Klemen, M.D., Weippl, E.R. (2006). Security Ontology: Simulating Threats to Corporate Assets. In: Bagchi, A., Atluri, V. (eds) Information Systems Security. ICISS 2006. Lecture Notes in Computer Science, vol 4332. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11961635_17

Download citation

DOI: https://doi.org/10.1007/11961635_17
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-68962-1
Online ISBN: 978-3-540-68963-8
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics