Formalizing information security knowledge

S. Fenz, A. Ekelhart:
"Formalizing information security knowledge";
Vortrag: ACM Symposium on Information, Computer&Communication Security (ASIACCS 2009), Sydney, Australia; 10.03.2009 - 12.03.2009; in:"Proceedings of the 2009 ACM symposium on Information, computer and communications security", (2009), S. 183 - 194.

[ Publication Database ]

Abstract:


Unified and formal knowledge models of the information security domain are fundamental requirements for supporting and enhancing existing risk management approaches. This paper describes a security ontology which provides an ontological structure for information security domain knowledge. Besides existing best-practice guidelines such as the German IT Grundschutz Manual also concrete knowledge of the considered organization is incorporated. An evaluation conducted by an information security expert team has shown that this knowledge model can be used to support a broad range of information security risk management approaches.