Ontological Mapping of Information Security Best-Practice Guidelines

S. Fenz, T. Pruckner, A. Manutscheri:
"Ontological Mapping of Information Security Best-Practice Guidelines";
Vortrag: 12th International Conference on Business Information Systems, BIS 2009, Poznan, Poland; 27.04.2009 - 29.04.2009; in:"Proceedings of the 12th International Conference on Business Information Systems", (2009), S. 49 - 60.

[ Publication Database ]

Abstract:


Due to a rapid growth in the use of electronic data processing and networking, an information security management system with a holistic and widespread view becomes more and more important for any kind of organization. The fundamental challenge for such systems is the representation and management of information security knowledge. While information security ontologies already exist, no methods have been proposed to map existing best-practice guidelines or information security standards to an existing ontology. Therefore, this paper presents a method for mapping the information security knowledge of the French EBIOS standard and the German IT Grundschutz Manual to a OWL-DL security ontology. Applying the introduced method allows to reuse existing information security knowledge bases and to map them to open and standardized data structures which can be easily reused by organizations and developers to support their existing information security management systems.