Ontology- and Bayesian-based Threat Probability Determination

S. Fenz, A. Tjoa:
"Ontology- and Bayesian-based Threat Probability Determination";
Vortrag: Junior Scientist Conference 2008, Wien; 16.11.2008 - 18.11.2008; in:"Proceedings of the Junior Scientist Conference 2008", (2008), ISBN: 978-3-200-01612-5; S. 69 - 70.

[ Publication Database ]


Information security risk management is crucial for ensuring long-term business success and thus numerous approaches to implementing an adequate information security risk management strategy have been proposed. The subjective threat probability determination is one of the main reasons for an inadequate information security strategy endangering the organization in performing its mission. To address the problem this research project proposes an ontology- and Bayesian-based approach for determining asset-specific and comprehensible threat probabilities. The elaborated concepts enable risk managers to comprehensibly quantify the current security status of their organization.