Security Ontology: Simulating Threats to Corporate Assets

M. Klemen,E. Weippl, A. Ekelhart, S. Fenz:
"Security Ontology: Simulating Threats to Corporate Assets";
Vortrag: ICISS 2006, Calcutta; 19.12.2006 - 21.12.2006; in:"Proceedings of the 2nd International Conference on Information Systems Security(ICISS 2006)", Springer, (2006), ISBN: 3-540-68962-1; S. 249 - 259.

[ Publication Database ]

Abstract:


Threat analysis and mitigation, both essential for corporate security, are time consuming, complex and demand expert knowledge. We present an approach for simulating threats to corporate assets, taking the entire infrastructure into account. Using this approach effective countermeasures and their costs can be calculated quickly without expert knowledge and a subsequent security decisions will be based on objective criteria. The ontology used for the simulation is based on Landwehr´s [ALRL04] taxonomy of computer security and dependability.