Security Ontologies: Improving Quantitative Risk Analysis

Ekelhart, Andreas; Fenz, Stefan; Klemen, Markus; Weippl, Edgar

doi:10.1109/hicss.2007.478

Cited by 66 publications

(54 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…First, we remind the reader that ontologies have previously been used to help augment use cases with semantic information in software development, computer security, and elearning [2,5,15]. Since these previous work showed that ontologies can help improve finding information, we introduce our first hypothesis: Hypothesis 1.…”

Section: Hypotheses Developmentmentioning

confidence: 99%

“…Ontologies have also been used to help augment use cases with semantic information in software development [2], computer security [5], and elearning [15]. These ontologies have been creating using various methods such as activity theory [11], simply extending existing ontologies [2,15], and extending taxonomies [5].…”

Section: Ontologies In Ismentioning

confidence: 99%

“…These ontologies have been creating using various methods such as activity theory [11], simply extending existing ontologies [2,15], and extending taxonomies [5].…”

Section: Ontologies In Ismentioning

confidence: 99%

See 2 more Smart Citations

An Ontological Approach to Misinformation: Quickly Finding Relevant Information

Hicks

2017

Proceedings of the 50th Hawaii International Conference on System Sciences (2017)

View full text Add to dashboard Cite

show abstract

Section: Hypotheses Developmentmentioning

confidence: 99%

Section: Ontologies In Ismentioning

confidence: 99%

See 1 more Smart Citation

An Ontological Approach to Misinformation: Quickly Finding Relevant Information

Hicks

2017

Proceedings of the 50th Hawaii International Conference on System Sciences (2017)

View full text Add to dashboard Cite

show abstract

“…However, it is based on some impractical assumptions. Ekelhart [9] uses security ontology to improve quantitative risk analysis and promote the common understanding of the involved risk factors. However, it is not sufficient to identify how these risk factors can contribute to the entire risk assessment process.…”

Section: Related Workmentioning

confidence: 99%

Probabilistic Risk Assessment for Security Requirements: A Preliminary Study

Lee

2011

2011 Fifth International Conference on Secure Software Integration and Reliability Improvement

View full text Add to dashboard Cite

-Risk assessment is a critical decision making process during the Security Certification and Accreditation (C&A) process. However, existing infrastructure-wide C&A processes in real world are challenged by the ever increasing complexity of information systems and their diverse socio-technical operational environments. The lack of an explicit model and the associated uncertainties of software behavior are two main reasons that directly impact the effectiveness of risk assessment as well as the subjective decisions made based on the different level of domain expertise. In this paper, we propose a method for a probabilistic modeldriven risk assessment on security requirements. The security requirements and their causal relationships are represented using MEBN (Multi-Entities Bayesian Networks) logic that constructs an explicit formal risk assessment model that supports evidence-driven arguments. The proposed approach is described by using real-world C&A scenarios to show not only its feasibility for security requirements risk assessment but also its effectiveness for the sensitivity analysis to identify critical influences among information entities in a complex and uncertain operational environment.

show abstract

“…Our prototype named AURUM 1 is based on previous work (cf. [20]- [23] for the concept of the security ontology and [24]- [26] for interactive decision support). Beside introducing this new risk management approach, we provide a comparison of AURUM with CRISAM 2 and the GSTool 3 and itemize for each step how our approach performs in terms of usability, time exposure for conducting the entire risk management process, completeness of the threat/vulnerability identification and the control recommendations, and the granularity of control implementation suggestions.…”

Section: Introductionmentioning

confidence: 99%

AURUM: A Framework for Information Security Risk Management

Ekelhart

Fenz

Neubauer

2009

2009 42nd Hawaii International Conference on System Sciences

View full text Add to dashboard Cite

Abstract-As companies are increasingly exposed to a variety of information security threats, they are permanently forced to pay attention to security issues. Risk management provides an effective approach for measuring the security through risk assessment, risk mitigation and evaluation. Existing risk management approaches are highly accepted but demand very detailed knowledge about the IT security domain and the actual company environment. This paper presents AURUM -a new methodology for supporting the NIST SP 800-30 risk management standard -and provides a comparison with the GSTool and CRISAM in order to highlight the benefits decision makers may expect when using AURUM.

show abstract

Security Ontologies: Improving Quantitative Risk Analysis

Cited by 66 publications

References 3 publications

An Ontological Approach to Misinformation: Quickly Finding Relevant Information

An Ontological Approach to Misinformation: Quickly Finding Relevant Information

Probabilistic Risk Assessment for Security Requirements: A Preliminary Study

AURUM: A Framework for Information Security Risk Management

Contact Info

Product

Resources

About