Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content
Springer Nature Link
Log in

Security Ontology: Simulating Threats to Corporate Assets

  • Conference paper
Information Systems Security (ICISS 2006)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 4332))

Included in the following conference series:

Abstract

Threat analysis and mitigation, both essential for corporate security, are time consuming, complex and demand expert knowledge. We present an approach for simulating threats to corporate assets, taking the entire infrastructure into account. Using this approach effective countermeasures and their costs can be calculated quickly without expert knowledge and a subsequent security decisions will be based on objective criteria. The ontology used for the simulation is based on Landwehr’s [ALRL04] taxonomy of computer security and dependability.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Avizienis, A., Laprie, J.-C., Randell, B., Landwehr, C.E.: Basic concepts and taxonomy of dependable and secure computing. IEEE Trans. Dependable Sec. Comput. 1(1), 11–33 (2004)

    Article  Google Scholar 

  2. It-grundschutzhandbuch (2004), http://www.bsi.de/gshb/deutsch/download/GSHB2004.pdf

  3. Cobit (2006), http://www.isaca.org/

  4. Donner, M.: Toward a security ontology. IEEE Security and Privacy 1(3), 6–7 (2003)

    Google Scholar 

  5. eclass (2006), http://www.eclass.de/

  6. Gómez-Pérez, A., Fernández-López, M., Corcho, O.: Ontological Engineering, 1st edn. Springer, London (2004)

    Google Scholar 

  7. Iso17799 (2006), http://www.iso.org/

  8. Landwehr, C.E., Bull, A.R., McDermott, J.P., Choi, W.S.: A taxonomy of computer program security flaws. ACM Comput. Surv. 26(3), 211–254 (1994)

    Article  Google Scholar 

  9. Owl web ontology language (2004), http://www.w3.org/TR/owl-features/

  10. The protege ontology editor and knowledge acquisition system (2005), http://protege.stanford.edu/

Download references

Author information

Authors and Affiliations

  1. Secure Business Austria — Security Research, Favoritenstraße 16, A-1040, Vienna, Austria

    Andreas Ekelhart, Stefan Fenz, Markus D. Klemen & Edgar R. Weippl

Authors
  1. Andreas Ekelhart
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Stefan Fenz
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Markus D. Klemen
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Edgar R. Weippl
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Indian Statistical Institute, Computer and Statistical Service Center, 203, B.T. Road, 700108, Kolkata, India

    Aditya Bagchi

  2. MSIS Department and CIMIC, Rutgers University, USA

    Vijayalakshmi Atluri

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Ekelhart, A., Fenz, S., Klemen, M.D., Weippl, E.R. (2006). Security Ontology: Simulating Threats to Corporate Assets. In: Bagchi, A., Atluri, V. (eds) Information Systems Security. ICISS 2006. Lecture Notes in Computer Science, vol 4332. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11961635_17

Download citation

  • DOI: https://doi.org/10.1007/11961635_17

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-68962-1

  • Online ISBN: 978-3-540-68963-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation