Along with the development of information technology and internet, a lot of modern technology methods and tools are used to management. Therefore, it is an important discussion to information security risk management. In this paper, we buring up an ontology structure of information security risk management, and among them are the ontology-based UPML approach proposed. It is componed of three parts: Domain ontology, Task ontology, and Resolution ontology. This structure is established by Protégé 3.1, and its purpose is adopt ontology technology made early, so that the expert knowledge in intrusion detection, network safety techniques, security policies, etc. can be modeled, stored, shared as well as later queried.
Keywords: Ontology, Information Security, Risk Management, Propose and Revise
REFERENCES
[1] BSI.BRITISH STANDARD. BS 7799-2 (2002).
[2] Mario Bunge, Ontology: The Furniture of the World. Vol. 3, Treatise on Basic Philosophy (1977).
[3] Swartout, W. and Tate, A., Ontologies, IEEE Intelligent Systems, Jan-Feb, pp. 1819 (1999).
[4] Lu, H.-H. and Liu, F.-H., An Ontology-Based Architecture Applied to Fault Diagnosis Thesis, Graduate School of National Defense Information National Defense Management College, National Defense University (2002).
[5] Rudi Studer, V. Richard Benjamins and Dieter Fensel, Knowledge Engineering: Principles and Methods, Data and Knowledge Engineering, Vol. 25, pp. 161197, (1998).
[6] Ekelhart, A., Fenz, S., Goluch, G. and Weippl, E., Ontological Mapping of Common Criteria’s Security Assurance Requirements, 22nd IFIP TC-11 International Information Security Conference (IFIPSEC’07) (2007).
[7] Fridman Noy, N. and Musen, M. A., SMART: Automated Support for Ontology Merging and Alignment, In Proceedings of the Twelfth Banff Workshop on Knowledge Acquisition, Modeling and Management, Banff, Alberta (1999).
[8] Pinto, H. Sofia, Gómez-Pérez, A. and Martins, J. P., Some Issues on Ontology Integration, In Proceedings of IJCAI99’s Workshop on Ontologies and Problem Solving Methods: Lessons Learned and Future Trends, pp. 7.17.12 (1999).
[9] ISMS, Information Security Management System, ISO/IEC 7001 (2005).
[10] The Protégé 3.1 platform was developed by Stanford Center for Biomedical Informatics Research, http:// protege.stanford.edu.
[11] Fensel, D., Motta, E., Benjamins, V. R., Crubezy, M. and Decker, S., et al., The Unified Problem-Solving Method Development Language UPML, http://www. cs.vu.nl/dieter/ftp/spool/upml.journal.pdf.
[12] Kenneth G. McGee, Heads Up, Harvard Business School Publishing (2004).
[13] Liang, S.-L., Liu, F.-H. and Lee, W.-T., The Method and Application of Network Security Management Model Base the View from Vision to Execution, Department of Information Management of NDUSM, Papers of Master (2005).
We use cookies on this website to personalize content to improve your user experience and analyze our traffic. By using this site you agree to its use of cookies.
