Sciweavers

HICSS
2007
IEEE

Security Ontologies: Improving Quantitative Risk Analysis

14 years 6 months ago
Security Ontologies: Improving Quantitative Risk Analysis
— IT-security has become a much diversified field and small and medium sized enterprises (SMEs), in particular, do not have the financial ability to implement a holistic IT-security approach. We thus propose a security ontology, to provide a solid base for an applicable and holistic IT-security approach for SMEs, enabling low-cost risk management and threat analysis. Based on the taxonomy of computer security and dependability by Landwehr [1], a heavy-weight ontology can be used to organize and systematically structure knowledge on threats, safeguards, and assets. Using this ontology, each threat scenario can be simulated with a different protection profile as to evaluate the effectiveness and the cost/benefit ratio of individual safeguards.
Andreas Ekelhart, Stefan Fenz, Markus D. Klemen, E
Added 02 Jun 2010
Updated 02 Jun 2010
Type Conference
Year 2007
Where HICSS
Authors Andreas Ekelhart, Stefan Fenz, Markus D. Klemen, Edgar Weippl
Comments (0)