Towards the Ontology of ISO/IEC 27005: 2011 Risk Management Standard

The purpose of this paper is to present a solution to manage the concepts related to ISO/IEC 27005:2011 standard in such a way that different stakeholders could access and understand them without misleading their meanings. This paper presents an ontology to structure and organize core concepts of risk assessment phase of ISO/IEC 27005:2011 standard. The method of ontology development ontology follows seven steps guideline. A case scenario of a health clinic is developed to apply the proposed ontology where each entity and relation of the ontology is described. The paper provides a reference point for professionals and researchers by presenting an ontology to describe various concepts of ISO/IEC 27005:2011 in the field of information security risk management.

[1]  Mirko Čubrilo,et al.  Ontology in Information Security , 2015 .

[2]  Marc Ehrig,et al.  Ontology Alignment: Bridging the Semantic Gap , 2006 .

[3]  I. Hogganvik,et al.  Model-based security analysis in seven steps — a guided tour to the CORAS method , 2007 .

[4]  Ivar Jacobson,et al.  Unified Modeling Language User Guide, The (2nd Edition) (Addison-Wesley Object Technology Series) , 2005 .

[5]  Dieter Fensel,et al.  Knowledge Acquisition, Modeling and Management: 11th European Workshop, EKAW'99, Dagstuhl Castle, Germany, May 26-29, 1999, Proceedings , 1999 .

[6]  Fabio Sartori,et al.  Metadata and Semantic Research - Third International Conference, MTSR 2009, Milan, Italy, October 1-2, 2009. Proceedings , 2009, MTSR.

[7]  Ming Xi Tang Artificial intelligence in design '94 by John Gero and Fay Sudweeks (Eds.), Kluwer Academic Publishers, Dordrecht, 1994. pp 768, ISBN 0-7923-2994-5 , 1997, Knowl. Eng. Rev..

[8]  Teresa Susana Mendes Pereira,et al.  An Ontology Approach in Designing Security Information Systems to Support Organizational Security Risk Knowledge , 2012, KEOD.

[9]  Duminda Wijesekera,et al.  Ontologies for modeling enterprise level security metrics , 2010, CSIIRW '10.

[10]  A. Gómez-Pérez,et al.  Evaluation of ontologies , 2001, Int. J. Intell. Syst..

[11]  Michael Uschold,et al.  Ontologies: principles, methods and applications , 1996, The Knowledge Engineering Review.

[12]  N. F. Noy,et al.  Ontology Development 101: A Guide to Creating Your First Ontology , 2001 .

[13]  Mike Uschold,et al.  Building Ontologies: Towards a Unified Methodology , 1996 .

[14]  Nicola Guarino,et al.  Ontological Analysis of Taxonomic Relationships , 2000, ER.

[15]  Peter F. Patel-Schneider,et al.  The DARPA Knowledge Sharing Effort: A Progress Report , 1997, KR.

[16]  Luciana Andréia Fondazzi Martimiano,et al.  Ontologies for information security management and governance , 2008, Inf. Manag. Comput. Secur..

[17]  Asunción Gómez-Pérez,et al.  Methodologies, tools and languages for building ontologies: Where is their meeting point? , 2003, Data Knowl. Eng..

[18]  Asunción Gómez-Pérez,et al.  Towards a framework to verify knowledge sharing technology , 1996 .

[19]  Timothy W. Finin,et al.  Enabling Technology for Knowledge Sharing , 1991, AI Mag..

[20]  Michael R. Genesereth,et al.  Software agents , 1994, CACM.

[21]  Cath Everett A risky business: ISO 31000 and 27005 unwrapped , 2011 .

[22]  Van Nguyen,et al.  Ontologies and Information Systems: A Literature Survey , 2011 .

[23]  Thomas R. Gruber,et al.  A translation approach to portable ontology specifications , 1993, Knowl. Acquis..

[24]  Nahid Shahmehri,et al.  An Ontology of Information Security , 2007, Int. J. Inf. Secur. Priv..