Security Ontology: Simulating Threats to Corporate Assets

Threat analysis and mitigation, both essential for corporate security, are time consuming, complex and demand expert knowledge. We present an approach for simulating threats to corporate assets, taking the entire infrastructure into account. Using this approach effective countermeasures and their costs can be calculated quickly without expert knowledge and a subsequent security decisions will be based on objective criteria. The ontology used for the simulation is based on Landwehr's [ALRL04] taxonomy of computer security and dependability.

[1]  Marc Donner,et al.  Toward a Security Ontology , 2003, IEEE Secur. Priv..

[2]  Carl E. Landwehr,et al.  A taxonomy of computer program security flaws , 1993, CSUR.

[3]  AvizienisAlgirdas,et al.  Basic Concepts and Taxonomy of Dependable and Secure Computing , 2004 .

[4]  Marc Donner Hey, Robot! , 2003, IEEE Secur. Priv..

[5]  Carl E. Landwehr,et al.  Basic concepts and taxonomy of dependable and secure computing , 2004, IEEE Transactions on Dependable and Secure Computing.