论文信息 - Ontologies for modeling enterprise level security metrics

Ontologies for modeling enterprise level security metrics

Currently, it is difficult to answer simple questions such as "are we more secure than yesterday" or "how should we invest our limited security budget." Decision makers in other areas of business and engineering often use metrics for determining whether a projected return on investment justifies its costs. Spending for new cyber-security measures is such an investment. Therefore, security metrics [1] that can quantify the overall risk in an enterprise system are essential in making sensible decisions in security management.

Duminda Wijesekera | Anoop Singhal

[1] Myong H. Kang,et al. Security Ontology for Annotating Resources , 2005, OTM Conferences.

[2] Anupam Joshi,et al. Modeling Computer Attacks: An Ontology for Intrusion Detection , 2003, RAID.

[3] Pete Sawyer,et al. Revisiting Ontology-Based Requirements Engineering in the age of the Semantic Web , 2006 .

[4] Timothy W. Finin,et al. Security in the Semantic Web using OWL , 2005, Inf. Secur. Tech. Rep..

[5] Deborah L. McGuinness,et al. OWL Web ontology language overview , 2004 .

[6] Andrew Jaquith. Security Metrics: Replacing Fear, Uncertainty, and Doubt , 2007 .