An Ontology-Based Approach for Constructing Bayesian Networks
Bayesian networks are commonly used for determining the probability of events that are influenced by various variables. Bayesian probabilities encode degrees of belief about certain events, and a dynamic knowledge body is used to strengthen, update, or weaken these assumptions. The creation of Bayesian networks…
Increasing Knowledge Capturing Efficiency by Enterprise Portals
www.emeraldinsight.com/journals.htm Collaborative ontology editing tools enable distributed user groups to build and maintain ontologies. Enterprises that use these tools to simply capture knowledge for a given ontological structure face the following problems: isolated software solution requiring its own user management; the user interface often does…
Information Security Automation: How Far Can We Go?
ieeexplore.ieee.org/xpl/articleDetails.jsp Information security management is a very complex task which involves the implementation and monitoring of more than 130 security controls. To achieve greater efficiency in this process it is necessary to automate as many controls as possible. This paper provides an analysis of how…
A Community Knowledge Base for IT Security
dx.doi.org/10.1109/MITP.2011.35 Corporate IT security managers have a difficult time staying on top of the endless tide of new technologies and security threats sweeping into their organizations and information systems. The effectiveness of security controls must be balanced with a variety of operational issues, including the…
Information Security Risk Management: In which Security Solutions is it worth Investing?
[:en] Information Security Risk Management: In which Security Solutions is it worth Investing?: As companies are increasingly exposed to information security threats, decision makers are permanently forced to pay attention to security issues.Information security risk management provides an approach for measuring the security through risk…
An Ontology- and Bayesian-Based Approach for Determining Threat Probabilities
[:en] Information security risk management is crucial for ensuring long-term business success and thus numerous approaches to implementing an adequate information security risk management strategy have been proposed. The subjective threat probability determination is one of the main reasons for an inadequate information security strategy…
Ontology-Based Decision Support for Information Security Risk Management
[:en]As e-Business and e-Commerce applications are increasingly exposed to a variety of information security threats, corporate decision makers are increasingly forced to pay attention to security issues. Risk management provides an effective approach for measuring the security but existing risk management approaches come with major…
Verification, Validation, and Evaluation in Information Security Risk Management
[:en] Over the last four decades, various information security risk management (ISRM) approaches have emerged. However, there is a lack of sound verification, validation, and evaluation methods for these approaches. While restrictions, such as the impossibility of measuring exact values for probabilities and follow-up costs,…
Ontology-Based Generation of IT-Security Metrics
Legal regulations and industry standards require organizations to measure and maintain a specified IT-security level. Although several IT-security metrics approaches have been developed, a methodology for automatically generating ISO 27001-based IT-security metrics based on concrete organization-specific control implementation knowledge is missing. Based on the security…
Workshop-Based Security Safeguard Selection with AURUM
[:en] Organizations are increasingly exposed to manifold threats concerning the security of their valuable business processes. Due to the increasing damage potential, decision makers are permanently forced to pay attention to security issues and are raising their security investments, but often (i) without considering the…