Access the full text.
Sign up today, get DeepDyve free for 14 days.
Loading next page...
/lp/emerald-publishing/mapping-information-security-standard-iso-27002-to-an-ontological-0TNmh4RMCO
References (18)
-
K. Arbanas, M. Cubrilo (2015)
Ontology in Information SecurityJournal of information and organizational sciences, 39
-
Maria Karyda, Theodoros Balopoulos, L. Gymnopoulos, S. Kokolakis, C. Lambrinoudakis, S. Gritzalis, S. Dritsas (2006)
An ontology for secure e-government applicationsFirst International Conference on Availability, Reliability and Security (ARES'06)
-
Stefan Fenz, G. Goluch, Andreas Ekelhart, Bernhard Riedl, E. Weippl (2007)
Information Security Fortification by Ontological Mapping of the ISO/IEC 27001 Standard13th Pacific Rim International Symposium on Dependable Computing (PRDC 2007)
-
G. Denker, Lalana Kagal, Timothy Finin, M. Paolucci, K. Sycara (2003)
Security for DAML Web Services: Annotation and Matchmaking -
Protégé Project , Protégé , ? ? ? ? -
(2003)
Security Engineering with Patterns - Origins -
Amina Souag, R. Mazo, C. Salinesi, I. Comyn-Wattiau (2015)
Reusable knowledge in security requirements engineering: a systematic mapping studyRequirements Engineering, 21
-
Ludovic Courtès, Ossama Hamouda, M. Kaâniche, M. Killijian, D. Powell (2007)
Dependability Evaluation of Cooperative Backup Strategies for Mobile Devices13th Pacific Rim International Symposium on Dependable Computing (PRDC 2007)
-
Stefan Fenz, Thomas Pruckner, Arman Manutscheri (2009)
Ontological Mapping of Information Security Best-Practice Guidelines -
Stefan Fenz (2010)
Ontology-based generation of IT-security metrics -
Anya Kim, Jim Luo, Myong Kang (2005)
Security Ontology for Annotating Resources -
(2008)
Ontology (Computer Science -
V. Raskin, Christian Hempelmann, Katrina Triezenberg, S. Nirenburg (2001)
Ontology in information security: a useful theoretical foundation and methodological tool -
日本規格協会 (2013)
情報技術-セキュリティ技術-情報セキュリティ管理策の実践のための規範 : ISO/IEC 27002 = Information technology-Security techniques-Code of practice for information security controls : ISO/IEC 27002 -
Andreas Ekelhart, Stefan Fenz, G. Goluch, E. Weippl (2007)
Ontological Mapping of Common Criteria's Security Assurance Requirements -
An ontology of information security
International Journal of Information Security and Privacy, 1
-
A. Avizienis, J. Laprie, B. Randell, C. Landwehr (2004)
Basic concepts and taxonomy of dependable and secure computingIEEE Transactions on Dependable and Secure Computing, 1
-
Stefan Fenz, Andreas Ekelhart (2009)
Formalizing information security knowledge
- Publisher
- Emerald Publishing
- Copyright
- Copyright © Emerald Group Publishing Limited
- ISSN
- 2056-4961
- DOI
- 10.1108/ICS-07-2015-0030
- Publisher site
- See Article on Publisher Site
Abstract
PurposeThe purpose of this paper is to increase the degree of automation within information security compliance projects by introducing a formal representation of the ISO 27002 standard. As information is becoming more valuable and the current businesses face frequent attacks on their infrastructure, enterprises need support at protecting their information-based assets.Design/methodology/approachInformation security standards and guidelines provide baseline knowledge for protecting corporate assets. However, the efforts to check whether the implemented measures of an organization adhere to the proposed standards and guidelines are still significantly high.FindingsThis paper shows how the process of compliance checking can be supported by using machine-readable ISO 27002 control descriptions in combination with a formal representation of the organization’s assets.Originality/valueThe authors created a formal representation of the ISO 27002 standard and showed how a security ontology can be used to increase the efficiency of the compliance checking process.
Journal
Information and Computer Security – Emerald Publishing
Published: Nov 14, 2016