nach oben

Arabian Journal for Science and Engineering

Erschienen in:

23.04.2020 | Research Article-Computer Engineering and Computer Science

An Ontology-Based Security Risk Management Model for Information Systems

verfasst von: Oluwasefunmi T. Arogundade, Adebayo Abayomi-Alli, Sanjay Misra

Erschienen in: Arabian Journal for Science and Engineering | Ausgabe 8/2020

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Security risk management is a knowledge-intensive procedure that requires monitoring and capturing relevant information that can assist in making the right decision by managers. In this paper, a semantically enhanced model for security management during the information system lifetime is proposed. The model supports the continuous collection of identified threat behaviours from the intrusion detection system, filtering and analysis of the threats within a time snapshot and re-appraiser of IS security countermeasures which involves the security administrator (S-Admin), managers, IS and security management system as stakeholders. The probe agent categorizes the security threats identified by the IDS using the developed ontology-driven knowledge base, while the likelihood of threats occurring in real time was obtained using long-term frequency probability. The case-based reasoning paradigm is employed for the security solution reasoning of identified threat risk. The suggested security solutions are based on CASE base built on existing threat ontology. The re-appraiser is based on the success likelihood of potential ongoing threats. The system facilitates management decision with regard to security control selection so that they can have a maximum Return on Security Investment. The proposed Collect–Probe–Analyse–Reason–Reappraise model is illustrated using an e-banking system.

Vorheriger Artikel An Effective Congestion Control Scheme for MANET with Relative Traffic Link Matrix Routing

Nächster Artikel Logically Optimal Novel 4:2 Compressor Architectures for High-Performance Applications

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Alavi, R.; Islam, S.; Jahankhani, H.; Al-Nemrat, A.: Analysing human factors for an effective information security management system. Int. J. Secure Softw. Eng. 4(1), 50–74 (2013)CrossRef

CAA: Framework for an Aviation Security Management System (SeMS), Civil Aviation Authority, Department of Transport, CAA House, 45-59 Kingsway, WC2B 6TE, London, UK (2018)

ISO: ISO/IEC 27002, Information technology—Security techniques—Code of practice for information security controls (2013)

Saxena, A. K.; Sinha, S.; Shukla, P.: General study of intrusion detection system and survey of agent-based intrusion detection system. In: Proceeding—IEEE International Conference on Computing, Communication and Automation, ICCCA January 2017, pp. 417–421 (2017)

Odesile, A.; Thamilarasu, G.: Distributed intrusion detection using mobile agents in wireless body area networks. In: Proceedings—2017 7th International Conference on Emerging Security Technologies, vol. 8090414, pp. 144–149 (2017)

Mantravadi, S.; Li, C.; Møller, C.: Multi-agent manufacturing execution system (MES): concept, architecture & ML algorithm for a smart factory case ICEIS. In: 2019—Proceedings of the 21st International Conference on Enterprise Information Systems, vol. 1, pp. 465–470 (2019)

Andreasik, J.: Developing a web application and a case-based reasoning recommender system to improve students’ motivation for exchange programs. Barometr. Reg. 15(3), 109–124 (2017)

Andersen, L.L.; Pettersen, T.M.: Developing a Web Application and a Case-based Reasoning Recommender System to Improve Students’ Motivation for Exchange Programs, MSc. Thesis in Informatics, Norwegian University of Science and Technology, Norway (2017)

Reis, L.; Rocha, A.P.; Castro, A.J.M.: An agent-based electronic market to help airlines to recover from delays. In: ICAART 2018—Proceedings of the 10th International Conference on Agents and Artificial Intelligence, vol. 1, pp. 176–183 (2018)

10.

Hyeun-Suk, R.; Young, U.R.; Cheong-Tag, K.: Unrealistic optimism on information security management. Comput. Secur. 31, 221–232 (2012)CrossRef

11.

Sales, T.P.; Almeida, J.P.; Santini, S.; Baião, F.A.; Guizzardi, G.: Ontological analysis and redesign of risk modeling in ArchiMate. In: 2018 IEEE 22nd International Enterprise Distributed Object Computing Conference (EDOC), pp. 154–163 (2018)

12.

Fenz, S.; Neubauer, T.: Ontology-based information security compliance determination and control selection on the example of ISO 27002. Inf. Comput. Secur. 26(5), 551–567 (2018)CrossRef

13.

Mavroeidis, V.; Bromander, S.: Cyber threat intelligence model: an evaluation of taxonomies, sharing standards, and ontologies within cyber threat intelligence. In: European Intelligence and Security Informatics Conference (EISIC), Athens, Greece. IEEE (2018)

14.

Meriaha, I.; Rabaia, L.B.A.: Comparative Study of Ontologies Based ISO 27000 Series Security Standards. In: Proceedings of 10th International Conference on Emerging Ubiquitous Systems and Pervasive Networks (EUSPN 2019), November 4–7, 2019, Coimbra, Portugal. Procedia Computer Science, vol. 160, pp. 85–92 (2019)

15.

Mozzaquatro, B.A.; Agostinho, C.; Goncalves, D.; Martins, J.; Jardim-Goncalves, R.: An ontology-based cybersecurity framework for the internet of things. Sensors 2018(18), 1–20 (2016)

16.

Baykara, M.; Das, R.: A novel honeypot based security approach for real-time intrusion detection and prevention systems. J. Inf. Secur. Appl. 41(2018), 103–116 (2018)

17.

Pereira, D.P.; Hirata, C.; Nadjm-Tehrani, S.: A STAMP-based ontology approach to support safety and security analyses. J. Inf. Secur. Appl. 47(2019), 302–319 (2019)

18.

Schmitz, C.; Pape, S.: LiSRA: lightweight security risk assessment for decision support in information security. Comput. Secur. (2018). https://doi.org/10.1016/j.cose.2019.101656 CrossRef

19.

Diesch, R.; Pfaff, M.; Krcmar, H.: A comprehensive model of information security factors for decision-makers. Comput. Secur. 20, 20 (2020). https://doi.org/10.1016/j.cose.2020.101747 CrossRef

20.

Abdulazzi, A.; William H.A.: The ISDF Framework: Integrating security patterns and Best practices. In: J.H. Park et al. (Eds.): ISA, Springer, Berlin, CCIS, vol. 36, pp. 17–28 (2009)

21.

Elahi, G.; Yu, E.; Zannone, N.: A modeling ontology for integrating vulnerabilities into security requirements conceptual foundations. In: Proceedings of the 28th International Conference on Conceptual Modeling (ER), pp 99–114 (2009)

22.

Boiko, A.; Shendrykb, V.; Boiko, O.: Information systems for supply chain management: uncertainties, risks and cyber security. Procedia Comput. Sci. 149(2019), 65–70 (2019)CrossRef

23.

Antti, E.; Eila, O.: Ontology-Based Security Adaptation at Run-Time. SASO 2010, 204–212 (2010)

24.

Chen, Y.; Peng, X.; Zhong, B.; Luo, H.: Application of ontology in vulnerability analysis of metro operation systems. Struct. Infrastruct. Eng. 12(10), 1256–1266 (2016)CrossRef

25.

Teimourikia, M.; Fugini, M.: Ontology development for run-time safety management methodology in Smart Work Environments using ambient knowledge. Fut. Gener. Comput. Syst. 68, 428–441 (2017)CrossRef

26.

Can, O.; Yilmazer, D.: Improving privacy in health care with an ontology-based provenance management system. Expert Syst. 12, 427 (2019). in Press

27.

Bialas A: Enhancement of the ValueSec Risk Management Model. In: Preprints of the Federated Conference on Computer Science and Information Systems (FedCSIS). Warsaw, Poland, September 7–10, 2014, pp. 209–216

28.

Souag, A.; Salinesi, C.; Mazo, R.; Comyn-Wattiau, I.: A security ontology for security requirements elicitation. In: Engineering Secure Software and Systems, Springer, 2015. Volume 8978 of Lecture Notes in Computer Science, pp 157–177

29.

Slavin, R.; Wang, X.; Hosseini, M.B.; Hester, J.; Krishnan, R.; Bhatia, J.; Breaux, T.D.; Niu, J.: Toward a framework for detecting privacy policy violations in android application code. In: Proceedings of the 38th ACM International Conference on Software Engineering (ICSE), pp. 25–36 (2016)

30.

Galba, T.; Solic, K.; Lukic, I.: An information security and privacy self-assessment (ISPSA) tool for internet users. Acta Polytechnica Hungarica 12(7), 149–162 (2015)

31.

HHS: Breach portal: Notice to the Secretary of HHS breach of unsecured protected health information affecting 500 or more individuals, 2016. https://ocrportal.hhs.gov/ocr/breach/.

32.

Pittl, B.; Fill, H.-G.; Honegger, G.: Enabling Risk-Aware Enterprise Modelling Using Semantic Annotations and Visual Rules. In: 25th European Conference on Information Systems (ECIS), Guimarães, Portugal, pp 1–16 (2017).

33.

Fill, Hans-Georg: SeMFIS: a flexible engineering platform for semantic annotations of conceptual models. Semantic Web (SWJ) 8(5), 747–763 (2017)CrossRef

34.

Seturidze: The role of the information systems in the risk management model (On the example of the customs system of Georgia). In: Poster at the Model-Based Governance for Smart Organizational Future, BSLab-SYDIC International Workshop- Roma, 2017, pp. 177–181 (2017)

35.

Ghazouani, M.; Medromi, H.; Moussaid, L.: Design and implementation of a comprehensive information security risk management tool based on multi-agents systems. Int. J. Appl. Inf. Syst. 12(7), 1–8 (2017)

36.

Mering, M.; Aminudin, E.; Chai, C.S.; Zakaria, R.; Tan, C.S.; Lee, Y.Y.; Redzuan, A.A.: Adoption of building information modelling in project planning risk management. In: IOP Conference Series: Materials Science and Engineering, vol. 271, pp. 012043 (2017)

37.

Roldán, G.: A decision support system for corporations cyber security risk management, M.Sc. Thesis in Computer Engineering, Polytechnic Institute of Leiria, Portugal (2017)

38.

Joshi, C.; Singh, U.K.: Information security risks management framework–a step towards mitigating security risks in university network. J. Inf. Secur. Appl. 35(2017), 128–137 (2017)

39.

Arogundade, O.T.; Akinwale, A.T.; Jin, Z.; Yang, X.G.: Towards an ontological approach to information system security and safety requirement modelling and reuse. Inf. Secur. J. A Global Perspect. 21(3), 137–149 (2012)CrossRef

40.

Pikoulas, J.; Buchanan, W.J.; Mannion, M.; Triantafyllopoulos, K.: An Agent-Based Bayesian Forecasting Model for Enhanced Network Security. In: Proceedings of the International Symposium and Workshop on Engineering of Computer Based Systems (ECBS), pp. 247–254 (2001)

41.

Stoneburner, G.; Goguen, A.; Feringa, A.: Risk management guide for information technology systems. National Institute of Standards and Technology (NIST), Gaithersburg, MD 20899-8930, NIST Special Publication 800-30 (2002)

42.

Microsoft: The STRIDE Threats Model, Microsoft Corporation (2005). http://msdn.microsoft.com/en-us/library/ee823878%28v=cvs.20%29.aspx. Accessed on October 2019.

43.

ISO: ISO/IEC 17799, Information technology—Security techniques—Code of practice for information security management (2005).

Titel: An Ontology-Based Security Risk Management Model for Information Systems
verfasst von: Oluwasefunmi T. Arogundade
Adebayo Abayomi-Alli
Sanjay Misra
Publikationsdatum: 23.04.2020
Verlag: Springer Berlin Heidelberg
Erschienen in: Arabian Journal for Science and Engineering / Ausgabe 8/2020
Print ISSN: 2193-567X
Elektronische ISSN: 2191-4281
DOI: https://doi.org/10.1007/s13369-020-04524-4

Premium Partner

Marktübersichten

Die im Laufe eines Jahres in der „adhäsion“ veröffentlichten Marktübersichten helfen Anwendern verschiedenster Branchen, sich einen gezielten Überblick über Lieferantenangebote zu verschaffen.

Zur Marktübersicht

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Weitere Artikel der Ausgabe 8/2020

Invariant Sets in Saturated and Robust Vehicle Suspension Control

Robust Optimization-Based Energy Pricing and Dispatching Model Using DSM for Smart Grid Aggregators to Tackle Price Uncertainty

A General Production and Financial Planning Model: Case of a Poultry Integration

Fuzzy-based Clustering Scheme with Sink Selection Algorithm for Monitoring Applications of Wireless Sensor Networks

Optimal and Sensitivity Analysis of Vacation Queueing System with F-Policy and Vacation Interruption

Smart Charging Station to Cater the Sudden Ingress and Egress of EVs while Supporting the Frequency of Microgrid through VSG

Premium Partner

Marktübersichten