What are Information Security Ontologies Useful for?

The engineering of ontologies in the information security domain have received some degree of attention in past years. Concretely, the use of ontologies has been proposed as a solution for a diversity of tasks related to that domain, from the modelling of cyber-attacks to easing the work of auditors or analysts. This has resulted in ontology artefacts, degrees of representation and ontological commitments of a diverse nature. In this paper, a selection of recent research in the area is categorized according to their purpose or application, highlighting their main commonalities. Then, an assessment of the current status of development in the area is provided, in an attempt to sketch a future roadmap for further research. The literature surveyed shows different levels of analysis, from the more conceptual to the more low-level, protocol-oriented, and also diverse levels of readiness for practice. Further, several of the works found use existing standardized, community-curated databases as sources for ontology population, which points out to a need to use these as a baseline for future research, adding ontology-based functionalities for those capabilities not directly supported by them.