Information Technology Reference
In-Depth Information
tral security concept and relations with its direct neighbors so as to be able to
approach the IS security concepts from different views and perspectives.
Step 5
- Integration of the partial ontologies in a SO prototype
; in this step we integ-
rate each partial ontology perspective into a wider ontology and extend the
model with additional attributes and rules, if any.
Step 6
- Refinement of vocabulary and normalization of the SO prototype
; we revise
the vocabulary and adjust accordingly concept attributes and relationships in
order to avoid redundancies.
Step 7
- Evaluation and feedback
; the integrated model representing the SO is evalu-
ated qualitatively through discussion and interaction among the participating
individuals.
If the developed SO is not satisfactory, then the process is repeated from Step 2.
3.3 Knowledge Extraction Mechanisms
As analyzed in section 3.1, a variety of diverse sources concerning security knowled-
ge is available to the security expert. The security knowledge can be acquired through
several sources, namely:
●
From
high-level policy statements
, which express the view of organization ma-
nagement on risk avoidance and mitigation issues, ideally aligned with busi-
ness objectives and goals; for this task, information extraction tools with onto-
logical support is used. Such information may be gathered through the use of
tools and techniques such as [16] [17].
●
From
widely accepted standards on security and assurance
that act as a refer-
ence model and provide a best practice perspective; a container database for
security requirements according to these standards is used (“
Security and As-
surance Standards Database
”).
●
From
system-specific information
from the organization domain, thereby fa-
cilitating the linkage of the model with the real world. Such information will
be gathered twofold:
o
From the
infrastructure level
through the use of system- and network-au-
diting tools and techniques such as Nmap [24] and NetStumbler [25].
These tools provide useful information for network mapping, identifica-
tion of platforms and operating systems, available services and open ports;
o
From the
managerial level
through dialog-based interfaces from the hu-
man owners of the system (e.g. justification of policy decisions in order to
achieve the business objectives). In this case, the responsible individual
enters the information through specific forms to provide the desired data.
Typically, this kind of information refers to business applications' facts
such as custom services / open ports etc.
The security knowledge extraction process is depicted in
Figure.3
. Although the
detailed techniques of extracting the information from the aforesaid sources, as well
as the process of the ontology concepts instantiation are beyond the scope of this pa-
per, an overview is provided in section 4.
