Security Ontologies: A Systematic Literature Review
2022 (English)In: Lecture Notes In Computer Science: 26th International Conference on Enterprise Design, Operations, and Computing, EDOC 2022, Springer Science and Business Media Deutschland GmbH , 2022, p. 36-53Conference paper, Published paper (Refereed)
Abstract [en]
Security ontologies have been developed to facilitate the organization and management of security knowledge. A comparison and evaluation of how these ontologies relate to one another is challenging due to their structure, size, complexity, and level of expressiveness. Differences between ontologies can be found on both the ontological and linguistic levels, resulting in errors and inconsistencies (i.e., different concept hierarchies, types of concepts, definitions) when comparing and aligning them. Moreover, many concepts related to security ontologies have not been thoroughly explored and do not fully meet security standards. By using standards, we can ensure that concepts and definitions are unified and coherent. In this study, we address these deficiencies by reviewing existing security ontologies to identify core concepts and relationships. The primary objective of the systematic literature review is to identify core concepts and relationships that are used to describe security issues. We further analyse and map these core concepts and relationships to five security standards (i.e., NIST SP 800-160, NIST SP 800-30 rev.1, NIST SP 800-27 rev.A, ISO/IEC 27001 and NISTIR 8053). As a contribution, this paper provides a set of core concepts and relationships that comply with the standards mentioned above and allow for a new security ontology to be developed.
Place, publisher, year, edition, pages
Springer Science and Business Media Deutschland GmbH , 2022. p. 36-53
Series
Lecture Notes in Computer Science, ISSN 0302-9743 ; 13585 LNCS
Keywords [en]
Concepts, Ontologies, Relationships, Security ontology, Security standards, ISO Standards, Concept, Concept hierarchies, Ontology's, Organization and management, Relationship, Security ontologies, Size complexity, Structure sizes, Systematic literature review, Ontology
National Category
Computer Sciences
Identifiers
URN: urn:nbn:se:mdh:diva-60551DOI: 10.1007/978-3-031-17604-3_3ISI: 000893215100003Scopus ID: 2-s2.0-85140464807ISBN: 9783031176036 (print)OAI: oai:DiVA.org:mdh-60551DiVA, id: diva2:1708201
Conference
26th International Conference on Enterprise Design, Operations, and Computing, EDOC 2022, Bozen-Bolzano, Italy, 3-7 October, 2022
2022-11-032022-11-032023-08-16Bibliographically approved