{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,20]],"date-time":"2026-06-20T03:19:22Z","timestamp":1781925562899,"version":"3.54.5"},"publisher-location":"Cham","reference-count":67,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783319565347","type":"print"},{"value":"9783319565354","type":"electronic"}],"license":[{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2017]]},"DOI":"10.1007\/978-3-319-56535-4_17","type":"book-chapter","created":{"date-parts":[[2017,3,27]],"date-time":"2017-03-27T21:34:36Z","timestamp":1490650476000},"page":"166-173","source":"Crossref","is-referenced-by-count":8,"title":["A Survey of Security Assessment Ontologies"],"prefix":"10.1007","author":[{"given":"Ferrucio","family":"de Franco Rosa","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Mario","family":"Jino","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","published-online":{"date-parts":[[2017,3,28]]},"reference":[{"key":"17_CR1","unstructured":"Barros, C.P., de, Franco Rosa, F., Balc\u00e3o Filho, A.F.: Software testing with emphasis on finding security defects. In: IADIS - The 12th International Conference on WWW\/Internet, pp. 226\u2013228 (2013)"},{"key":"17_CR2","doi-asserted-by":"crossref","unstructured":"Tsoumas, B., Gritzalis, D.: Towards an ontology-based security management. In: Proceedings of the International Conference on Advanced Information Networking and Applications AINA, vol. 1, pp. 985\u2013990 (2006)","DOI":"10.1109\/AINA.2006.329"},{"key":"17_CR3","first-page":"21","volume":"49","author":"P Salini","year":"2012","unstructured":"Salini, P., Kanmani, S.: A knowledge-oriented approach to security requirements engineering for E-voting system. Int. J. Comput. Appl. 49, 21\u201325 (2012)","journal-title":"Int. J. Comput. Appl."},{"key":"17_CR4","doi-asserted-by":"crossref","unstructured":"Gartner, S., Ruhroth, T., Burger, J., Schneider, K., Jurjens, J.: Maintaining requirements for long-living software systems by incorporating security knowledge. In: 2014 IEEE 22nd International Requirements Engineering Conference, pp. 103\u2013112 (2014)","DOI":"10.1109\/RE.2014.6912252"},{"key":"17_CR5","unstructured":"The MITRE Corporation: Common Vulnerabilities and Exposures (CVE) (2015)"},{"key":"17_CR6","doi-asserted-by":"crossref","unstructured":"Wita, R., Jiamnapanon, N., Teng-amnuay, Y.: An ontology for vulnerability lifecycle. In: 3rd International Symposium on Intelligent Information Technology and Security Informatics, IITSI 2010, pp. 553\u2013557 (2010)","DOI":"10.1109\/IITSI.2010.141"},{"key":"17_CR7","unstructured":"NIST - US National Institute of Standards and Technology: NVD CVSS - Common Vulnerability Scoring System Support v2 (2015)"},{"key":"17_CR8","doi-asserted-by":"crossref","first-page":"1","DOI":"10.4018\/jisp.2007100101","volume":"1","author":"A Herzog","year":"2007","unstructured":"Herzog, A., Shahmehri, N., Duma, C.: An ontology of information security. Int. J. Inf. Secur. Priv. 1, 1\u201323 (2007)","journal-title":"Int. J. Inf. Secur. Priv."},{"key":"17_CR9","first-page":"165","volume":"679","author":"J Biolchini","year":"2005","unstructured":"Biolchini, J., Mian, P.G., Candida, A., Natali, C.: Systematic review in software engineering. Engineering 679, 165\u2013176 (2005)","journal-title":"Engineering"},{"key":"17_CR10","first-page":"28","volume":"33","author":"B Kitchenham","year":"2004","unstructured":"Kitchenham, B.: Procedures for performing systematic reviews. Keele Univ. 33, 28 (2004). Keele, UK","journal-title":"Keele Univ."},{"key":"17_CR11","doi-asserted-by":"crossref","unstructured":"Koinig, U., Tjoa, S., Ryoo, J.: Contrology - an ontology-based cloud assurance approach. In: 2015 IEEE 24th International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises, pp. 105\u2013107 (2015)","DOI":"10.1109\/WETICE.2015.43"},{"key":"17_CR12","unstructured":"de Souza, E.F.: Knowledge Management Applied to Software Testing: An Ontology Based, (2014)"},{"key":"17_CR13","doi-asserted-by":"crossref","unstructured":"Kang, W., Liang, Y.: A security ontology with MDA for software development. In: Proceedings of the 2013 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery, CyberC 2013, pp. 67\u201374 (2013)","DOI":"10.1109\/CyberC.2013.20"},{"key":"17_CR14","unstructured":"da Cunha Freitas, A.L.S.: Ontologia para teste de desempenho de software (2013). https:\/\/performance-ontology.googlecode.com\/files\/Dissertacao_ArturFreitas.pdf"},{"key":"17_CR15","doi-asserted-by":"crossref","unstructured":"Salini, P., Kanmani, S.: Ontology-based representation of reusable security requirements for developing secure web applications. Presented at the (2013)","DOI":"10.1504\/IJITST.2013.058295"},{"key":"17_CR16","first-page":"13","volume":"2","author":"J Panchal","year":"2013","unstructured":"Panchal, J., Chirchi, V.R.: Privacy preservation requirement for personal health record: a survey on security prototypes. Int. J. Adv. Comput. Eng. Appl. 2, 13\u201318 (2013)","journal-title":"Int. J. Adv. Comput. Eng. Appl."},{"key":"17_CR17","doi-asserted-by":"crossref","first-page":"878","DOI":"10.15837\/ijccc.2013.6.764","volume":"8","author":"S Ramanauskaite","year":"2013","unstructured":"Ramanauskaite, S., Olifer, D., Goranin, N., \u010cenys, A.: Security ontology for adaptive mapping of security standards. Int. J. Comput. Commun. Control 8, 878\u2013890 (2013)","journal-title":"Int. J. Comput. Commun. Control"},{"key":"17_CR18","doi-asserted-by":"crossref","unstructured":"Kotenko, I., Polubelova, O., Saenko, I., Doynikova, E.: The ontology of metrics for security evaluation and decision support in SIEM systems. In: Proceedings of the 2013 International Conference on Availability, Reliability and Security, ARES 2013, pp. 638\u2013645 (2013)","DOI":"10.1109\/ARES.2013.84"},{"key":"17_CR19","doi-asserted-by":"crossref","unstructured":"Gyrard, A., Bonnet, C., Boudaoud, K., Gyrard, A., Bonnet, C., Boudaoud, K., Stac, T., Toolbox, S., Gyrard, A., Bonnet, C.: The STAC (Security Toolbox : Attacks & Countermeasures) ontology (2014)","DOI":"10.1145\/2487788.2487869"},{"key":"17_CR20","unstructured":"Bhaumik, A.: An approach in defining information assurance patterns based on security ontology and meta-modeling (2012)"},{"key":"17_CR21","doi-asserted-by":"crossref","unstructured":"D\u2019Agostini, S., Di Giacomo, V., Pandolfo, C., Presenza, D.: An ontology for run-time verification of security certificates for SOA. In: Proceedings of the 2012 7th International Conference on Availability, Reliability and Security, ARES 2012, pp. 525\u2013533 (2012)","DOI":"10.1109\/ARES.2012.49"},{"key":"17_CR22","doi-asserted-by":"crossref","unstructured":"Feledi, D., Fenz, S.: Challenges of web-based information security knowledge sharing. In: 2012 Seventh International Conference on Availability, Reliability and Security, pp. 514\u2013521 (2012)","DOI":"10.1109\/ARES.2012.59"},{"key":"17_CR23","doi-asserted-by":"crossref","unstructured":"Birkholz, H., Sieverdingbeck, I., Sohr, K., Bormann, C.: IO: an interconnected asset ontology in support of risk management processes. In: Proceedings of the 2012 7th International Conference on Availability, Reliability and Security, ARES 2012, pp. 534\u2013541 (2012)","DOI":"10.1109\/ARES.2012.73"},{"key":"17_CR24","doi-asserted-by":"crossref","unstructured":"Di\u00e9guez, M., Sep\u00falveda, S., Cares, C.: On optimizing the path to information security compliance. In: Proceedings of the 2012 8th International Conference on Information and Communication Technology, QUATIC 2012, pp. 182\u2013185 (2012)","DOI":"10.1109\/QUATIC.2012.44"},{"key":"17_CR25","first-page":"63","volume":"12","author":"AM Talib","year":"2012","unstructured":"Talib, A.M., Atan, R., Abdullah, R., Azrafi, M., Murad, A.: Security ontology driven multi agent system architecture for cloud data storage security: ontology development. Int. J. Comput. Sci. Netw. Secur. 12, 63\u201372 (2012)","journal-title":"Int. J. Comput. Sci. Netw. Secur."},{"key":"17_CR26","unstructured":"Nabil, S., Mohamed, B.: Security ontology for semantic SCADA. In: CEUR Workshop Proceedings, vol. 867, pp. 179\u2013192 (2012)"},{"key":"17_CR27","doi-asserted-by":"crossref","unstructured":"Lotz, V., Kaluvuri, S.P., Di Cerbo, F., Sabetta, A.: Towards security certification schemas for the internet of services. In: 2012 5th International Conference on New Technologies, Mobility and Security \u2013 Proceedings of NTMS 2012 Conference and Workshops (2012)","DOI":"10.1109\/NTMS.2012.6208771"},{"key":"17_CR28","doi-asserted-by":"crossref","unstructured":"Massacci, F., Mylopoulos, J., Paci, F., Yu, Y., Tun, T.T.: An Extended Ontology for Security Requirements. Presented at the (2011)","DOI":"10.1007\/978-3-642-22056-2_64"},{"key":"17_CR29","doi-asserted-by":"crossref","first-page":"8085","DOI":"10.3390\/s110808085","volume":"11","author":"A Bialas","year":"2011","unstructured":"Bialas, A.: Common criteria related security design patterns for intelligent sensors-knowledge engineering-based implementation. Sensors 11, 8085\u20138114 (2011)","journal-title":"Sensors"},{"key":"17_CR30","unstructured":"Janpitak, N., Sathitwiriyawong, C.: Data Center Physical Security Ontology for Automated Evaluation (2011). Weblidi.Info.Unlp.Edu.Ar"},{"key":"17_CR31","unstructured":"Nascimento, C., Ferraz, F., Assad, R.: OntoLog: using web semantic and ontology for security log analysis. In: Proceedings of the Sixth International Conference on Software Engineering Advances, ICSEA 2011, pp. 177\u2013182 (2011)"},{"key":"17_CR32","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"605","DOI":"10.1007\/978-3-642-25106-1_13","volume-title":"On the Move to Meaningful Internet Systems: OTM 2011","author":"I Ciuciu","year":"2011","unstructured":"Ciuciu, I., Claerhout, B., Schilders, L., Meersman, R.: Ontology-based matching of security attributes for personal data access in e-Health. In: Meersman, R., et al. (eds.) OTM 2011. LNCS, vol. 7045, pp. 605\u2013616. Springer, Heidelberg (2011). doi: 10.1007\/978-3-642-25106-1_13"},{"key":"17_CR33","doi-asserted-by":"crossref","unstructured":"Evesti, A., Savola, R., Ovaska, E., Kuusijarvi, J.: The design, instantiation, and usage of information security measuring ontology. In: Proceedings of the 4th IEEE International Conference on Self-Adaptive and Self-Organizing Systems, pp. 204\u2013212 (2011)","DOI":"10.1109\/SASO.2010.11"},{"key":"17_CR34","unstructured":"Da Silva, P.F., Otte, H., Todesco, J.L., Gauthier, F.A.O.: Uma ontologia para gest\u00e3o de seguran\u00e7a da informa\u00e7 \u00e3o. In: CEUR Workshop Proceedings, vol. 776, pp. 141\u2013146 (2011)"},{"key":"17_CR35","unstructured":"Basile, C., Silvestro, J., Lioy, A., Canavese, D.: Security Ontology Definition (2011)"},{"key":"17_CR36","doi-asserted-by":"crossref","unstructured":"Blackwell, C.: A security ontology for incident analysis. In: Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research - CSIIRW 2010, p. 1 (2010)","DOI":"10.1145\/1852666.1852717"},{"key":"17_CR37","first-page":"61","volume":"42","author":"A Vorobiev","year":"2010","unstructured":"Vorobiev, A., Bekmamedova, N.: An ontology-driven approach applied to information security. J. Res. Pract. Inf. Technol. 42, 61\u201376 (2010)","journal-title":"J. Res. Pract. Inf. Technol."},{"key":"17_CR38","doi-asserted-by":"crossref","unstructured":"Takahashi, T., Kadobayashi, Y., Fujiwara, H.: Ontological approach toward cybersecurity in cloud computing. In: Proceedings of the 3rd International Conference on Security of Information and Networks - SIN 2010, p. 100 (2010)","DOI":"10.1145\/1854099.1854121"},{"key":"17_CR39","doi-asserted-by":"crossref","unstructured":"Singhal, A., Wijesekera, D.: Ontologies for modeling enterprise level security metrics. In: Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research - CSIIRW 2010, p. 1 (2010)","DOI":"10.1145\/1852666.1852731"},{"key":"17_CR40","first-page":"155","volume":"20","author":"MB Almeida","year":"2010","unstructured":"Almeida, M.B., Souza, R.R., Coelho, K.C.: Uma Proposta de Ontologia para o Dom\u00ednio Seguran\u00e7a da Informa\u00e7\u00e3o em Organiza\u00e7\u00f5es: descri\u00e7\u00e3o do est\u00e1gio terminol\u00f3gico. Inf. Soc. Est. 20, 155\u2013168 (2010)","journal-title":"Inf. Soc. Est."},{"key":"17_CR41","doi-asserted-by":"crossref","unstructured":"Fenz, S., Ekelhart, A.: Formalizing information security knowledge. In: 4th International Symposium on Information, Computer, and Communication Security, p. 183 (2009)","DOI":"10.1145\/1533057.1533084"},{"key":"17_CR42","doi-asserted-by":"crossref","unstructured":"Bialas, A.: Ontology-based security problem definition and solution for the common criteria compliant development process. In: Proceedings of the 2009 4th International Conference on Dependability of Computer Systems, DepCos-RELCOMEX 2009, pp. 3\u201310 (2009)","DOI":"10.1109\/DepCoS-RELCOMEX.2009.15"},{"key":"17_CR43","unstructured":"Bezerra, D., Costa, A., Okada, K.: SwTOI (Software Test Ontology Integrated) and its application in Linux test. In: CEUR Workshop Proceedings, vol. 460, pp. 25\u201336 (2009)"},{"key":"17_CR44","doi-asserted-by":"crossref","unstructured":"de Azevedo, R.R., de Almeida, S.C., Brasil, P.A., Almeida, M.J.S.C., Filho, E.C.D.B.C.: CoreSec : an ontology of security aplied to the business process of management (2008)","DOI":"10.1145\/1621087.1621100"},{"key":"17_CR45","doi-asserted-by":"crossref","unstructured":"de Azevedo, R.R.: CoreSec : Uma Ontologia para o Dom\u00ednio de Seguran\u00e7a da Informa\u00e7\u00e3o (2008)","DOI":"10.5753\/sbseg_estendido.2008.20911"},{"key":"17_CR46","unstructured":"Barbosa, E.F., Nakagawa, E.Y., Maldonado, J.C.: Towards the establishment of an ontology of software testing. In: Seke (2006)"},{"key":"17_CR47","doi-asserted-by":"crossref","unstructured":"Raskjn, V., Hempelmann, C.F., Nirenburg, S., Lafayette, W.: Ontology in information security : a useful theoretical foundation and methodological tool. In: Workshop on New Security Paradigms, pp. 53\u201359 (2002)","DOI":"10.1145\/508171.508180"},{"key":"17_CR48","doi-asserted-by":"crossref","unstructured":"Souag, A., Salinesi, C., Mazo, R., Comyn-Wattiau, I.: A Security Ontology for Security Requirements Elicitation. Presented at the (2015)","DOI":"10.1007\/978-3-319-15618-7_13"},{"key":"17_CR49","series-title":"IFIP Advances in Information and Communication Technology","doi-asserted-by":"publisher","first-page":"215","DOI":"10.1007\/978-3-642-33332-3_20","volume-title":"ICT Critical Infrastructures and Society","author":"M Grobler","year":"2012","unstructured":"Grobler, M., Vuuren, J.J., Leenen, L.: Implementation of a cyber security policy in South Africa: reflection on progress and the way forward. In: Hercheui, M.D., Whitehouse, D., McIver, W., Phahlamohlaka, J. (eds.) HCC 2012. IAICT, vol. 386, pp. 215\u2013225. Springer, Heidelberg (2012). doi: 10.1007\/978-3-642-33332-3_20"},{"key":"17_CR50","doi-asserted-by":"crossref","unstructured":"Zhu, H., Huo, Q.: Developing a software testing ontology in UML for a software growth environment of web-based applications. In: Software Evolution with UML, pp. 1\u201334 (2005)","DOI":"10.4018\/978-1-59140-462-0.ch009"},{"key":"17_CR51","unstructured":"Jutla, D., Xu, L.: Privacy agents and ontology for the semantic web. In: Americas Conference on Information Systems, pp. 1760\u20131767 (2004)"},{"key":"17_CR52","doi-asserted-by":"crossref","unstructured":"Khairkar, A.D., Kshirsagar, D.D., Kumar, S.: Ontology for detection of web attacks. In: Proceedings of the 2013 International Conference on Communication Systems and Network Technologies, CSNT 2013, pp. 612\u2013615 (2013)","DOI":"10.1109\/CSNT.2013.131"},{"key":"17_CR53","first-page":"79","volume":"13","author":"F-H Liu","year":"2010","unstructured":"Liu, F.-H., Lee, W.-T.: Constructing Enterprise Information Network Security Risk Management Mechanism by Ontology. J. Appl. Sci. Eng. 13, 79\u201387 (2010)","journal-title":"J. Appl. Sci. Eng."},{"key":"17_CR54","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"175","DOI":"10.1007\/11537878_18","volume-title":"Trust, Privacy, and Security in Digital Business","author":"L Viljanen","year":"2005","unstructured":"Viljanen, L.: Towards an ontology of trust. In: Katsikas, S., L\u00f3pez, J., Pernul, G. (eds.) TrustBus 2005. LNCS, vol. 3592, pp. 175\u2013184. Springer, Heidelberg (2005). doi: 10.1007\/11537878_18"},{"key":"17_CR55","unstructured":"British Standards Institution (BSI): BSI Standard 100-2 IT-Grundschutz Methodology Version 2.0 (2008)"},{"key":"17_CR56","unstructured":"Bowen, P., Hash, J., Wilson, M.: NIST - Information Security Handbook: A Guide for Managers (2006). http:\/\/csrc.nist.gov\/publications\/nistpubs\/800-100\/SP800-100-Mar07-2007.pdf"},{"key":"17_CR57","series-title":"Lecture Notes in Business Information Processing","doi-asserted-by":"publisher","first-page":"49","DOI":"10.1007\/978-3-642-01190-0_5","volume-title":"Business Information Systems","author":"S Fenz","year":"2009","unstructured":"Fenz, S., Pruckner, T., Manutscheri, A.: Ontological mapping of information security best-practice guidelines. In: Abramowicz, W. (ed.) BIS 2009. LNBIP, vol. 21, pp. 49\u201360. Springer, Heidelberg (2009). doi: 10.1007\/978-3-642-01190-0_5"},{"key":"17_CR58","unstructured":"ISO\/IEC: ISO\/IEC 27001:2013 Information technology \u2013 Security techniques \u2013 Information security management systems \u2013 Requirements (2013)"},{"key":"17_CR59","unstructured":"PCI Security Standards Council: Payment Card Industry Data Security Standard (PCI DSS). https:\/\/www.pcisecuritystandards.org\/"},{"key":"17_CR60","unstructured":"ISSA-UK: ISSA 5173 \u2013 The Security Standard for SMES. https:\/\/www.2-sec.com\/2011\/03\/22\/issa-5173-the-security-standard-for-smes\/"},{"key":"17_CR61","unstructured":"NIST - US National Institute of Standards and Technology: NISTIR 7621 - Small Business Information Security: The Fundamentals. http:\/\/www.nist.gov"},{"key":"17_CR62","unstructured":"U.S. Department of Health & Human Services: Health Insurance Portability and Accountability Act (HIPAA). http:\/\/www.hhs.gov\/ocr\/privacy\/"},{"key":"17_CR63","unstructured":"Addison-Hewitt Associates: A Guide to the Sarbanes-Oxley Act (SOX). http:\/\/www.soxlaw.com\/"},{"key":"17_CR64","doi-asserted-by":"crossref","first-page":"372","DOI":"10.1016\/j.csi.2010.12.002","volume":"33","author":"C Blanco","year":"2011","unstructured":"Blanco, C., Lasheras, J., Fern\u00e1ndez-Medina, E., Valencia-Garc\u00eda, R., Toval, A.: Basis for an integrated security ontology according to a systematic review of existing proposals. Comput. Stand. Interfaces. 33, 372\u2013388 (2011)","journal-title":"Comput. Stand. Interfaces."},{"key":"17_CR65","series-title":"Lecture Notes in Business Information Processing","doi-asserted-by":"publisher","first-page":"61","DOI":"10.1007\/978-3-642-31069-0_5","volume-title":"Advanced Information Systems Engineering Workshops","author":"A Souag","year":"2012","unstructured":"Souag, A., Salinesi, C., Comyn-Wattiau, I.: Ontologies for security requirements: a literature survey and classification. In: Bajec, M., Eder, J. (eds.) CAiSE 2012. LNBIP, vol. 112, pp. 61\u201369. Springer, Heidelberg (2012). doi: 10.1007\/978-3-642-31069-0_5"},{"key":"17_CR66","doi-asserted-by":"crossref","first-page":"110","DOI":"10.1145\/1039539.1039573","volume":"48","author":"SJ Barnes","year":"2005","unstructured":"Barnes, S.J.: Assessing the value of IS journals. Commun. ACM 48, 110\u2013112 (2005)","journal-title":"Commun. ACM"},{"key":"17_CR67","doi-asserted-by":"crossref","first-page":"91","DOI":"10.1145\/1042091.1042096","volume":"48","author":"RK Rainer","year":"2005","unstructured":"Rainer, R.K., Miller, M.D.: Examining differences across journal rankings. Commun. ACM 48, 91\u201394 (2005)","journal-title":"Commun. ACM"}],"container-title":["Advances in Intelligent Systems and Computing","Recent Advances in Information Systems and Technologies"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-56535-4_17","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T18:05:48Z","timestamp":1750183548000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-56535-4_17"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017]]},"ISBN":["9783319565347","9783319565354"],"references-count":67,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-56535-4_17","relation":{},"ISSN":["2194-5357","2194-5365"],"issn-type":[{"value":"2194-5357","type":"print"},{"value":"2194-5365","type":"electronic"}],"subject":[],"published":{"date-parts":[[2017]]}}}