{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,10]],"date-time":"2026-02-10T18:55:13Z","timestamp":1770749713577,"version":"3.50.0"},"reference-count":25,"publisher":"Emerald","issue":"5","license":[{"start":{"date-parts":[[2016,11,14]],"date-time":"2016-11-14T00:00:00Z","timestamp":1479081600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["ICS"],"published-print":{"date-parts":[[2016,11,14]]},"abstract":"<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Purpose<\/jats:title>\n<jats:p>The purpose of this paper is to increase the degree of automation within information security compliance projects by introducing a formal representation of the ISO 27002 standard. As information is becoming more valuable and the current businesses face frequent attacks on their infrastructure, enterprises need support at protecting their information-based assets.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Design\/methodology\/approach<\/jats:title>\n<jats:p>Information security standards and guidelines provide baseline knowledge for protecting corporate assets. However, the efforts to check whether the implemented measures of an organization adhere to the proposed standards and guidelines are still significantly high.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Findings<\/jats:title>\n<jats:p>This paper shows how the process of compliance checking can be supported by using machine-readable ISO 27002 control descriptions in combination with a formal representation of the organization\u2019s assets.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Originality\/value<\/jats:title>\n<jats:p>The authors created a formal representation of the ISO 27002 standard and showed how a security ontology can be used to increase the efficiency of the compliance checking process.<\/jats:p>\n<\/jats:sec>","DOI":"10.1108\/ics-07-2015-0030","type":"journal-article","created":{"date-parts":[[2016,11,18]],"date-time":"2016-11-18T13:13:52Z","timestamp":1479474832000},"page":"452-473","source":"Crossref","is-referenced-by-count":20,"title":["Mapping information security standard ISO 27002 to an ontological structure"],"prefix":"10.1108","volume":"24","author":[{"given":"Stefan","family":"Fenz","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Stefanie","family":"Plieschnegger","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Heidi","family":"Hobel","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"140","reference":[{"key":"key2020121121250083200_ref009","doi-asserted-by":"crossref","first-page":"11","DOI":"10.1109\/TDSC.2004.2","article-title":"Basic concepts and taxonomy of dependable and secure computing","volume":"1","year":"2004","journal-title":"IEEE Transactions on Dependable and Secure Computing"},{"key":"key2020121121250083200_ref021","volume-title":"IT-Grundschutz-Manual","author":"BSI","year":"2004"},{"key":"key2020121121250083200_ref020","volume-title":"Expression des Besoins et Identification des Objectifs de Scurit (EBIOS)","author":"DCSSI","year":"2004"},{"key":"key2020121121250083200_ref011","first-page":"335","article-title":"Security for DAML web services: annotation and matchmaking","year":"2003"},{"key":"key2020121121250083200_ref015","article-title":"Ontological mapping of common criteria\u2019s security assurance require-ments","year":"2007"},{"key":"key2020121121250083200_ref022","first-page":"49","article-title":"Ontology-based generation of it-security metrics","year":"2010"},{"key":"key2020121121250083200_ref004","article-title":"Formalizing information security knowledge","year":"2009"},{"key":"key2020121121250083200_ref019","first-page":"381","article-title":"Information security fortification by ontological mapping of the ISO\/IEC 27001 standard","year":"2007"},{"key":"key2020121121250083200_ref005","first-page":"49","article-title":"Ontological mapping of information security best-practice guidelines","year":"2009"},{"key":"key2020121121250083200_ref025","unstructured":"Gruber, T. (2008), Ontology (Computer Science) \u2013 definition in Encyclopedia of Database Systems, available at: http:\/\/tomgruber.org\/writing\/ontology-definition-2007.htm"},{"key":"key2020121121250083200_ref014","doi-asserted-by":"crossref","first-page":"1","DOI":"10.4018\/jisp.2007100101","article-title":"An ontology of information security","volume":"1","year":"2007","journal-title":"International Journal of Information Security and Privacy"},{"key":"key2020121121250083200_ref024","volume-title":"Information Technology \u2013 Security Techniques Information Security Management Systems \u2013 Requirements","author":"ISO\/IEC, International Standard ISO\/IEC 27001","year":"2001"},{"key":"key2020121121250083200_ref003","volume-title":"Information Technology \u2013 Security Techniques \u2013 Code of Practice for Information Security Management","author":"ISO\/IEC, International Standard ISO\/IEC 27002","year":"2013"},{"key":"key2020121121250083200_ref013","doi-asserted-by":"publisher","first-page":"1033","DOI":"10.1109\/ARES.2006.28","article-title":"An ontology for secure e-government applications","year":"2006"},{"key":"key2020121121250083200_ref010","first-page":"1483","article-title":"Security ontology for annotating resources","volume":"2","year":"2005","journal-title":"OTM Conferences"},{"key":"key2020121121250083200_ref012","unstructured":"Martimiano, L.A.F. and dos Santos Moreira, E. (2005), \u201cAn OWL-based security incident ontology\u201d, available at: protege.stanford.edu\/conference\/2005\/submissions\/posters\/poster-martimiano.pdf"},{"key":"key2020121121250083200_ref023","unstructured":"Prot\u00e9g\u00e9 Project (2013), \u201cProt\u00e9g\u00e9\u201d, available at: http:\/\/protege.stanford.edu\/ (accessed 23 November 2013)."},{"key":"key2020121121250083200_ref007","doi-asserted-by":"publisher","first-page":"53","DOI":"10.1145\/508171.508180","article-title":"Ontology in information security: a useful theoretical foundation and methodological tool","year":"2001"},{"key":"key2020121121250083200_ref008","volume-title":"Security Engineering with Patterns \u2013 Origins, Theoretical Model, and New Applications","year":"2003"},{"issue":"2","key":"key2020121121250083200_ref006","first-page":"251","article-title":"Reusable knowledge in security requirements engineering: a systematic mapping study","volume":"21","year":"2015","journal-title":"Requirements Engineering Journal"},{"key":"key2020121121250083200_ref001","unstructured":"Symantec Corporation, State of Information Global Results (2012), available at: www.symantec.com\/content\/de\/de\/about\/downloads\/press\/pr-sym-2012-state-of-information-report-global.pdf (accessed 23 November 2013)."},{"key":"key2020121121250083200_ref002","unstructured":"Symantec Corporation, Internet Security Threat Report (2013), available at: www.symantec.com\/content\/de\/de\/about\/downloads\/press\/pr-sym-2012-state-of-information-report-global.pdf (accessed 23 November 2013)."},{"key":"key2020121121250083200_ref016","unstructured":"W3C, RDF Resource Description Framework (2004a), available at: www3.org\/RDF\/ (accessed 23 November 2013)."},{"key":"key2020121121250083200_ref017","unstructured":"W3C, OWL web ontology language (2004b), available at: www.w3.org\/TR\/owl-features\/ (accessed 23 November 2013)."},{"key":"key2020121121250083200_ref018","unstructured":"W3C (2007), SPARQL Query Language for RDF, available at: www.w3.org\/TR\/rdf-sparql-query\/ (accessed 23 November 2013)."}],"container-title":["Information &amp; Computer Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/www.emeraldinsight.com\/doi\/full-xml\/10.1108\/ICS-07-2015-0030","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-07-2015-0030\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-07-2015-0030\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,25]],"date-time":"2025-07-25T01:23:01Z","timestamp":1753406581000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/ics\/article\/24\/5\/452-473\/112991"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016,11,14]]},"references-count":25,"journal-issue":{"issue":"5","published-print":{"date-parts":[[2016,11,14]]}},"alternative-id":["10.1108\/ICS-07-2015-0030"],"URL":"https:\/\/doi.org\/10.1108\/ics-07-2015-0030","relation":{},"ISSN":["2056-4961"],"issn-type":[{"value":"2056-4961","type":"print"}],"subject":[],"published":{"date-parts":[[2016,11,14]]}}}