{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2022,5,6]],"date-time":"2022-05-06T21:40:40Z","timestamp":1651873240664},"reference-count":63,"publisher":"IGI Global","issue":"1","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020,1,1]]},"abstract":"<p>This research work presents existing security ontologies and identifies relevant security ontology requirements in information systems. Moreover, it proposes a new classification of security ontologies in which, two main families, namely ontologies-based security standards and ontologies-based security risk assessment, are defined. For each family, a set of related research works is selected and a thorough description of their security ontologies is presented. The purpose of this analysis is to identify security ontology requirements as well as ontological characteristics for each study in order to help a security decision maker to select an ontology based off of their security risks and requirements as well as their needed security models and standards. By selecting the appropriate ontology, security stakeholders support security compliance and risk assessment in an enterprise.<\/p>","DOI":"10.4018\/ijsssp.2020010101","type":"journal-article","created":{"date-parts":[[2020,2,21]],"date-time":"2020-02-21T15:47:02Z","timestamp":1582300022000},"page":"1-16","source":"Crossref","is-referenced-by-count":0,"title":["Analysing Information Security Risk Ontologies"],"prefix":"10.4018","volume":"11","author":[{"given":"Ines","family":"Meriah","sequence":"first","affiliation":[{"name":"Universit\u00e9 de Tunis, Institut Sup\u00e9rieur de Gestion, SMART Lab, Le Bardo, Tunisia"}]},{"given":"Latifa Ben Arfa","family":"Rabai","sequence":"additional","affiliation":[{"name":"SMART Lab, Universit\u00e9 de Tunis, Institut Sup\u00e9rieur de Gestion, Tunis, Tunisie & College of Business, University of Buraimi, Al Buraimi, Oman"}]}],"member":"2432","reference":[{"key":"IJSSSP.2020010101-0","doi-asserted-by":"publisher","DOI":"10.1109\/CICYBS.2009.4925092"},{"key":"IJSSSP.2020010101-1","author":"V.Agrawal","year":"2016","journal-title":"Towards the Ontology of ISO\/IEC 27005: 2011 Risk Management Standard"},{"key":"IJSSSP.2020010101-2","doi-asserted-by":"publisher","DOI":"10.1109\/ARES.2007.152"},{"key":"IJSSSP.2020010101-3","unstructured":"Al-Hassan, M. N. M. (2014). A Semantic Ontology based Concept for Measuring Security Compliance of Cloud Service Providers."},{"key":"IJSSSP.2020010101-4","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2004.2"},{"key":"IJSSSP.2020010101-5","unstructured":"Bermejo, J. (2007). A simplified guide to create an ontology. Madrid University."},{"key":"IJSSSP.2020010101-6","doi-asserted-by":"publisher","DOI":"10.1016\/j.csi.2010.12.002"},{"key":"IJSSSP.2020010101-7","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-68947-8_15"},{"key":"IJSSSP.2020010101-8","unstructured":"BSI. (2004) IT-Grundschutz-Manual."},{"key":"IJSSSP.2020010101-9","unstructured":"Cachin, C., Camenisch, J., Deswarte, Y., Dobson, J., Horne, D., Kursawe, K., ... & Muller, J. (2000). MAFTIA: Reference model and use cases."},{"key":"IJSSSP.2020010101-10","doi-asserted-by":"publisher","DOI":"10.1007\/BF00988593"},{"key":"IJSSSP.2020010101-11","doi-asserted-by":"publisher","DOI":"10.1145\/1980822.1980834"},{"key":"IJSSSP.2020010101-12","unstructured":"DCSSI. (2004). EBIOS - Section 2 - Approach. (2004)."},{"key":"IJSSSP.2020010101-13","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-77028-4_12"},{"key":"IJSSSP.2020010101-14","doi-asserted-by":"crossref","unstructured":"Ekelhart, A., Fenz, S., Klemen, M., & Weippl, E. (2007, January). Security ontologies: Improving quantitative risk analysis. In Proceedings of the2007 40th Annual Hawaii International Conference on System Sciences (HICSS'07). IEEE.","DOI":"10.1109\/HICSS.2007.478"},{"key":"IJSSSP.2020010101-15","doi-asserted-by":"publisher","DOI":"10.1145\/1774088.1774478"},{"key":"IJSSSP.2020010101-16","doi-asserted-by":"publisher","DOI":"10.1145\/1533057.1533084"},{"key":"IJSSSP.2020010101-17","doi-asserted-by":"publisher","DOI":"10.1109\/PRDC.2007.29"},{"key":"IJSSSP.2020010101-18","doi-asserted-by":"publisher","DOI":"10.1145\/1558607.1558686"},{"key":"IJSSSP.2020010101-19","doi-asserted-by":"publisher","DOI":"10.1108\/ICS-02-2018-0020"},{"key":"IJSSSP.2020010101-20","doi-asserted-by":"publisher","DOI":"10.1108\/ICS-07-2015-0030"},{"key":"IJSSSP.2020010101-21","unstructured":"Fenz, S., & Tjoa, A. M. (2008). Ontology-and Bayesian-based threat probability determination."},{"key":"IJSSSP.2020010101-22","unstructured":"Fern\u00e1ndez-L\u00f3pez, M., G\u00f3mez-P\u00e9rez, A., & Juristo, N. (1997). Methontology: from ontological art towards ontological engineering."},{"key":"IJSSSP.2020010101-23","doi-asserted-by":"publisher","DOI":"10.3233\/JCS-2011-0421"},{"key":"IJSSSP.2020010101-24","doi-asserted-by":"publisher","DOI":"10.1007\/s12204-013-1439-5"},{"key":"IJSSSP.2020010101-25","unstructured":"Gartner. (2018). Gartner Forecasts World Wide Information Security Spending Spending to Exced $124 Billion in 2019."},{"key":"IJSSSP.2020010101-26","doi-asserted-by":"crossref","unstructured":"Garzia, F., & Lombardi, M. (2018). The role of BIM for safety and security management. Building Information Systems in the Construction Industry, 51.","DOI":"10.2495\/SDP-V13-N1-49-61"},{"key":"IJSSSP.2020010101-27","doi-asserted-by":"publisher","DOI":"10.1006\/ijhc.1995.1081"},{"key":"IJSSSP.2020010101-28","article-title":"Formal ontology in information systems","author":"N.Guarino","year":"1998","journal-title":"Proceedings of the first international conference (FOIS\u201998)"},{"key":"IJSSSP.2020010101-29","doi-asserted-by":"publisher","DOI":"10.4018\/jisp.2007100101"},{"key":"IJSSSP.2020010101-30","doi-asserted-by":"publisher","DOI":"10.3233\/JCS-130475"},{"key":"IJSSSP.2020010101-31","doi-asserted-by":"crossref","unstructured":"Humphreys, E. (2008). Information security management standards: Compliance, governance and risk management. Information security technical report, 13(4), 247-255.","DOI":"10.1016\/j.istr.2008.10.010"},{"key":"IJSSSP.2020010101-32","unstructured":"ISO\/IEC 27001. (2005). Information Technology, Security Techniques, Information Security Management Systems, Requirements. ISO copyright office. Retrieved from http:\/\/www.iso.org\/iso\/catalogue_detail?csnumber=42103"},{"key":"IJSSSP.2020010101-33","unstructured":"ISO\/IEC 27002. (2013). Information technology \u2013 security techniques \u2013 code of practice for information security controls. ISO copyright office."},{"key":"IJSSSP.2020010101-34","unstructured":"ISO\/IEC 27005. (2018). Information Technology \u2013 Security Techniques \u2013 Information Security Risk Management. ISO copyright office."},{"key":"IJSSSP.2020010101-35","unstructured":"ISO\/IEC_JTC1. (2005). ISO\/IEC FDIS 27001 Information Technology - Security Techniques -Information Security Management Systems - Requirements. ISO copyright office."},{"key":"IJSSSP.2020010101-36","first-page":"361","article-title":"Software Requirements for an Ultra Large Scale System to Compute Multi Dimension Mean Failure Cost.","author":"M.Jouini","year":"2018","journal-title":"Proceedings of the International Conference on Parallel and Distributed Computing: Applications and Technologies"},{"key":"IJSSSP.2020010101-37","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2004.07.004"},{"key":"IJSSSP.2020010101-38","unstructured":"Kessel, P. (2019). EY Global Information Security Survey 2018\u201319."},{"key":"IJSSSP.2020010101-39","unstructured":"Lin, D. (1998). An information-theoretic definition of similarity. Icml, 98, 296-304."},{"key":"IJSSSP.2020010101-40","doi-asserted-by":"publisher","DOI":"10.1145\/3292448.3292456"},{"key":"IJSSSP.2020010101-41","doi-asserted-by":"publisher","DOI":"10.1016\/j.procs.2019.09.447"},{"key":"IJSSSP.2020010101-42","doi-asserted-by":"crossref","unstructured":"Milicevic, D., & Goeken, M. (2010). Ontology-based evaluation of ISO 27001. In Proceedings of theConference on e-Business, e-Services and e-Society (pp. 93-102). Springer.","DOI":"10.1007\/978-3-642-16283-1_13"},{"key":"IJSSSP.2020010101-43","unstructured":"Myagmar, S., Lee, A. J., & Yurcik, W. (2005). Threat modeling as a basis for security requirements. In Symposium on requirements engineering for information security (SREIS) (pp. 1-8). Academic Press."},{"key":"IJSSSP.2020010101-44","unstructured":"NIST. (1995). An Introduction to Computer Security - The NIST Handbook. Academic Press."},{"key":"IJSSSP.2020010101-45","unstructured":"Noy, N. F., & McGuinness, D. L. (2001). Ontology development 101: A guide to creating your first ontology."},{"key":"IJSSSP.2020010101-46","doi-asserted-by":"publisher","DOI":"10.1145\/1626195.1626209"},{"key":"IJSSSP.2020010101-47","unstructured":"Pereira, T., & Santos, H. (2012). An Ontological Approach to Information Security Management. In Proceedings of the7th International Conference on Information Warfare and Security (pp. 368-375). Academic Press."},{"key":"IJSSSP.2020010101-48","doi-asserted-by":"publisher","DOI":"10.15837\/ijccc.2013.6.764"},{"key":"IJSSSP.2020010101-49","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2015.11.001"},{"issue":"6","key":"IJSSSP.2020010101-50","first-page":"150","article-title":"Revisiting security ontologies.","volume":"11","author":"V.Singh","year":"2014","journal-title":"International Journal of Computer Science Issues"},{"key":"IJSSSP.2020010101-51","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-03359-0_4"},{"key":"IJSSSP.2020010101-52","doi-asserted-by":"publisher","DOI":"10.1145\/1852666.1852731"},{"key":"IJSSSP.2020010101-53","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2015.08.004"},{"key":"IJSSSP.2020010101-54","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-15618-7_13"},{"key":"IJSSSP.2020010101-55","doi-asserted-by":"crossref","unstructured":"Stoneburner, G., Goguen, A. Y., & Feringa, A. (2002). Sp 800-30. risk management guide for information technology systems.","DOI":"10.6028\/NIST.SP.800-30"},{"key":"IJSSSP.2020010101-56","doi-asserted-by":"publisher","DOI":"10.2307\/249551"},{"key":"IJSSSP.2020010101-57","doi-asserted-by":"publisher","DOI":"10.1109\/DRCN.2009.5340029"},{"key":"IJSSSP.2020010101-58","doi-asserted-by":"publisher","DOI":"10.1109\/AINA.2006.329"},{"key":"IJSSSP.2020010101-59","doi-asserted-by":"publisher","DOI":"10.1017\/S0269888900007797"},{"key":"IJSSSP.2020010101-60","doi-asserted-by":"publisher","DOI":"10.1080\/01966324.1982.10737086"},{"key":"IJSSSP.2020010101-61","doi-asserted-by":"publisher","DOI":"10.1016\/j.compeleceng.2017.02.001"},{"key":"IJSSSP.2020010101-62","doi-asserted-by":"publisher","DOI":"10.1109\/21.259681"}],"container-title":["International Journal of Systems and Software Security and Protection"],"original-title":[],"language":"ng","link":[{"URL":"https:\/\/www.igi-global.com\/viewtitle.aspx?TitleId=249762","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,5,6]],"date-time":"2022-05-06T21:16:48Z","timestamp":1651871808000},"score":1,"resource":{"primary":{"URL":"https:\/\/services.igi-global.com\/resolvedoi\/resolve.aspx?doi=10.4018\/IJSSSP.2020010101"}},"subtitle":[""],"short-title":[],"issued":{"date-parts":[[2020,1,1]]},"references-count":63,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2020,1]]}},"URL":"https:\/\/doi.org\/10.4018\/ijsssp.2020010101","relation":{},"ISSN":["2640-4265","2640-4273"],"issn-type":[{"value":"2640-4265","type":"print"},{"value":"2640-4273","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020,1,1]]}}}