Pragmatic Ontology for Information Security Management

Apr 29, 2021

Collective construction of a pragmatic information security ontology.

Goals

Minimal (Only necessary concepts)
Manager-oriented (gaps-aware)
Customizable by local individuals (Fosterable)
Referencing basics concepts (Understable)
Open (Free access)
Shared (Commentable and revisable)

Please reference as:

Cares, C; Diéguez, M; López-Fenner, J. PrISMO: A Pragmatic Information Security 
Management Ontology
In Serene-risc Annual Workshop 2021, Cánada, 21-22 May 2021.

<?xml version="1.0"?> <rdf:RDF xmlns:owl ="http://www.w3.org/2002/07/owl#" xmlns:rdf ="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:rdfs="http://www.w3.org/2000/01/rdf-schema#" xmlns:xsd ="http://www.w3.org/2001/XMLSchema#" >  <owl:Ontology rdf:about=""> <rdfs:comment>An example OWL ontology</rdfs:comment>  <rdfs:label>University Ontology</rdfs:label> </owl:Ontology> <owl:Class rdf:ID="Information-Security-Standard"/> <owl:Class rdf:ID="Asset"/> <owl:Class rdf:ID="Information-Asset"> <rdfs:subClassOf rdf:resource="#Asset" /> </owl:Class> <owl:Class rdf:ID="Agent"/> <owl:Class rdf:ID="Organizational-Unit"> <rdfs:subClassOf rdf:resource="#Agent" /> </owl:Class>  <owl:Class rdf:ID="Attacker"> <rdfs:subClassOf rdf:resource="#Agent" /> </owl:Class>  <owl:Class rdf:ID="Risky-Agent"> <rdfs:subClassOf rdf:resource="#Agent" /> </owl:Class> <owl:Class rdf:ID="Risk"/> <owl:Class rdf:ID="Information-Asset-Risk"> <rdfs:subClassOf rdf:resource="#Risk" /> </owl:Class> <owl:Class rdf:ID="Safeguard"/> <owl:Class rdf:ID="Control"> <rdfs:subClassOf rdf:resource="#Safeguard" /> </owl:Class>  <owl:Class rdf:ID="Non-functional-Requirement"/> <owl:Class rdf:ID="Security-Requirement"> <rdfs:subClassOf rdf:resource="#Non-functional-Requirement"/> </owl:Class>  <owl:Class rdf:ID="Confindentiality"> <rdfs:subClassOf rdf:resource="#Security-Requirement"/> </owl:Class> <owl:Class rdf:ID="Availability"> <rdfs:subClassOf rdf:resource="#Security-Requirement"/> </owl:Class> <owl:Class rdf:ID="Integrity"> <rdfs:subClassOf rdf:resource="#Security-Requirement"/> </owl:Class> <owl:Class rdf:ID="Information-Security-Objective"/> <owl:Class rdf:ID="Information-Security-Domain" /> <owl:Class rdf:ID="Threat"/> <owl:Class rdf:ID="Vulnerability"/>  <owl:ObjectProperty rdf:ID="hasSubcontrol"> <rdfs:domain rdf:resource="#Control"/> <rdfs:range rdf:resource="#Control"/> </owl:ObjectProperty>   <owl:ObjectProperty rdf:ID="parentControl"> <owl:inverseOf rdf:resource="#hasSubcontrol" /> <rdfs:domain rdf:resource="#Control"/> <rdfs:range rdf:resource="#Control"/> </owl:ObjectProperty> <owl:ObjectProperty rdf:ID="itsControls"> <rdfs:domain rdf:resource="#Information-Security-Domain"/> <rdfs:range rdf:resource="#Control"/> </owl:ObjectProperty> <owl:ObjectProperty rdf:ID="requires"> <rdfs:domain rdf:resource="#Information-Asset"/> <rdfs:range rdf:resource="#Security-Requirement"/> </owl:ObjectProperty>   <owl:Class rdf:about="#Information-Security-Domain" > <rdfs:subClassOf> <owl:Restriction> <owl:onProperty rdf:resource="#itsControls"/> <owl:minCardinality rdf:datatype="xsd:NonNegativeInteger">2</owl:minCardinality> </owl:Restriction> </rdfs:subClassOf> </owl:Class> <owl:Class rdf:about="#Information-Asset" > <rdfs:subClassOf> <owl:Restriction> <owl:onProperty rdf:resource="#requires"/> <owl:minCardinality rdf:datatype="xsd:NonNegativeInteger">1</owl:minCardinality> </owl:Restriction> </rdfs:subClassOf> </owl:Class>  <owl:ObjectProperty rdf:ID="itsMainControl"> <rdfs:domain rdf:resource="#Information-Security-Standard"/> <rdfs:range rdf:resource="#Control"/> </owl:ObjectProperty> <owl:ObjectProperty rdf:ID="mitigates"> <rdfs:domain rdf:resource="#Control"/> <rdfs:range rdf:resource="#Risk"/> </owl:ObjectProperty>   <owl:ObjectProperty rdf:ID="requires"> <rdfs:domain rdf:resource="#Control"/> <rdfs:range rdf:resource="#Control"/> </owl:ObjectProperty>  <owl:ObjectProperty rdf:ID="enables"> <rdfs:domain rdf:resource="#Risky-Agent"/> <rdfs:range rdf:resource="#Threat"/> </owl:ObjectProperty> <owl:ObjectProperty rdf:ID="causes"> <rdfs:domain rdf:resource="#Information-Asset-Risk"/> <rdfs:range rdf:resource="#Threat"/> </owl:ObjectProperty>  <owl:ObjectProperty rdf:ID="allows"> <rdfs:domain rdf:resource="#Vulnerability"/> <rdfs:range rdf:resource="#Threat"/> </owl:ObjectProperty>  <owl:ObjectProperty rdf:ID="protects"> <rdfs:domain rdf:resource="#Safeguard"/> <rdfs:range rdf:resource="#Information-Asset"/> </owl:ObjectProperty> <owl:ObjectProperty rdf:ID="affects"> <rdfs:domain rdf:resource="#Vulnerability"/> <rdfs:range rdf:resource="#Information-Asset"/> </owl:ObjectProperty>   <owl:Thing rdf:ID="Patients_Names"/> <owl:Thing rdf:ID="Confidential_to_doctors" /> <owl:Thing rdf:about="#Confidential_to_doctors" > <rdf:type rdf:resource="#Confindentiality"/> </owl:Thing> <owl:Thing rdf:about="#Patients_Names" > <rdf:type rdf:resource="#Information-Asset"/> <requires rdf:resource="#Confidential_to_doctors" /> </owl:Thing> <owl:Thing rdf:ID="Providers_Names" /> <owl:Thing rdf:about="#Providers_Names" > <rdf:type rdf:resource="#Information-Asset"/> </owl:Thing> <owl:Thing rdf:ID="Metal_detector_input_barrier" /> <owl:Thing rdf:about="#Metal_detector_input_barrier" > <rdf:type rdf:resource="#Control"/> </owl:Thing> </rdf:RDF>

Buscar

Pragmatic Ontology for Information Security Management

Collective construction of a pragmatic information security ontology.

Añadir nuevo comentario

HTML Restringido

Categorías

Publicaciones Recientes

Tags

Información de Contacto

Enlaces

Ufro