OnToRisk – a Formal Ontology Approach to Automate Cyber Security Risk Identification
International Symposium on Service Oriented Software Engineering(2022)
Abstract
The everchanging cyber risks landscape poses a significant threat to organisations and requires them to continuously manage their risks. Risk identification is the driving force of risk management, and it is typically performed manually, integrating expert knowledge and information from various systems. This hinders the ability to systematically identify new risks as they emerge. This paper introduces a new approach – OnToRisk – to automate aspects of the cyber security risk identification. The approach uses a formal ontology to integrate information from multiple constituent systems and organisational definitions, and then reason about the current organisational situation with respect to formally defined cyber risks. We describe an implementation of the approach to identify cyber vulnerability induced risks, as they become an emergent property of the organisation.
MoreTranslated text
Key words
cyber security,risk identification,formal ontology
AI Read Science
Must-Reading Tree
Example
Generate MRT to find the research sequence of this paper
Chat Paper
Summary is being generated by the instructions you defined