Ontological structure application for analysis and development of CISS
DOI:
https://doi.org/10.18372/2410-7840.19.11681Keywords:
ontological structure, risk assessment, information leakage scenarios, information security culture, ontograph, information threat, information security culture levelAbstract
The article proposes ontological structure variant for analysis of CISS, which focuses on the most common information security leaks scenarios and information security culture. The analysis of CISS is based on many factors (attack scenarios on the system, etc.), many of which also depend not only on hardware elements. Common errors and misunderstanding of the security incidents definition and how to react also play an important role. So, for basic security system assessment evaluation, structure, that has determined factors and scenarios of CISS analysis for further use will greatly simplify understanding and automating processes of these evaluations. Proposed ontological structure can be used to determine average risk of information leakage scenarios and to determine information security culture level to specify overall formal security assessment of organization and, as such, to automate the process of determining this assessment.
References
T. Gruber, "A translation approach to portable ontologies", Knowledge Acquisition, №5(2), С. 199-220, 1993.
А. Никоненко, "Обзор баз знаний онтологического типа", Штучний інтелект, № 4, С. 208-219, 2009.
А. Палагин, Н. Петренко, К. Малахов, "Методика проектирования онтологии предметной области", УСиМ, c. 14, 2009.
О. Архипов, "Щодо методики iдентифiкацiї та оцінювання активiв системи iнформацiйних технологiй", Захист iнформацiї, №1(50), С. 42–47, 2011.
Data Breach Investigation Report, Verizon Enterprise Solutions, [Електронний ресурс]. Режим доступу: http://www.verizonenterprise.com/resources/reports/ rp_DBIR_2016_Report_en_xg.pdf [Дата доступу: травень 2017].
Data Breach Investigation Report, Verizon Enterprise Solutions, [Електронний ресурс]. Режим до-ступу: https://iapp.org/media/pdf/resource_center/Verizon_data-breach-investigation-report-2015.pdf [Дата доступу: травень 2017].
Data Breach Investigation Report, Verizon Enterprise Solutions, [Електронний ресурс]. Режим до-ступу: http://www.verizonenterprise.com/resources/ reports/rp_Verizon-DBIR-2014_en_xg.pdf [Дата дос-тупу: травень 2017].
А. Потий, Д. Пилипенко, И. Ребрий, "Пред-посылки к формированию культуры информа-ционной безопасности и метод комплексного оценивания ее уровня", Радіоелектронні і комп’ютерні системи, №5(57), С. 72-77, 2012.
Д. Майерс, Социальная психология. СПб.: Питер, 2002.
J. VanNiekerk, "Fostering Information Security Culture through Integrating Theoryand Technology", PhD thesis, Nelson Mandela Metropolitan University, 2010.
Downloads
Published
How to Cite
Issue
Section
License
The scientific journal adheres to the principles of Open Access and provides free, immediate, and permanent access to all published materials without financial, technical, or legal barriers for readers.
All articles are published in Open Access under the Creative Commons Attribution 4.0 International (CC BY 4.0) license.
Copyright
Authors who publish their works in the journal:
-
retain the copyright to their publications;
-
grant the journal the right of first publication of the article;
-
agree to the distribution of their materials under the CC BY 4.0 license;
-
have the right to reuse, archive, and distribute their works (including in institutional and subject repositories), provided that proper reference is made to the original publication in the journal.
