A Semantic Ontology based Concept for Measuring Security Compliance of Cloud Service Providers (original) (raw)
Related papers
Towards an Ontology of Data Breaches Threat for Cloud Computing
IJARCCE, 2016
Cloud computing is Internet-based computing, whereby shared resources, software and information, are provided with computers and devices on-demand. It also makes security problems more complicate and more important than before. The data breaches threat for Cloud Computing is ranking No.1 and high risk level. This research proposed to build ontology of data breaches threat for Cloud Computing based on the concepts. This paper also shows how discover the aspects items which are related with our domain "Data Breaches Threat". We collected huge data and extracted it into "concepts" using KAON tool.
Security and Compliance Ontology for Cloud Service Agreements
Open J. Cloud Comput., 2017
Cloud computing is a business paradigm where two important roles must be defined: provider and consumer. Providers offer services (e.g. web application, web services, and databases) and consumers pay for using them. The goal of this research is to focus on security and compliance aspects of cloud service. An ontology is introduced, which is the conceptualization of cloud domain, for analyzing different compliance aspects of cloud agreements. The terms, properties and relations are shown in a diagram. The proposed ontology can help service consumers to extract relevant data from service level agreements, to interpret compliance regulations, and to compare different contractual terms. Finally, some recommendations are presented for cloud consumers to adopt services and evaluate security risks.
Development of Ontology Based Framework for Information Security Standardss
2013
E-Business Management and associated risk mitigation of organizational resources have become a major challenge for the organizations in light of increasingly global and integrated digital economies. Our research focuses on information security in e-Business management. We consider, in particular, the domain of banking. The banking sector, being highly regulated, poses plethora of challenges in terms of compliance of organizational practices with regulatory standards such as Basel III, CobiT 4.1 and ISO17799. An automated compliance auditing solution to the existing manual auditing is highly desirable from management’s standpoint due to considerable savings in cost and time. In this paper, we envisage a new paradigm where ontology based information model is used in an automated compliance auditing application. It performs compliance checking to verify if actual banking practices are following information security standards and whether discrepancies between security standards and actu...
Security Ontology Structure for Formalization of Security Document Knowledge
Electronics
Cybersecurity solutions are highly based on data analysis. Currently, it is not enough to make an automated decision; it also has to be explainable. The decision-making logic traceability should be provided in addition to justification by referencing different data sources and evidence. However, the existing security ontologies, used for the implementation of expert systems and serving as a knowledge base, lack interconnectivity between different data sources and computer-readable linking to the data source. Therefore, this paper aims to increase the possibilities of ontology-based cyber intelligence solutions, by presenting a security ontology structure for data storage to the ontology from different text-based data sources, supporting the knowledge traceability and relationship estimation between different security documents. The proposed ontology structure is tested by storing data of three text-based data sources, and its application possibilities are provided. The study shows t...
Ontology in information security
Proceedings of the 2001 workshop on New security paradigms - NSPW '01, 2001
The paper introduces and advocates an ontological semantic approach to information security. Both the approach and its resources, the ontology and lexicons, are borrowed from the field of natural language processing and adjusted to the needs of the new domain. The approach pursues the ultimate dual goals of inclusion of natural language data sources as an integral part of the overall data sources in information security applications, and formal specification of the information security community know-how for the support of routine and time-efficient measures to prevent and counteract computer attacks. As the first order of the day, the approach is seen by the information security community as a powerful means to organize and unify the terminology and nomenclature of the field.
Ontology in information security: A useful theoretical foundation and methodological tool
… on New security …, 2001
The paper introduces and advocates an ontological semantic approach to information security. Both the approach and its resources, the ontology and lexicons, are borrowed from the field of natural language processing and adjusted to the needs of the new domain. The approach pursues the ultimate dual goals of inclusion of natural language data sources as an integral part of the overall data sources in information security applications, and formal specification of the information security community know-how for the support of routine and time-efficient measures to prevent and counteract computer attacks. As the first order of the day, the approach is seen by the information security community as a powerful means to organize and unify the terminology and nomenclature of the field.
An ontology based approach to information security
Metadata and Semantic Research, 2009
The semantically structure of knowledge, based on ontology approaches have been increasingly adopted by several expertise from diverse domains. Recently ontologies have been moved from the philosophical and metaphysics disciplines to be used in the construction of models to describe a specific theory of a domain. The development and the use of ontologies promote the creation of a unique standard to represent concepts within a specific knowledge domain. In the scope of information security systems the use of an ontology to formalize and represent the concepts of security information challenge the mechanisms and techniques currently used. This paper intends to present a conceptual implementation model of an ontology defined in the security domain. The model presented contains the semantic concepts based on the information security standard ISO/IEC_JTC1, and their relationships to other concepts, defined in a subset of the information security domain.
A Semantic Study on Emerging Risk and Security Management in Cloud Computing
International Journal for Research in Applied Science & Engineering Technology (IJRASET), 2022
Cloud computing is a flexible, cost-effective, and proven delivery platform for providing business or consumer IT services over the Internet. However, cloud Computing presents an added level of risk because essential services are often outsourced to a third party, which makes it harder to maintain data security and privacy, support data and service availability, and demonstrate compliance. One of the most significant problems that has hampered the expansion of cloud computing is security. It complicates data privacy, and data protection continues to have an impact on the market. Users must be aware of the dangers of data breaches in the cloud. This study focuses on cloud computing security concerns.
The design, instantiation, and usage of information security measuring ontology
Measuring security is a complex task and requires a great deal of knowledge. Managing this knowledge and presenting it in a universal way is challenging. This paper describes the Information Security Measuring Ontology (ISMO) for measuring information security. The ontology combines existing measuring and security ontologies and instantiates it through example measures. The ontology provides a solid way to present security measures for software designers and adaptable applications. The software designer can utilise the ontology to provide an application with security measuring capability. Moreover, the adaptable application searches for measures from the ontology, in order to measure a security level in the current run-time situation. The case example illustrates the design and run-time usage of the ontology. The experiment proved that the ontology facilitates the software designer's work, when implementing security measures for applications that are able to retrieve measures from the ontology at run-time.
SIMOnt: A Security Information Management Ontology Framework
Communications in Computer and Information Science, 2011
In this paper, we have proposed the design of a Security Information Management Ontology (SIMOnto) framework, which utilizes natural language processing and statistical analysis to mine an exhaustive list of concepts and their relationships in an automatic way. Concepts are extracted using TF-IDF and LSA techniques whereas, relations between them are mined using semantic and co-occurrence based analyses. The mined concepts and relations are presented to domain experts for validation before creation of ontology using Protégé.